Information Technology Reference
In-Depth Information
by walking around an organization. Many security items can be found unsecured in of-
fices and cubicles. For example, it is not uncommon to find passwords written on notes or
badges and keys left on tops of desks or in unlocked drawers. The psychology method is
another way of gaining confidential information. For example, someone pretending to be
from the IT department calls a user and asks for her account information to maintain or
correct an account discrepancy.
In addition to these approaches, hackers can obtain account information by using pass-
word-cracking utilities or by capturing network traffic.
Security Risks
To p r o t e c t n e t w o r k r e s o u r c e s , p r o c e s s e s , a n d p r o c e d u r e s , t e c h n o l o g y n e e d s t o a d d r e s s
several security risks. Important network characteristics that can be at risk from security
threats include data confidentiality, data integrity, and system availability:
System availability
should ensure uninterrupted access to critical network and com-
puting resources to prevent business disruption and loss of productivity.
■
Data integrity
should ensure that only authorized users can change critical informa-
tion and guarantee the authenticity of data.
■
Data confidentiality
should ensure that only legitimate users can view sensitive in-
for mat ion to prevent theft, le g al liabilit ie s, and damage to the or g aniz at ion.
■
In addition, the use of redundant hardware and encryption can significantly reduce the
risks associated with system availability, data integrity, and data confidentiality.
Ta ble 1 2 - 4 summarizes security risks types with descriptions.
Ta b l e 1 2 - 4
Security Risks
Key
To p i c
Risk Description
Risk Type
Ensure only legitimate users can view sensitive information to prevent
theft, legal liabilities, and damage to the organization.
Confidentiality of
data
Ensure only authorized users can change critical information and
guarantee the authenticity of data.
Integrity of data
Allow uninterrupted access to critical network and computing
resources to prevent business disruption and loss of productivity.
System and data
availability
Ta r g e t s
Given the wide range of potential threats, just about everything in the network has be-
come vulnerable and is a potential target. Ordinary hosts top the list as the favorite target,
especially for worms and viruses. After a host has been compromised, it is frequently
used as a new attack point. (A collection of such hosts is referred to as a botnet.)
