To better understand the various ways in which the confidentiality, integrity, or availability of information assets can be threatened, consider first that threats to information systems can be subdivided into two major groups: (1) threats that originate from nature, and (2) threats that originate from human beings. With respect to the former, there are myriad natural threats which might prove injurious to information systems, including disasters such as floods, fires, earthquakes, mudslides, tornadoes, sinkholes, hurricanes, and so forth. With respect to the latter, it is important to consider the intention of the human being who poses the threat when classifying threats that originate from humans.
Among threats that originate from human beings, the intention of the human who poses the threat might be benign or it might be malicious. As examples of benign or non-malicious intent, consider situations in which harm is caused by accident or through a simple human error, such as when someone trips over a power cord or accidentally deletes an important file. These examples are illustrative of harm that is actualized through benign or non-malicious intent. When there is malicious intent -- that is, when a human being seeks to deliberately cause harm to an information system -- that malicious intent can be classified as either random or targeted. The difference between random and targeted malicious attacks depends simply upon whether the attacker is targeting a specific organization, individual, or entity. If a specific target is under intentional attack, then we can classify the attack as a directed, targeted malicious attack. If, however, an attacker engages in a malicious attack and does so without the intention of harming a specific organization, individual, or entity, then we can classify the attack as a random malicious attack.
By using this topology to understand and classify threats to information systems, organizations can design and prepare proper policies and defensive countermeasures to mitigate those threats.
0 comments :
Post a Comment