Wednesday, October 31, 2012


IT Security: Threats and vulnerabilities

The risks associated with information security can be classified into two categories, threats and vulnerabilities. Threats refer to the actions of people and nature that endanger an organization’s information assets and infrastructure. Vulnerabilities are the weaknesses in the assets and infrastructure that are at risk of unintended and unwanted events. Rather than being unrelated, threats and vulnerabilities are two sides of the same coin, threats are the potential actions that will follow the path of least resistance to the greatest vulnerabilities.

THREATS


A security threat is the wilful intention on someone’s part to inflict injury or damage to an individual’s or organization’s networks, computers, software or data. Threats come from people in the organization itself: employees, contractors and visitors. People outside the organization also threaten it. The types of injury or damage that could occur are practically limitless. A few examples include:

Ø  Sabotage of computer hardware or software
Ø  Theft and subsequent disclosure of proprietary or personally sensitive information
Ø  Attacks on information infrastructure to render it unavailable for legitimate uses
Ø  Development and release of a virus or worm intended to cause widespread damage.

VULNERABILITIES


Vulnerability is any weakness in computer or network hardware or software that makes it open to attack or damage. Vulnerability can be the result of an imperfection in design, implementation or configuration. While vulnerability is generally thought of as an oversight, the existence of vulnerability can be the result of a deliberate act. Some examples of vulnerabilities include:

Ø  A flaw in a software program that permits an intruder to cause the program to malfunction, generally with the intention of breaking into the system running the program
Ø  An operating system misconfigurations that permits an ordinary user to switch to privileged mode, which gives the user full administrative control over the system
Ø  A flaw in a business process that permits an employee to log in using a new employee’s account by entering a well-known default/initial password
Ø  A recently installed system with default administrative passwords, permitting anyone with knowledge of the password to gain full access to the system
Ø  Servers in the enterprise that individuals set up on their own that lack anti-virus protection and security patches.

3 comments:

  1. Thanks for sharing. Learn a lot from your Blog.I have read your blog about it-security-matter It is very help full.I really enjoyed reading it, you may be a great author.I must say you've done a wonderful job by sharing your article with us.Penetration Testing UK

    ReplyDelete