Group1_Project2_FVEY Indicator Sharing Report.docx -...

This preview shows page 1 - 5 out of 13 pages.

Running head: FVEY INDICATOR SHARING REPORT 1 FVEY Indicator Sharing Report Desmond Tutu Gbeddy University of Maryland University College 07/25/2018
FVEY INDICATOR SHARING REPORT 2 The two main types of threats we will discuss are insider and external threats. An insider threat is a threat that originates from within the organization (usually an employee). Insider threats also include employees that used to work for the company, as they may still have access to certain aspects of the network or organization. Any current or previous employee, contractor, business associate, or someone with information about the organization, access to the organizations data networks, and our security practices can be considered an insider threat (UMUC Education, n.d.). Controlling insider threats is not an easy task, as employees need certain information to do their jobs, so there must be a balance between the employees needs and the organizations network security. External threats may include hackers that use viruses, phishing and various other methods to cause damage to an organizations network infrastructure. One form of virus that is common is in the form of infected e-mails or files that contain worms and Trojan horses. The effects of the viruses on the network can leave back doors in the network that allow for more damage to be caused and more of the network to be exposed. Some e-mails may also contain denial of service (DOS) attacks that overload the network and can slow down the organizations day-to-day operations down drastically. Phishing e-mails are also used to gain Personally Identifiable Information (PII) or information stored on the organizations servers that could be used against the employee or the organization. Intentional and Unintentional Human Threats Threat Types Motivation For Threat Threat Action Hacker Challenge Ego Rebellion Hacking Social engineering System intrusion, break-ins Unauthorized system
FVEY INDICATOR SHARING REPORT 3 access Destruction of information Computer crime (e.g., cyber stalking) Computer Criminal Illegal information disclosure Monetary gain Fraudulent act (e.g., replay, impersonation, interception) Information bribery Unauthorized data alteration Spoofing System intrusion Terrorist Blackmail Destruction Exploitation Revenge Bomb/Terrorism Information warfare System attack (e.g., distributed denial of service) System penetration System tampering Industrial Espionage (companies, foreign governments, other government interests) Competitive advantage Economic espionage Economic exploitation Information theft Intrusion on personal privacy Social engineering System penetration Unauthorized system access (access to classified, proprietary, and/or technology-related
FVEY INDICATOR SHARING REPORT 4 information) Poorly Trained Employee Unintentional errors and omissions (e.g., data entry error, programming error) Incorrect information Computer abuse Input of falsified, corrupted data Malicious code (e.g., virus,

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture