Importance of Security

Today, almost every company is becoming completely networked, exchanging information almost instantly. Even the most routine tasks rely on computers for storing and accessing information. A company’s intellectual assets not only differentiate it from its competition, but can also mean the difference between profit and loss. Consequently, it is of the utmost importance to secure these assets from outside threats. The scope of information security is vast, and the objective of this course is to give participants a comprehensive body of knowledge to help them secure information assets under their care.

This course assumes that top-level management understands the need for security, and has implemented some sort of security policy. A security policy is the specification for how objects in a security domain are allowed to interact. In this introduction, the need to address the latest security concerns will be discussed. The importance of securing ICT (Information and Communication Technologies) infrastructures cannot be understated.

As computers have evolved, so too has their purpose. Initially, computers were designed to facilitate research without much emphasis on security; resources were meant to be shared among the many users of the few com-
puters available. Now, with the permeation of computers into the workplace and home, there is an increased dependency on computers. Any disruption in their operation or integrity can mean the loss of time, the loss of money, and sometimes even the loss of life.

Importance Of Security

Threats and Vulnerabilities

This triggers discussion on the term vulnerability. In this context, vulnerability can be defined as:

  1. A security weakness in a target of evaluation (e.g., due to failures in analysis, design, implementation , or operation)
  2. Weakness in an information system or components (e.g., system security procedures, hardware design, or internal controls) that could be exploited to produce an information-related misfortune
  3. The presence of a weakness, design error, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system, network, application, or protocol involved

It is important to note the difference between threat and vulnerability. A vulnerability is a weakness in a defined asset that could be taken advantage of or exploited by some threat. A threat is an action or event that might compromise security.

As a simple example, paper is vulnerable to being burned or destroyed by fire. The fact that something might catch on fire and burn those paper documents is a possible threat to document preservation. Installing a fire suppressant system would mitigate the risk of that threat exploiting the paper’s vulnerability. Most systems have vulnerabilities of some sort; however, this does not mean that the systems are too flawed to be used. Many vulnerabilities are not serious enough to warrant protection. For example, a building is vulnerable to being crushed by meteors, but the threat of a meteor shower is so minimal that it is not worth considering.

Every vulnerability does not lead to an attack, and all attacks do not result in success. The factors that result in the success of an attack include the degree of vulnerability, the strength of the attack, and the extent to which countermeasures are adopted. If the attacks required to exploit a vulnerability are extremely difficult to carry out, the vulnerability may be tolerable.

An intruder is more likely to be interested in a vulnerability that leads to greater damage. If an attack would require an acceptable amount of effort and if the vulnerable system is utilized by a wide range of users, then it
is likely that there will be enough perceived benefit for a perpetrator to attempt an attack.

Importance Of Security

Attacks

The information resource or asset that is being protected from attacks is usually referred to as the target of evaluation. This can be defined as an IT system, product, or component that is identified as requiring a security
evaluation. An attack is a deliberate assault on that system’s security. Attacks can be broadly classified as active and passive.

  • Active attacks modify the target system. For example, DoS (denial of service) attacks target resources available on a network. Active attacks can affect the availability, integrity, confidentiality, and authenticity of the system.
  • Passive attacks violate the confidentiality of a system’s data without affecting the state of that system, such as by electronic eavesdropping (collecting confidential data sent in unencrypted form). The keyword here is confidentiality.

The difference between these categories is that while an active attack attempts to alter system resources or affect their operation, a passive attack attempts to learn or make use of information from the system but does
not affect system resources.

Attacks can also be categorized as inside or outside attacks.

  • An inside attack is initiated from within a network by an authorized user. This may be from someone with malicious intent, however that cannot be assumed; an accident may also lead to unintentional damage to network resources.
  • An outside attack is caused by an external intruder who does not have authorization to access the network.

Importance Of Security

Security Breaches

An attacker gains access to a system through exploiting a vulnerability in that system. An exploit is a specific way to breach the security of an IT system through a vulnerability.

What comprises a breach of security, or an exposure, can vary from one company to another, or even from one department to another. It is imperative for organizations to address both penetration and protection issues. The scope of this course is limited to the penetration aspect—ethical hacking. When vulnerability is exploited, it constitutes an exposure. However, not every exposure is the result of a vulnerability. Examples of exposures
not caused by vulnerabilities include port scanning, and whois, all of which will be discussed later.

Importance Of Security

Also Read This :- Hack Instagram

Exposure

Exposure is loss due to an exploit. Examples of loss include disclosure, deception, disruption, and usurpation.

A vulnerability is the primary entry point an attacker can use to gain access to a system or to its data. Once the system is exposed, an attacker can collect confidential information with relative ease, and usually erase his
or her tracks afterwards. Certain security issues that are taken for granted can lead to confidential information being compromised. A vulnerability may allow an attacker to execute a command as another user, access data
contrary to access control lists (ACLs), pose as someone else, or even conduct denial-of-service attacks.

I hope you get useful information there if you think anything to improve in this article you can comment below or if you need any help we will help you soon. If you are interested to learn hacking you can check here.

Importance Of Security

Related posts

Leave a Comment