InfoSEC

InfoSEC


Confidentiality

Accessibility

Integrity

Аналитический центр InfoWatch

The threat of information security - a set of conditions and factors that create the danger of information security breach.

The threats to information security can be classified according to various criteria:

On the aspect of information security, to which the threats are directed:

Threats to confidentiality (unauthorized access to information). The threat of breach of confidentiality lies in the fact that information becomes known to those who do not have the authority to access it. It occurs when access to some restricted access information stored in a computer system or transferred from one system to another. In connection with the threat of breach of confidentiality, the term "leak" is used. Such threats can arise due to the "human factor" (for example, random delegation of the privileges of another user to one or another user), software and hardware failures. Information on restricted access includes state secrets and confidential information (trade secrets, personal data, professional types of secrets: medical, lawyer, bank, official, notary, insurance, investigation and litigation, correspondence, telephone calls, postal (communications secret), information on the essence of the invention, utility model or industrial design before the official publication (know-how), etc.).

Integrity threats (improper modification of data). Threats to integrity violations are threats related to the probability of modification of any information stored in the information system. Violation of integrity can be caused by various factors - from deliberate actions of personnel to failure of equipment.

Threats of accessibility (implementation of actions that make impossible or difficult access to the resources of the information system). The breach of availability is the creation of such conditions under which access to a service or information will be either blocked or possible in a time that does not ensure the fulfillment of certain business objectives.

By location of source of threats:

Internal (sources of threats are located within the system);

External (sources of threats are outside the system).

By the size of the damage:

General (causing damage to the security object as a whole, causing significant damage);

Local (causing damage to certain parts of the security object);

Private (causing damage to individual properties of elements of the security object).

By the degree of influence on the information system:

Passive (the structure and content of the system do not change);

Active (the structure and content of the system is subject to change).

By the nature of occurrence:

Natural (objective) - caused by the impact on the information environment of objective physical processes or natural phenomena that do not depend on the will of man;

Artificial (subjective) - caused by the impact on the information sphere of man. Among the artificial threats, in turn, are:

Unintentional (accidental) threats - errors in software, personnel, system failures, failures in computing and communication equipment;

Intentional (deliberate) threats include unauthorized access to information, development of special software used for unlawful access, development and distribution of virus programs, etc. Intentional threats are caused by actions of people. The main problems of information security are primarily associated with deliberate threats, as they are the main cause of crime and delinquency.

1. Inattention and negligence of employees

2. Use of pirated software.

3. DDoS attacks. Distributed-Denial-of-Service

4. Viruses