IT Security and Risks: Confidentiality, Integrity, Availability and Threats, Study notes of Securities Regulation

Download IT Security and Risks: Confidentiality, Integrity, Availability and Threats and more Study notes Securities Regulation in PDF only on Docsity!

Overview of Security

• IT Security – CIA Triad

Confidentiality

Integrity

Availability

CIA Triad

Confidentiality Integrity Availability Secure

Risks

• Types Of Risk

• Legal Risks

• (^) Fines, liability lawsuits, criminal prosecution

• Financial Risks

• (^) Numerous costs involved including losing customer's trust, legal

fees, fines

• Reputational Risks

• (^) Loss of trust

• Operational Risks

• (^) Failed internal processes – insider trading, unethical practices, etc.

• Strategic Risks

• Financial institutions future, mergers, etc.

CIA Triad

CIA Triad

CIA Triad - Balance

Threats to Confidentiality

• (^) Access to confidential information by any unauthorized person
• (^) Intercepted data transfers
• (^) Physical loss of data
• (^) Privileged access of confidential information by employees
• (^) Social engineered methods to gain confidential information
• (^) Unauthorized access to physical records
• (^) Transfer of confidential information to unauthorized third parties
• (^) Compromised machine where attacker is able to access data thought to be secure Kevin Mitnick

Malware / Phising /

Spamming

• Malware A malware attack is a piece of malicious software which takes over a person’s computer in order to spread the bug onto other people’s devices and profiles. It can also infect a computer and turn it into a botnet, which means the cyber criminal can control the computer and use it to send malware to others.
• Phishing Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email and online bank accounts. Seventy per cent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good.
• (^) Spamming Spamming is when a cyber criminal sends emails designed to make a victim spend money on counterfeit or fake goods. Botnets, such as Rustock, send the majority of spam messages, often advertising pharmaceutical products or security software, which people believe they need to solve a security issues which doesn’t actually exist.

Virus

What is a virus?

A computer virus is a program written to alter the way a computer

operates, without the permission or knowledge of the user. A virus

must meet two criteria:

1) It must execute itself. It will often place its own code in the path of

execution of another program.

2) It must replicate itself. For example, it may replace other

executable files with a copy of the virus infected file.

Some viruses are programmed to damage programs, or to simply

delete files. Others are not designed to do any damage, but simply to

replicate themselves and make their presence known by presenting

text, video, and audio messages. Even these benign viruses can

create problems for the computer user. They typically take up

computer memory used by legitimate programs. As a result, they

often cause erratic behavior and can result in system crashes.

TCP 3-Way Handshake

EVENT DIAGRAM

Host A sends a TCP SYN chronize packet to Host B

Host B receives A's SYN

Host B sends a SYN chronize-ACKnowledgement

Host A receives B's SYN-ACK

Host A sends ACK nowledge

Host B receives ACK

TCP socket connection is ESTABLISHED

TCP Three Way Handshake

(SYN,SYN-ACK,ACK)

DDoS - UDP Flooding

DDoS- HTTP Flood