Iram 2

2206 Words9 Pages
THREAT FRAMEWORK Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. Currently, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. The ISF’s Information Risk Analysis Methodology (IRAM) enables organizations to access business information risk and select…show more content…
If any of these threats materialize they create a security incident that can have a significant impact on the business. Category 1 – External attack 1. Carrying out denial of service attacks - Deliberately overloading systems and network devices or re-directing network traffic. 2. Hacking - Gaining unauthorized access to systems and networks. 3. Undertaking malicious probes or scans - Probes or scans of network devices and systems to gather information that could be used to undertake an attack. 4. Cracking passwords - Determining the plaintext version of an encrypted password. 5. Cracking keys - Determining the plaintext version of an encrypted key (example: WEP keys in wireless networks). 6. Defacing web sites - Unauthorized modification of web site content. 7. Spoofing web sites - The creation of a bogus web site that masquerades as a genuine web site to which users are directed. 8. Spoofing user identities - The unauthorized use of valid user identity information by a malicious external party to gain access to a system (typically as a result of 'identity theft'). 9. Modifying network traffic - Falsifying the source or destination address of network traffic or modifying the content of network traffic in transit. 10. Eavesdropping -The unauthorized interception of information in transit. 11. Distributing computer viruses (including worms) - Self-replicating programs
Open Document