It refers to a newly discovered incident that has the potential to harm a system or organization overall.

3 Main Types of Threats

Natural Threats

Employee mistakenly accessing the wrong information.

Intentional Threats

Why are worms and viruses categorized as threats? because they can also cause a ____________________

In what way worms and viruses could harm organizations?

When was WannaCry Ransomware began bombarding computers and networks?

The biggest attack of its kind in 2017.

Cyber criminals are constantly coming up with creative new ways to compromise your data, as seen in....

These threats may be uncontrollable and often difficult or impossible to identify in advance.

Certain measures, help you assess threats regularly

This determines the best approaches to protecting a system against a specific threat, along with assessing different types of threats.

Conduct penetration testing by modelling real-world threats in order to discover vulnerabilities.

refers to a known weakness of an asset (resource) that can be exploited by one or more attackers. In other words, it is a known issue that allows an attack to succeed.

When a team member resigns and you forget to disable their access to external accounts, change logins, or remove their names from company credit cards, this leaves your business open to

Most vulnerability is exploited by what?

Testing for vulnerabilities is critical to ensuring the continued security of your systems. By identifying weak points, you can develop a strategy for?

The first step in managing your risk

Questions to ask in determining your security vulnerabilities. Write on paper

defined as the potential for loss or damage when at threat exploits vulnerability

Examples of risk

How would you reduce your potential for risk?

5 key aspects to consider when developing your risk management strategy

When it comes to designing and implementing a risk assessment framework, it is critical to prioritize the most important breaches that need to be addressed. Although frequency may differ in each organization, this level of assessment must be done on a regular, recurring basis.

Stakeholders include the business owners as well as employees, customers, and even vendors. All of these players have the potential to negatively impact the organization (potential threats) but at the same time they can be assets in helping to mitigate risk.

responsible for risk management and determine the appropriate funding level for this activity.

ensure that the appropriate end users are informed of any and all changes.

The sources of risk are ever-changing, which means your team must be prepared to make any necessary adjustments to the framework. This can also involve incorporating new monitoring tools and techniques.

a possible danger that might exploit a vulnerability to breach security and cause possible harm.

A threat can be either what?

Examples of intentional threats other than hacking

Examples of unintentional threats other than computer malfunction and natural disasters

5 other definitions of threats according to different organizations. Write on paper

Threat Classifications according to the Open Group

Physical Damages

Natural Events

Loss of Essential Services

Compromise of Information

Technical Failures

Compromise of Functions

a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage

A deliberately modifying, destroying, manipulating, editing of data through unauthorized channels.

It happens when an application or system does not adopt controls to properly track and log users' actions, thus permitting malicious manipulation or forging the identification of new actions.

A cyber attack in which the perpetrator seek to make a machine or network resources unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet.

Is an act of exploiting a bug, design flaws or configuration oversight in an operating system or software application to gain elevated access to resources from an application or users. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Hardware Level: INTERRUPTION

Hardware Level: INTERCEPTION

Hardware Level: FABRICATION

Software Level: INTERRUPTION

Data Level: INTERRUPTION

Although such attacks might be intentional, most are not; this abuse might be considered what?

accidental acts not intended to do serious damage to the hardware involved

A more serious attack, usually involves someone who actually wishes to harm the computer hardware or software.

Voluntary Machine Slaughter is also called what?

The list of the kinds of human attacks perpetrated on computers is almost endless

In particular, deliberate attacks on equipment, intending to limit availability, usually involve what?

Sometimes the security of hardware components can be enhanced greatly by simple physical measures such as ______ and _____?

Software Insurance reported how many stolen laptops in 2003?

Furthermore, it is possible to change a program so that it does all it did before, and then some.

A malicious intruder can ______ the software to enable it to perform functions you may not find desirable.

In this case, it may be very hard to detect that the software has been changed, let alone to determine the extent of the change.

Because of software's high value to a commercial computing center, access to software is usually carefully controlled through a process called...

It is done so that software cannot be deleted, destroyed, or replaced accidentally.

When used, an old version or release can be replaced with a newer version only when it has been thoroughly tested to verify that the improvements work correctly without degrading the functionality and performance of other functions and services.

Software is easy to ______ and vulnerable to ______.

Why is that software is vulnerable to modifications?

Changing a bit or two can convert a working program into a failing one.

An example of this is when a disgruntled employee may modify a crucial program so that it accesses the system date and halts abruptly after July 1. The employee might quit on May I and plan to be at a new job miles away by July.

An example of this is a program that ostensibly structures a listing of files belonging to a user may also modify the protection of all those files to permit access by another user.

3 other categories of software modification

It is a program that overtly does one thing while covertly doing another.

It is a specific type of Trojan horse that can be used to spread its "infection" from one computer to another

It's a program that has a secret entry point information leaks in a program: code that makes information accessible to unauthorized people or programs

This attack includes unauthorized copying of software.

It is usually the concern of a relatively small staff of computing center professionals.

It is a larger problem, extending to all programmers and analysts who create or modify programs.

Computer programs are written in a dialect intelligible primarily to computer professionals~ so a "leaked" source listing of a program might very well be meaningless to the general public.

It is a more widespread and serious problem than either a software or hardware attack. Thus, data items have greater public value than hardware and software because more people know how to use or interpret data.

What is the 2nd principle of computer security?

Computer items must be protected only until they loose their value. They must be protected to a degree consistent with their value.

Confidentiality prevents what?

Integrity prevents what?

Availability prevents what?

In data confidentiality, data can be gathered by many means...

Because data are often available in a form people can read, the confidentiality of data is a major concern in computer security.

Stealing, buying, finding, or hearing data requires no computer sophistication, whereas modifying or fabricating new data requires some understanding of the technology by which the data are transmitted or stored, as well as the format in which the data are maintained.

The crook shaves a little from many accounts and puts these shavings together to form a valuable result.

Data are especially vulnerable to modification. Small and skillfully done modifications may not be detected in ordinary ways. For instance, we saw in our truncated interest example that a criminal can perform what is known as....

A more complicated process is trying to reprocess used data items. With the proliferation of telecommunications among banks, a fabricator might intercept a message ordering one bank to credit a given amount to a certain person's account.

occurs when someone uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits.

What are some 5 examples of what identity thieves might do with your sensitive personal information? Write on paper

There were ____ reported data breaches in ____, according to the _______________________________________________. That represents a __% increase over 2018.

Some of the biggest breaches in U.S. history occurred when?

How does identity theft happen?

What happens to my information after identity theft?

7 Possible Signs of Identity Theft. Write on paper

10 ways on how to help protect yourself against identity theft. Write your answers.

4 Types of Identity Theft plus 1

It's when a criminal misrepresents himself as another person during arrest to try to avoid a summons, prevent the discovery of a warrant issued in his real name or avoid an arrest or conviction record