Certified Cybersecurity Technician Information Security Threats And Vulnerabilities PDF

Summary

This chapter defines vulnerabilities, discussing risks, and examples of risks in business. It also looks into legal liabilities and damage to reputations of organizations.

Full Transcript

Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Risk O B Risk refers to the potential loss or damage that can occur when ‘ (@) O U o ” a threat to an asset exists in the presence of a -, ‘ 5 (D } I vulnerability that can be exploited Risk Risk refers to the potential loss or damage that can occur when a threat to an asset exists in the presence of a vulnerability that can be exploited to compromise the asset. Therefore, a risk can be thought of as the intersection of an asset, threat, and vulnerability. Risk = Asset + Threat + Vulnerability If threats exist, but vulnerabilities do not exist in a system, there is little or no risk. Similarly, if vulnerabilities exist in a system, but threats do not exist, there is little or no risk. Understanding the level of risk to assets by assessing threats and identifying vulnerabilities accurately is fairly challenging. Clearly distinguishing between vulnerabilities, assets, and risks can facilitate the assessment of the extent of risk to assets. Module 01 Page 118 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Examples of Risks Disruption or complete E I shutting down of the business (lL]]/) Loss of productivity @ Loss of privacy e = “ Theft of information Legal liability Damage to reputation and consumer confidence Copyright © by EC-Council. Al Rights Reserved. Reproduction Is Strictly Prohibited Examples of Risks Disruption of Business Attacks on the network infrastructure of a business can potentially disrupt the entire functioning of the business. Security breaches can lead to a loss of critical business and user information. Loss of Productivity An exploited business network may incur significant production losses. The data lost due to an attack must be recovered either through data backups, if available, or restored manually by individuals. Therefore, the recovery of data after a network attack can be a time-consuming process. Loss of Privacy The leakage of confidential data can cause considerable losses for the organization and can also lead to legal challenges. Theft of Information A successful intrusion into a network can enable attackers to raid the information available in the system. A raid of personal and professional information of the company’s employees through such attacks can affect those employees directly. If the attacks intrude into a customer database, the customers result in significant complications for the organization. Module 01 Page 119 are also affected, which can Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Threats and Vulnerabilities Exam 212-82 Legal Liability In accordance with electronic and data security laws, which differ between countries, an organization can file a legal lawsuit against attackers when their security is breached, if they have appropriate evidence of the incident. This can lead to potential legal costs, which can also be considered a risk for the organization. Similarly, customers may also have the right to file a lawsuit against the company if their private and personal information such as credit card numbers, social security numbers, and addresses are stolen. The organization may incur further expenditure in the settlement of these lawsuits, and hence such legal liability can also be considered as an example of risks. Damage to reputation and consumer confidence Once the security of an organization’s resources has been breached by an attack, it is difficult to regain customer confidence. Therefore, any potential threat to an organization’s reputation can be a significant risk for the organization. Module 01 Page 120 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.