Information Security refers to the procedures and techniques which are composed and implemented to ensure print, electronic, or other form of private and sensitive information from unapproved access, utilization, destruction, divulgence, change, or interruption. (http://www.sans.org/information-security)
Need for Information security
Business objectives and privacy drive the need for Information security. For a period, data security was affected to some degree by trepidation, lack of determination, and uncertainty. Examples of these impacts included the fear of another worm episode or virus attack. But regardless of the security suggestions, business needs needed to come first. (http://www.ciscopress.com/articles/article.asp?p=1998559)
A Threat is a potential peril to data or systems. (http://www.ciscopress.com/articles/article.asp?p=1998559)
Social engineering: Social engineering takes another importance in the period of social networking. From phishing strike that target social network records of prominent people, to data exposure because of absence of law or policy, social networks have turned into a focus malicious attackers.
Smart phone exploits: The operating systems on consumer electronics are a choice of decision for high-volume strike. The multiplication of applications for these devices increased the issue.
Memory scraping: This procedure is aimed at getting data specifically from volatile memory. The strike tries to exploit systems and applications that leave hints of information in memory. Attacks are particularly aimed at data that may be prepared as decoded in volatile memory.
Hardware hacking: These attacks are aimed at exploiting the hardware architecture of specific devices. Attack methods include bus sniffing, changing firmware, and memory dumping to discover crypto keys.
Virtualization exploits: Device and service virtualization add more unpredictability to the system. Attackers are progressively focusing on virtual servers, virtual switches, and trust connections at the hypervisor level.
Website compromises: Malicious attackers compromise prominent sites, making the sites download malware to interfacing clients. Attackers typically are not intrigued by the information on the site, yet utilize it as a springboard to taint the clients of the site.
Factors affecting potential threat vectors
It includes organization’s environment, including its business technique, information systems, policies and procedures, clients, facilities and equipment. Each of these components will affect potential risk sources, their motivation, strategy, and consequences.
Different Threat classification databases
To aid in improving security all around the security lifecycle, there are a lot of publicly available classification databases that give an index of attack patterns and classification taxonomies. They are pointed at giving a predictable...