Computer Security Risks

Computer Incident Prevalence

• Increasing complexity of devices and equipment leads to a growing number of network entry points, increasing security risks.
• Expanding and changing systems introduce new risks, requiring IT organizations to:
  • Keep up with technological change
  • Perform ongoing security assessments
  • Implement approaches for dealing with new risks

BYOD (Bring Your Own Device) Policy

• A business policy that permits employees to use their own mobile devices to access company computing resources.
• Increasing prevalence of BYOD policies increases security risks.

Vulnerabilities and Attacks

• Commercial software with known vulnerabilities can be exploited.
• Exploit: An attack that takes advantage of a particular system vulnerability to infiltrate and initiate a denial-of-service (DoS) attack or install malware, such as spyware.
• Zero-day attack: A type of attack that takes place before the security community or software developer becomes aware of and repairs a vulnerability.

Classification of Perpetrators of Computer Crime

• Black Hat Hacker: Violates computer or Internet security maliciously or for illegal personal gain.
• Cracker: Causes problems, steals data, and corrupts systems.
• Malicious Insider: An employee or contractor who attempts to gain financially and/or disrupt a company's information systems.
• Industrial Spy: Captures trade secrets to gain an unfair competitive advantage.
• Cybercriminal: Attacks a computer system for financial gain.
• Hacktivist: Promotes a political ideology through malicious cyber activities.
• Cyberterrorist: Attempts to destroy government infrastructure, financial institutions, and other corporations, utilities, and emergency response units.