What I want to do here is something a little different and look at some of the more political consequences of these latest revelations. The first two of the five stages of grief:
Tweet It Introduction Before we get into detail about what the article is going to cover and help demystify steps need for assessing your current security posture, we would need to know a few basic terms and what they mean so when used in the context of this article, you have complete understanding of what it is they mean and are referring to.
An expression of an intention to inflict pain, injury, evil, or punishment as well as an indication of impending danger or harm. It's also considered a possible danger or menace. In simpler terms, a threat is anything that you feel would hurt your company's assets, especially those such as your data, or anything else contained on the computer network and its systems as well as the systems themselves.
Anything of value, a useful or valuable quality or thing; an advantage or resource. Again, in the IT realm, this would be considered data, the systems that the data is contained on or the infrastructure that connects such systems. Think of the costs associated with your infrastructure, the human resources needed to run them, and the data your company data that those systems contain.
Most top level executives today are starting to see that all three pieces of this IT paradigm make up the whole Why is it important for you to know such terms? Well, when we start to talk about the origins of threat which can be internally and externally, we would need to understand what a threat is, what the differences are between the different sub categories of threats, and what the threat is against, which is generally your assets.
Again, the point of this introduction is to really prime you to think using specific terminology like an IT Security Analyst, more importantly, define the terms you will hear me talk about throughout. If you do not know what a threat is in basic terms, or what an asset is to you, then the article may not make much sense.
That being said lets move on to the meat of the article The 3 part Information Technology Paradigm of Assets and Threats You should see by now that threats and assets go hand in hand. All three subcategories of IT assets also have very specific and unique threats associated with them.
Before we begin this section, I would like to make a disclaimer that what I am mentioning as the '3 part IT paradigm of assets and threats' is something that I created myself to help 'explain' the basic connection between what assets should be considered when considering what threats could be associated with them.
Also, it should help you formulate a connection between assets and threats more logically. The three parts can be seen in figure 1. If you had a simple network with a one subnet LAN with about 50 hosts with PCs1 database server, 1 file server, 1 print server, one Active Directory Domain Controller - DC server a layer three switch, a router and a firewall for an Internet connection and VPNas well as 2 administrators running the show, you need to consider what your assets are here.
Let's break that down in bullet format: Think of it like this: Your end users can cause you security problems like trying to hack the internal systems, deleting data, downloading malware Also, both your systems, client AND network infrastructure can be turned into weapons if exploited DoS attacks stemming from Trojans installed on clients, Smurf attacks launched off your routers, penetration attacks on your firewall and an intruder allowing private address blocks RFC to ingress into your LAN - these are just but a handful of what you could expect Your administrators could forgo change control and topple your network if not supervised properly and monitored, also they could cut corners and take big chances based on a lack of knowledge of what their managers may know if they are not IT savvy which is all too common are just a few of the threats associated with the IT human resources.
Also, a big threat that I also consider which many companies do not is the lack of dedicated IT resources in house, which could be a huge threat to a company.
All too many times the budget looks great to hack IT resources, but hey, you get what you pay for. You have one guy leave and your network suffers.
Another possible threat is not having a dedicated IT security resource onsite and making 'security' some poor dopes collateral duty.Lucélia Ribeiro How can you teach your children to use the internet safely? It's a question I've been thinking about a lot, as the father of five and seven year-old sons who are already adept.
10 security threats to watch out for in Along with the explosion of new technologies, user habits, and social practices comes the inevitable wave of new security threats. CALL FOR PAPERS.
The DEFCON 16 Call for Papers is now Closed! The DEFCON 16 speaking schedule is complete, with occasional minor adjustments.! So keep your eye on the Speaker Page and the Schedule Page for all the latest info as it happens. You can also subscribe to the DEFCON RSS Feed for up to the minute news.
What threats are you aware of when it comes to your personal systems and the systems at your job? Collapse All Print View»Show Options Responses Response Author Date/Time* This preview has intentionally blurred sections%(8).
Jan 26, · Here are 17 common threats, with fixes for each one. If you use a social network, a Web browser, a public computer, or a cell phone, beware: Your PC, your bank account, and your personal .
What threats are you aware of when it comes to your personal systems and the systems at your job? Collapse All Print View»Show Options Responses Response Author Date/Time* This preview has intentionally blurred sections%(8). Lucélia Ribeiro How can you teach your children to use the internet safely? It's a question I've been thinking about a lot, as the father of five and seven year-old sons who are already adept. “Internal attacks are one of the biggest threats facing your data and systems,” states Cortney Thompson, CTO of Green House Data. “Rogue employees, especially members of the IT team with.
CALL FOR PAPERS. The DEFCON 16 Call for Papers is now Closed! The DEFCON 16 speaking schedule is complete, with occasional minor adjustments.! So keep your eye on the Speaker Page and the Schedule Page for all the latest info as it happens.
You can also subscribe to the DEFCON RSS Feed for up to the minute news.