Information Security Threats and Vulnerabilities

Study Notes

Module 1: Information Security Threats and Vulnerabilities

This module covers threats, vulnerabilities, and different types of malware impacting information security.
Cyber security is the protection of assets from threats. The CIA triad is a framework of confidentiality, integrity, and availability.
The five critical elements in the AAA framework are Authentication, Authorization, and Accounting.
Module objectives include: Understanding threat sources, threat actors/agents, threat vectors, malware, network security vulnerabilities, impactful areas of vulnerability, assessing risk, and classification of vulnerabilities.
A threat is the potential occurrence of an undesirable event disrupting organizational activities. Attackers aim to infiltrate and steal personal, financial, and login credentials.
Threat sources can be classified as natural (fires, floods, power failures) and unintentional (unskilled administrators, accidents, untrained employees). Intentional sources include internal (fired employees, disgruntled employees, contractors) and external (hackers, criminals, terrorists, foreign intelligence agents, corporate raiders).
Threat actors/agents include Black Hats (malicious), White Hats (defensive), Gray Hats (both offensive and defensive), Suicide Hackers ("cause-driven"), Script Kiddies (unskilled), Cyber Terrorists (political/religious motivation), State-Sponsored Hackers (government-employed), Hacktivists (political agenda), Hacker Teams (skilled hackers), Industrial Spies (corporate espionage).
A threat vector is a medium used by malicious actors to exploit vulnerabilities. Examples include: direct access, removable media, wireless connections, email, cloud, ransomware/malware, supply chain, and business partners.
Malware is malicious software designed to damage or disable systems. It's used to steal data, slow systems, and cause operational disruption. Examples include Trojans, viruses, ransomware, computer worms, rootkits, PUAs (potentially unwanted apps), spyware, keyloggers, and botnets. Keylogger programs monitor keystrokes to gather information. Botnets are compromised systems used for malicious activities. Fileless malware resides in RAM to avoid detection.
The module discusses different types of malware and their propagation methods. It covers various vulnerabilities in the different systems, including network systems, operating systems, and applications.
Common vulnerabilities include misconfigurations/weak configurations (network misconfigurations, host misconfigurations), default installations/default configurations, application flaws, poor patch management, design flaws, operating system flaws, default passwords, zero-day vulnerabilities, and legacy platform vulnerabilities.
A system is vulnerable due to misconfiguration, poor design, inherent technology issues, and end-user carelessness.
Vulnerabilities in these aspects lead to various impacts like information disclosure, unauthorized access, identity theft, reputational damage, financial loss, legal consequences, and data modification.
Risk is a function of asset, threat, and vulnerability. Risk is the potential of damage or loss. Examples of risk include disruption, loss of productivity, loss of privacy, theft of information, legal liability, and damage to reputation.
The module concludes with a summary describing different threats, malware, and vulnerabilities, and their impacts as well as a look at different types of classifications.