Threat Consequences

threat consequences

violations of the CIA triad resulting from threats

what are the 4 primary threat consequences, and what are they a threat to?

• unauthorized disclosure - confidentiality

• deception - integrity

• disruption - availability, integrity

• usurpation - integrity

unauthorized disclosure

exposing of confidential information

exposure, interception, inference, and intrusion are all examples of ____

unauthorized disclosure

exposure

release of sensitive data

interception

directly obtaining sensitive data through vulnerabilities

inference

using adjacent data to lead to finding specific data

intrusion

obtaining unauthorized access through bypassing protocols

Having your login credentials exposed through a hacker using an non-secure wi-fi network is an example of ___

interception

Hacking into a customer database is an example of ___

intrusion

deception

sending false data such that an authorized entity believes it is true

masquerade, falsification, and repudiation are all examples of ____

deception

masquerade

posing as an authorized entity

falsification

modifying data into being false

repudiation

framing or denying responsibility of changing data

A student hacker hacking into Canvas to change their grades is an example of ____

falsification

Trojan horse programs are an example of

masquerade

usurpation

shift in control in an unauthorized entity

misappropriation and misuse are both examples of ____

usurpation

misuse

dubiously using a system’s function

misappropriation

obtaining unauthorized control over a resource

A tech employee stealing a computer is an example of

misappropriation

differentiate passive and active communication attacks

• passive attacks seek information, but don’t affect the communication system

• active attacks alter the communication system

release of message contents and traffic analysis are both examples of ____ communication attacks

passive

release of message contents

wiretapping to obtain sensitive information

traffic analysis

inferencing how/why/where information is being exchanged

replay, masquerade, modification, and denial of services are all examples of ____ communication arracks

active

replay

maliciously looping a function

A hacker has repeating the relay of a telegram to the bank for withdrawal is an example of ____

replay

A hacker changing the names on a guest-list email is an example of ____

modification of messages

A foreign government discreetly cutting of a country’s ability to relay messages is an example of ____

denial of service

human attack surface

human error vulnerability

A complicated password system that forces employees to write their passwords on a piece of paper is an example of ____

human attack surface