92%(12)11 out of 12 people found this document helpful
This preview shows page 1 - 5 out of 13 pages.
Running head: FVEY INDICATOR SHARING REPORT1FVEY Indicator Sharing ReportDesmond Tutu GbeddyUniversity of Maryland University College07/25/2018
FVEY INDICATOR SHARING REPORT2The two main types of threats we will discuss are insider and external threats. An insider threat is a threat that originates from within the organization (usually an employee). Insider threats also include employees that used to work for the company, as they may still have access to certain aspects of the network or organization. Any current or previous employee, contractor, business associate, or someone with information about the organization, access to the organizations data networks, and our security practices can be considered an insider threat (UMUC Education, n.d.). Controlling insider threats is not an easy task, as employees need certain information to do their jobs, so there must be a balance between the employees needs andthe organizations network security.External threats may include hackers that use viruses, phishing and various other methodsto cause damage to an organizations network infrastructure. One form of virus that is common isin the form of infected e-mails or files that contain worms and Trojan horses. The effects of the viruses on the network can leave back doors in the network that allow for more damage to be caused and more of the network to be exposed. Some e-mails may also contain denial of service (DOS) attacks that overload the network and can slow down the organizations day-to-day operations down drastically. Phishing e-mails are also used to gain Personally Identifiable Information (PII) or information stored on the organizations servers that could be used against the employee or the organization.Intentional and Unintentional Human ThreatsThreat TypesMotivation For ThreatThreat ActionHackerChallenge Ego RebellionHackingSocial engineeringSystem intrusion, break-insUnauthorized system
FVEY INDICATOR SHARING REPORT3accessDestruction of informationComputer crime (e.g., cyber stalking) Computer CriminalIllegal information disclosure Monetary gainFraudulent act (e.g., replay,impersonation, interception)Information briberyUnauthorized data alterationSpoofingSystem intrusionTerrorist Blackmail Destruction Exploitation RevengeBomb/TerrorismInformation warfareSystem attack (e.g., distributed denial of service)System penetrationSystem tamperingIndustrial Espionage (companies, foreign governments, other governmentinterests)Competitive advantage Economic espionageEconomic exploitationInformation theftIntrusion on personal privacySocial engineeringSystem penetrationUnauthorized system access (access to classified, proprietary, and/or technology-related
FVEY INDICATOR SHARING REPORT4information)Poorly Trained EmployeeUnintentional errors and omissions (e.g., data entry error, programming error)Incorrect informationComputer abuseInput of falsified, corrupteddataMalicious code (e.g., virus,