information security risk give examples of security measures

information security risk: give examples of security measures designed to

- Deter a threat source

- Detect a threat source

provide references for support

Solution

Information security also known as cyber security or IT security is the protection of information system from theft or damage to the hardware, software and the information

Defines threat By -National Information Assurance Glossary OR ENISA

Any incident or event with the prospective to harmfully impact an IS through unauthorized access, obliteration, exposé, change of data, and/or rejection of service.

Defines threat By- The Open Group

Anything that is able of acting in a way resulting in damage to an asset and/or organization; for example, acts of God (weather, geological events,etc.); malicious actors; errors; failures.

Defines threat By- Factor analysis of information risk

Threats are anything (e.g., object, substance, human, etc.) that are able of performing against an benefit in a way that can result in damage. A storm is a threat, as is a deluge, as is a hacker.

Threats classified according to their type and source:

·         Types of threats:

·         Physical damage: fire, water, pollution

·         Natural events: climatic, seismic, volcanic

·         Loss of essential services: electrical power, air conditioning, telecommunication

·         Compromise of information: eavesdropping, theft of media, retrieval of discarded materials

·         Technical failures: equipment, software, capacity saturation,

·         Compromise of functions: error in use, abuse of rights, denial of actions

Note that a threat type can have multiple origins.

·         Accidental

·         equipment failure

·         software failure

·         Negligence: Known but neglected factors, compromising the network safety and sustainability

A threat sources are those who wish a conciliation to occur. It is a term used to differentiate them from threat agents/actors who are those who actually hold out the harass and who may be specially made or persuaded by the threat actor to knowingly or unknowingly carry out the attack

Threats managed by operational an ISMS, performing all the IT risk management activities foresee by laws, principles and methodologies.

There is some kind of certification of the threat management process:

·         Information security audit

·         Penetration test

When you think of IT security, you perhaps think of keeping the horrific guys out of your IT systems. But what if the \"bad guy\" is fully authorized to use those IT systems? Insider threats are real and not so uncommon. That\'s why the CERT synchronization Center offers a report called Commonsense Guide to avoidance and Detection of Insider Threats. There\'s plenty you can do to lessen your risk of harm perpetrated by a trusted insider.