Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • Access Control Chapter Explains Confidentiality Threats

    Cargado por

    Naveen Kumar
    49 vistas3 páginas
    The document discusses the purposes of information security management. It explains that security managers must ensure the confidentiality, integrity, and availability of information resources. Confidentiality involves protecting information so unauthorized individuals cannot access it. Several threats to confidentiality are discussed, including hackers, masqueraders, unauthorized user activity, unprotected downloaded files, local area networks, and Trojan horses. Protecting confidentiality is important for businesses protecting trade secrets and for maintaining privacy of personal information.

    Descripción original:

    Título original

    Handbook of Information Security Management_Access Control

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento
    The document discusses the purposes of information security management. It explains that security managers must ensure the confidentiality, integrity, and availability of information resources. Confidentiality involves protecting information so unauthorized individuals cannot access it. Several threats to confidentiality are discussed, including hackers, masqueraders, unauthorized user activity, unprotected downloaded files, local area networks, and Trojan horses. Protecting confidentiality is important for businesses protecting trade secrets and for maintaining privacy of personal information.

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    49 vistas3 páginas

    Access Control Chapter Explains Confidentiality Threats

    Cargado por

    Naveen Kumar
    The document discusses the purposes of information security management. It explains that security managers must ensure the confidentiality, integrity, and availability of information resources. Confidentiality involves protecting information so unauthorized individuals cannot access it. Several threats to confidentiality are discussed, including hackers, masqueraders, unauthorized user activity, unprotected downloaded files, local area networks, and Trojan horses. Protecting confidentiality is important for businesses protecting trade secrets and for maintaining privacy of personal information.

    Copyright:

    © All Rights Reserved
    Descargue como PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 3

    2/14/2016

    HandbookofInformationSecurityManagement:AccessControl

    Previous TableofContents Next

    Chapter112
    PurposesofInformationSecurityManagement
    HaroldF.Tipton
    Managingcomputerandnetworksecurityprogramshasbecomeanincreasinglydifficultandchallenging
    job.Dramaticadvancesincomputingandcommunicationstechnologyduringthepastfiveyearshave
    redirectedthefocusofdataprocessingfromthecomputingcentertotheterminalsinindividualofficesand
    homes.Theresultisthatmanagersmustnowmonitorsecurityonamorewidelydispersedlevel.These
    changesarecontinuingtoaccelerate,makingthesecuritymanagersjobincreasinglydifficult.
    Theinformationsecuritymanagermustestablishandmaintainasecurityprogramthatensuresthree
    requirements:theconfidentiality,integrity,andavailabilityofthecompanysinformationresources.Some
    securityexpertsarguethattwootherrequirementsmaybeaddedtothesethree:utilityandauthenticity
    (i.e.,accuracy).Inthisdiscussion,however,theusefulnessandauthenticityofinformationareaddressed
    withinthecontextofthethreebasicrequirementsofsecuritymanagement.

    CONFIDENTIALITY
    Confidentialityistheprotectionofinformationinthesystemsothatunauthorizedpersonscannotaccessit.
    Manybelievethistypeofprotectionisofmostimportancetomilitaryandgovernmentorganizationsthat
    needtokeepplansandcapabilitiessecretfrompotentialenemies.However,itcanalsobesignificantto
    businessesthatneedtoprotectproprietarytradesecretsfromcompetitorsorpreventunauthorized
    personsfromaccessingthecompanyssensitiveinformation(e.g.,legal,personnel,ormedicalinformation).
    Privacyissues,whichhavereceivedanincreasingamountofattentioninthepastfewyears,placethe
    importanceofconfidentialityonprotectingpersonalinformationmaintainedinautomatedsystemsbyboth
    governmentagenciesandprivatesectororganizations.
    Confidentialitymustbewelldefined,andproceduresformaintainingconfidentialitymustbecarefully
    implemented,especiallyforstandalonecomputers.Acrucialaspectofconfidentialityisuseridentification
    andauthentication.Positiveidentificationofeachsystemuserisessentialtoensuringtheeffectivenessof
    policiesthatspecifywhoisallowedaccesstowhichdataitems.

    ThreatstoConfidentiality
    Confidentialitycanbecompromisedinseveralways.Thefollowingaresomeofthemostcommonly
    encounteredthreatstoinformationconfidentiality:
    Hackers.
    Masqueraders.
    Unauthorizeduseractivity.
    https://www.cccure.org/Documents/HISM/019021.html

    1/3

    2/14/2016

    HandbookofInformationSecurityManagement:AccessControl

    Unprotecteddownloadedfiles.
    Localareanetworks(LANs).
    Trojanhorses.
    Hackers
    Ahackerissomeonewhobypassesthesystemsaccesscontrolsbytakingadvantageofsecurity
    weaknessesthatthesystemsdevelopershaveleftinthesystem.Inaddition,manyhackersareadeptat
    discoveringthepasswordsofauthorizeduserswhofailtochoosepasswordsthataredifficulttoguessor
    notincludedinthedictionary.Theactivitiesofhackersrepresentseriousthreatstotheconfidentialityof
    informationincomputersystems.Manyhackershavecreatedcopiesofinadequatelyprotectedfilesand
    placedtheminareasofthesystemwheretheycanbeaccessedbyunauthorizedpersons.
    Masqueraders
    Amasqueraderisanauthorizeduserofthesystemwhohasobtainedthepasswordofanotheruserand
    thusgainsaccesstofilesavailabletotheotheruser.Masqueradersareoftenabletoreadandcopy
    confidentialfiles.Masqueradingisacommonoccurrenceincompaniesthatallowuserstoshare
    passwords.
    UnauthorizedUserActivity
    Thistypeofactivityoccurswhenauthorizedsystemusersgainaccesstofilesthattheyarenotauthorized
    toaccess.Weakaccesscontrolsoftenenableunauthorizedaccess,whichcancompromiseconfidential
    files.
    UnprotectedDownloadedFiles
    Downloadingcancompromiseconfidentialinformationif,intheprocess,filesaremovedfromthesecure
    environmentofahostcomputertoanunprotectedmicrocomputerforlocalprocessing.Whileonthe
    microcomputer,unattendedconfidentialinformationcouldbeaccessedbyauthorizedusers.
    LocalAreaNetworks
    LANspresentaspecialconfidentialitythreatbecausedataflowingthroughaLANcanbeviewedatany
    nodeofthenetwork,whetherornotthedataisaddressedtothatnode.Thisisparticularlysignificant
    becausetheunencrypteduserIDsandsecretpasswordsofusersloggingontothehostaresubjectto
    compromiseasthisdatatravelsfromtheusersnodethroughtheLANtothehost.Anyconfidential
    informationnotintendedforviewingateverynodeshouldbeprotectedbyencryption.
    TrojanHorses
    Trojanhorsescanbeprogrammedtocopyconfidentialfilestounprotectedareasofthesystemwhenthey
    areunknowinglyexecutedbyuserswhohaveauthorizedaccesstothosefiles.Onceexecuted,theTrojan
    horsebecomesresidentontheuserssystemandcanroutinelycopyconfidentialfilestounprotected
    resources.

    https://www.cccure.org/Documents/HISM/019021.html

    2/3

    2/14/2016

    HandbookofInformationSecurityManagement:AccessControl

    Previous TableofContents Next

    TheCISSPOpenStudyGuideWebSite
    Weareproudtobringtoallofourmembersalegalcopyofthisoutstandingbook.Ofcoursethisversionis
    gettingabitoldandmaynotcontainalloftheinfothatthelatestversionarecovering,howeveritisoneofthe
    besttoolyouhavetoreviewthebasicsofsecurity.Investinginthelatestversionwouldhelpyououtinyour
    studiesandalsoshowyourappreciationtoAuerbachforlettingmeusetheirbookonthesite.

    https://www.cccure.org/Documents/HISM/019021.html

    3/3

    También podría gustarte