Threats and Countermeasures

Plenty of threats, if carried out, could cause damage to the organization. We discuss some of these threats in the following sections.

Errors and Omissions

Errors and Omissions (E&O) is an insurance term that describes strategic and tactical errors that an organization can face, whether by commission (performing an action) or omission (failure to perform an action). In addition to general liability coverage, insurance companies also sell Errors and Omissions insurance. Errors and Omissions liability is also known as professional liability.

An example of Errors and Omissions is an error that prevents a company from delivering goods or services per the terms of a contract.

Organizations can prevent some Errors and Omissions through product reviews and quality control processes. For example, an accounting firm can implement systems that help to prevent calculation errors, and a medical transcription organization may implement access control systems to prevent the accidental disclosure of information.

Fraud

Fraud is defined as any deceptive or misrepresented activity that results in illicit personal gain. Workers who have detailed knowledge of business processes and/or insider access to information are in a particularly good position to defraud their employers.

Some examples of fraud include

check.png Writing bad checks

check.png Lying about personal information in order to receive a product or service for which the person isn’t entitled

You can best counter fraud by using controls and processes to ensure that people aren’t misrepresenting themselves or the information that they assert. Generally, you use controls that attempt to confirm information.

Other countermeasures may include establishing a fraud detection capability to ensure that employees and customers aren’t trying to cheat the organization out of goods, services, or cash. A fraud detection system analyzes transactions and provides a list of possibly fraudulent transactions that security and systems professionals within the organization can review.

Organizations also need to examine their business processes and the roles and responsibilities of key personnel executing those processes. Among other things, business processes should make defrauding the organization through collusion difficult — meaning that employees can’t easily work together for their illicit personal gain. See our discussion in the sections “Separation of duties and responsibilities” and “Job rotation,” both earlier in this chapter.

Hackers and crackers

Hackers are (by their own account, anyway) computer enthusiasts who enjoy discovering the intricacies of computers and programming languages, and they can often be considered experts. The term hacker has been associated more with individuals who break into computer systems and networks in order to cause disruption or steal information. Hackers insist that those malicious individuals are known as crackers. Whatever you call them, you need to prevent them from accessing your systems and data for malicious or unauthorized purposes.

cross-reference.eps As long as the world is filled with hackers (and crackers), malicious code and viruses will remain important security risks that you must guard against. Viruses, worms, and Trojan horses are all examples of malicious code. We cover these topics in detail in Chapter 7.

Industrial espionage

Industrial espionage is the act of obtaining proprietary or confidential information in order to pass it to a competitor. Espionage is difficult to prevent, but you can deter such activity with visible audit trails and access controls.

Loss of physical and infrastructure support

Loss of physical and infrastructure support is a broad category that represents the kinds of actions that result in a data processing operation losing its physical facilities and/or supporting infrastructure. These actions include, but aren’t limited to, interruptions in public utilities or events that result in the closure or evacuation of a building. We discuss this topic in depth in Chapter 11.

Malware

Malware is malicious code or software that typically damages or disables, takes control of, or steals information from a computer system. Malware broadly includes

check.png adware: Pop-up advertising programs that are commonly installed with freeware or shareware.

check.png backdoors: Malicious code that enables an attacker to bypass normal authentication to gain access to a compromised system.

check.png bootkits: A kernel-mode variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption.

check.png logic bombs: Malicious code that is activated when a specified condition is met, such as a particular date or event.

check.png rootkits: Malicious code that provides privileged (root-level) access to a computer.

check.png spyware: Malicious software that collects information without the user’s knowledge, and/or interferes with the operation of a computer (such as redirecting a web browser or installing additional malware).

check.png Trojan horses: Malicious software that masquerades as a legitimate program.

check.png viruses: Malicious code that requires a user to perform a specific action to become active, such as clicking an executable (.exe) attachment or a malicious website link.

check.png worms: Malicious code that is spread rapidly across networks without any user interaction required to activate the worm. Worms typically exploit known vulnerabilities and flaws that have not been patched.

Bots, botnets, and APTs: Not so groovy, baby!

No, we’re not talking about fembots here, and APT doesn’t stand for Austin Powers Trilogy! Bots, botnets, and advanced persistent threats (APTs) are sophisticated threat infrastructures that use malware to attack computers and networks.

A bot is an individual machine (such as a desktop or laptop computer, smartphone, or tablet) that has been infected with malware and is under the control of an attacker (known as a bot-herder). Botnets are networks that consist of thousands, hundreds of thousands, and even millions of bots worldwide. Botnets typically have many command-and-control servers distributed all over the Internet, which gives the botnet a resilient, distributed infrastructure. Individual bots can be updated or their functionality can be completely changed by the command-and-control servers. Botnets are sometimes classified as spamming botnets, DDoS botnets, or financial botnets, among others.

APTs are targeted intrusions, usually perpetrated by a group with significant resources (such as organized crime or a rogue nation-state), that use sophisticated botnets to attack a specific target, such as an enterprise or government network.

Sabotage

Sabotage is the deliberate destruction of property, which could include physical or information assets. This is best deterred and detected with highly visible audit trails, and it is best prevented with strict physical and logical access controls.

Theft

Theft involves taking property from its owner without the owner’s consent. A wide variety of controls can deter and prevent theft, including locks, alarm systems, cameras, audit trails (in the case of information theft), and identifying marks on equipment.

Unlike the theft of physical assets, such as computers, you can find detecting data theft very difficult. When someone steals data, that data is right where you left it; the thief has simply made an unauthorized copy of the data and moved it to a secret location.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.31.22