Post your thoughtful analysis about one key point you took from this assigned reading. (This first week you are not required to post: One question to ask your fellow classmates to facilitate discussion, nor are required to post In The News nor comment on other students’ postings.)
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
My thoughtful analysis about one key point you took from this assigned reading was in one of the first paragraphs in the book that stated that, “If companies are to be able to defend themselves, they need an understanding of the threat environment—that is, the types of attackers and attacks companies face. “Understanding the threat environment” is a fancy way of saying “Know your enemy.” If you do not know how you may be attacked, you cannot plan to defend yourself.”
More so, I was able to read about and understand the different types of threats and attacks companies face and how they are executed by hackers (Reconnaissance).
Overall, this chapter gave me a picture on both sides of the spectrum (the hunter and the hunted)
This chapter discusses threat environment that corporates face. The key point that I took from this book chapter is the importance of understanding all the potential threats and need for the defenses against them. Organizations need to know all potential threat agencies (both inside and outside), attacker motivations, and attack methods to protect themselves.
Also, this chapter handles the basic terminologies related to cyber security, widely known cyber-attack methods, anatomy of an attack, and necessity to take cyber countermeasures. Shortly, it constitutes as an introductory to cyber area to demonstrate the existence of cyber threats and essentials of develop countermeasures and cyber awareness.
The key point in this chapter is the array of cyber threats, corporations are facing because of their dependence on information technology (IT) for key business processes. Corporations and conglomerates nowadays are not just exposed to sophisticated technical computer systems attacks. In fact, they are more vulnerable to attacks from their own internal sources, which can be either malicious and intentional or simple carelessness of employees. Also, another important point for me was the threat posed by employees and ex- employees to any organization. Not only are organizations susceptible to losing trade secrets and intellectual property through employees but even possible cases of extortion have been noted. Another important talking point was the threat posed due to increase in cyber war and cyber terrorism which could cause damage to entire nations by targeting specific industrial control systems.
Overall, this chapter provided a brief overview of all the threats corporations are susceptible to and thus implied the importance of sturdy information security policies as well as related “procedures, hardened application and secure hardware”.
This chapter deals with the threat environment and understanding the different types of risks that may exist both inside and outside of a business. What I found interesting is how employees and ex-employees are one of the biggest threats and may play a major role in security incidents. These incidents could be either intentional or done accidentally through the use of social engineering attacks created by outside sources. We have mentioned before in previous courses how people are the most important part of a business, however we can see that personnel are one of the biggest risks to a business as well.
One key point that I learnt from the chapter 1 is that the threat environment is the one of most important concerns for every organization because it changes and grows fast. Also, it very harmful which could cause lots of damage in various aspects such as image, reputation, financial, and systems. Well understanding of the threat environment and identify IT vulnerabilities to achieve security goals which are confidentiality, integrity, and availability are important. The chapter illustrates several types of attacks and give real world examples of serious cyber-crimes. Additionally, employees and ex-employees could be crucial threats which easily exploits organizations system.
The Threat Environment describes The need for companies to analyze their business Environment and understand The types of enemies they face.The first chapter describes some types of crimes, which correspond to different types of attacks.For example, former employees use their knowledge of the company to hack and steal data.In order to retaliate against female colleagues, some use emails and privileges to destroy company data and frame female colleagues.The company should identify the motive of the enemy’s crime so as to effectively prevent the occurrence of such incidents.This is why companies need to understand their Threat Environment.
Chapter 1 of … Often reiterated in all of the security classes, the human element was the second point in the entire chapter. The threat that employee and ex-employees brings is one that you can not — no matter how hard an organization tries — control. The section looks at why they are dangerous, which includes: knowledge of systems, credentials, avoid detection, and (the ULTIMATE soft spot in an organization) the trust between employees.
The trust factor leads to employee sabotage, hacking, financial theft, extortion, and computer and internet abuse. Of these, sabotage is the most concerning to me. Sabotage is so open ended and is very reliant on the employee intent and anger towards the company. I will stay with the belief that keeping employees happy and regulating their controls is extremely important in keeping an organization secured.
As I was reading through the first chapter of “Corporate Computer Security”, which served to identify and examine many of the potential threats organizations face and attempt to safeguard against, I found myself taking an interest in the topic of black markets and market specialization. It was fascinating to learn about how many cyber criminals, particularly those traditional criminals, cooperate among each other through the use of black markets to help clean and redistribute illegally obtained sensitive information, with each contributing member in these shady processes managing to turn a profit. The example used by Boyle and Panko to demonstrate this is how fences acquire stolen product from thieves at significantly reduced prices, to then redistribute these products on a seemingly legitimate outlet at a marked up price.
One key point to remember in this chapter is that viruses, worms, and blended threats are not the only types of malware, but they are the only types of malware that can forward themselves to other victims. Also, the writer explained that one can get nonmobile malware if a hacker place it there, a virus or worm place it there as part of its payload, by portraying a malware as a useful program or data file and enticing the victim to download the malware from a website or FTP site and by attaching hostile mobile code to a webpage and executing it on a victim’s computer when the victim downloads the webpage.
The key takeaway for me is that people usually only focus on external threats like ddos attacks. But threats might also come from inside. Employees who are supposed to protect company’s infrastructure can also hack the company’s computers using stolen credentials and flaws. And also if they are using internal IP, some systems might not be able to raise the red flag and notice the security department or some higher authority. Sometimes hacking might even come from the security department as they are some of the most capable employees in the company to hack because of their understanding of company’s system and their knowledge of hacking itself.