Chapter 2 Threat Assessment

little control over, can't prevent.
implement safeguards to protect from them

Deliberate vs. Non-deliberate
Internal vs. External

Identify the threats
Likelihood of occurence estimation

Human error
Natural disasters
System failures (HW, SW, infrastructure)
Malicious acts & software

Error:most common threat
training: most cost-effective security program
least privileges user given only the minimum authorizations and time necessary to preform task. Limits extent of damage.

Disaster recovery: offsite storage of info. Backups critical. Alernate site.

Hardware failure is solvable: redundancy e.g. disk mirroring: copies of data on multiple disks
failover: group of systems monitor each other, take over function of failed system.

Software quality concerns:
complexity is largest factor of SW reliability
evolution, maintenance
testing for correctness, not for security (test the unexpected)
change management

Infrastructure: electricity, communications, AC, network. Service level agreement contracted level of availability.

Malicious attack: need, greed, revenge
external: get publicity. Random or specific
internal: more damaging.
who you are is prime contributor to being a target
PR and employee satisfaction are biggest steps to reduce being a target.

Malicious software (malware): creates or exploits a vulnerability
buffer overflow
logic bomb unauthorized program dormant until triggered
sniffer intercepts network traffic
spoof assume identity of another person or process
email spoof (forge sender address)
Mobile code:
trojan horse real program contains hidden program, becomes independant when real program runs once.
virus largest impact of any malware. Only executes when host program does.
worm transports itself across a network