Internal threats include employee actions such as data theft, accidental loss or unintentional disclosure of data. Computer network-based threats include passive threats like wiretapping and port scanning, where wiretapping involves intercepting conversations and port scanning determines open ports on a network.
Internal threats include employee actions such as data theft, accidental loss or unintentional disclosure of data. Computer network-based threats include passive threats like wiretapping and port scanning, where wiretapping involves intercepting conversations and port scanning determines open ports on a network.
Internal threats include employee actions such as data theft, accidental loss or unintentional disclosure of data. Computer network-based threats include passive threats like wiretapping and port scanning, where wiretapping involves intercepting conversations and port scanning determines open ports on a network.
Internal threats include employee actions such as data theft, accidental loss or unintentional disclosure of data. Computer network-based threats include passive threats like wiretapping and port scanning, where wiretapping involves intercepting conversations and port scanning determines open ports on a network.
internal-threats-occur/ o Employee action / link: https://www.tuc.org.uk/workplace-guidance/organising- and-bargaining/industrial-action o Data theft / link: https://www.okta.com/blog/2020/07/data-theft/ o Accidental loss / link: https://www.gocompare.com/homeinsurance/guide/accidental-damage-cover/ o Unintentional disclosure or damage to data / link: https://www.dataxchange.eu/blog/accidental-disclosure-of-data-proberbly-the- greatest-risk o Unsafe practices (BYOD) /link: https://dsdweb.co.uk/level-2-diploma-in-care/safeguarding-and-protection-in-care- settings/how-to-recognise-and-report-unsafe-practices/ o Example from real life /link:
external-threats-occur/ o Date theft /link: https://belkasoft.com/cyber-threats-internal-or-external o Destruction /link: https://www.restore.co.uk/Technology/Resources/News-and- Blog/what-is-it-destruction o Withholding and disruption of system /link: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7122347/ o Example from real life /link:
the-physical-threats-in-information-security#:~:text=Physical %20threat%20to%20a%20computer,fire%2C%20war%2C %20earthquakes%20etc o Theft of equipment or data /link: https://www.proofpoint.com/uk/threat- reference/data-theft o Malicious damage to equipment or data /link: https://www.thepcdoctor.com.au/malicious-damage o Damage or destruction by fire, flood, terrorist action or another disaster /link: https://dpworkshop.org/dpm-eng/oldmedia/threats.html o Example from real life /link: Social engineering and software-driven treats /link: https://www.cisco.com/c/en_uk/products/security/what-is- social-engineering.html o Malware /link: https://www.kaspersky.com/resource-center/threats/malware- manipulation o Viruses, worms, Trojan horses, ransomware, spyware, adware, rootkits and backdoors /link: https://www.upguard.com/blog/types-of-malware
A2 Computer network- based treats:
Passive treats including: o Wiretapping /link: https://people.howstuffworks.com/wiretapping.htm o Port scanning /link: https://www.paloaltonetworks.com/cyberpedia/what-is-a-port- scan o Idle scanning /link: https://www.easytechjunkie.com/what-is-an-idle-scan.htm o Example: https://www.extrahop.com/resources/attacks/malicious-port-scanning/
Active treats including:
o Deniel of service attack /link: https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/ o Spoofing /link: https://www.investopedia.com/terms/s/spoofing.asp o Man in the middle /link: https://www.imperva.com/learn/application-security/man- in-the-middle-attack-mitm/ o Adress Resolution protocol /link: https://doubleoctopus.com/security-wiki/threats- and-tools/address-resolution-protocol-poisoning/ o Smurf attack /link: https://usa.kaspersky.com/resource-center/definitions/what-is-a- smurf-attack o Buffer overflow /link: https://www.imperva.com/learn/application-security/buffer- overflow/ o Heap overflow /link: https://cqr.company/web-vulnerabilities/heap/ o Format string attack /link: https://nordvpn.com/cybersecurity/glossary/format- string-attack/ o Structured Query Language /link: https://www.imperva.com/learn/application- security/sql-injection-sqli/ o Cloud computing security risks /link: https://www.checkpoint.com/cyber-hub/cloud- security/what-is-cloud-security/top-cloud-security-issues-threats-and-concerns/
A3 Information security: Principles of confidentiality, integrity and availability of information Unauthorised access or modification of information Principle of minimal access to information or lowest required access permission to be able to maximise protection Deliberate or accidental loss of information The need to protect intellectual property from theft or, malicious damage o Personal information o Bank account details o Employment details
A4 Legal requirements: Data Protection Act 1998 Computer Misuse Act 1990 Copyright, Designs and Patents Act 1988 Telecommunications (Lawful Business Practise) (Interception of Communications) Regulations 2000 Fraud Act 2006 Legal liability and contractual obligations
A5 Impact of security breaches:
Operational impact on an organisation of the loss of data or service Financial impact of loss of service, such as an e-commerce website Damage to reputation Legal consequences of data privacy breaches Forensics research requirement to identify data lost, stolen or copied
B1 Cryptographic principles: The principles and uses of encryption including o Digital Rights Management o Password storing and salts o Obfuscation and steganography o Secure transactions o Two-factor authentication o File, folder, disk encryption o Encryption of communication data Legal and ethical issues Computing and ethical issues
B2 Cryptography methods: Key cryptography methods: o Shift ciphers o One-time pads o Hash functions MD4, MD5, SHA-2, SHA-3 o Stream ciphers Cryptographic primitives: o Pseudo random functions o One-way functions Cryptographic salts and their use in storing password Encryption Algorithms o RSA o DES o 3DES Mathematical principles, integer factorisation, prediction of prime
Internal Threats Internal threats – is
Computer network-based threats
Passive treats Wiretapping – which involves intercepting the content of conversations by secretly taping someone's telephone line is subject to strict regulation at both the federal and state levels. This practice is commonly used by law enforcement agencies in criminal investigations. Wiretapping requires a court order, which can only be issued if there is substantial evidence (probable cause) to suggest that a person is currently involved in, has committed, or is about to commit a specific crime. In addition, there must be reasonable grounds to believe that the intercepted communications will provide relevant evidence relevant to the alleged crime. It Is important to note that wiretaps cannot be used if the conversation is protected by legal privilege, and wiretaps are necessary to minimize the interception of conversations unrelated to the ongoing investigation. You can protect yourself(computer) - Consider implementing a personal firewall and using VPN to increase a privacy of your computer. Port scanning - is a technique used to determine which ports on a network are available and capable of transmitting or receiving data. It also involves the process of sending packets to specific host ports and scrutinizing the responses to identify potential security weaknesses. Before starting the scanning process, you must first crate a list of active hosts and associate them with their corresponding IP addresses. This initial step, known as a host discovery, commences with a comprehensive network scan. The ultimate objective of port and network scanning is to gain insights into arrangement of IP addresses, hosts and ports, making it easier to identify open vulnerable sever locations and assess the security posture of the network. Furthermore, both network and port scanning have the capacity to unveil the presences of security measures such as firewalls. Once a through network scan has been compiled a port scan is performed to identify open ports on the network that could potentially allow unauthorized access. Example:
