In this series, I attempt to provide a high-level classification/taxonomy of information security threats.
A threat in this context is defined as the enabling circumstance that an entity may use to harm another entity, through a process of exploitation of vulnerability inherent in a resource, leading to increased risk or direct negative impact.
My previous Industry Insights provided the methodology and classification guidelines in terms of the type of threat. This time I look at the aspects of where threats originate from, the originator of the threats, and the impact that threats have on information security.
Threat origin
All exploited threats originate due to a chain of cause and effect that is initiated by a threat agent. Each origin provides a stage for the next link in the cause and effect chain. For IS threats, the following provide broad categories:
Network-based: A threat may originate from a computer network. This could mean:
* A threat from a directly connected network link.
* A threat from a network owned by a single operator (intranet).
* A threat from a network owned by many operators (Internet).
* A switched telecommunications network. A network-based threat typically exploits a network service vulnerability in order to gain access to a computer as part of a further stage in an attack.
Removable device: Computers and computing devices usually have interfaces where other devices may be plugged in. In order to use a device, the computer has to communicate with the device using a number of protocols. Vulnerabilities inherent in the implementations of those protocols, combined with weak security controls, may allow removable devices such as USB flash disks to act as agents or stages from where attacks can be launched.
Removable media: Computers contain media access devices such as CD, tape and stiffy drives. The removable media may become infected with malicious software, which will then use the media as a distribution method.
Location-based: One of the principles of security is the defence in depth philosophy. This defines a number of set perimeters that need to be overcome before security is breached. Location-based attacks use the advantage that physical locations allow to bypass physical security controls.
Threat agents
All exploited threats originate due to a chain of cause and effect that is initiated by a threat agent.
Frans Sauermann is information security consultant for Tsepo Technology Consulting.
A threat agent is an entity with the qualified capacity to do harm to another entity. Due to the varied nature of threats, the agent may or may not be malicious or with direct intent.
Malicious entity: A malicious entity is defined here as a person or entity such as a syndicate with wilful intent to gain unauthorised use of assets owned by another party.
Non-malicious person: A person who unintentionally permits an IS breach; for example, a staff member that unknowingly installs a Trojan horse.
Malware: Malware is a software agent or software that has malicious intent as programmed by malevolent people or organisations to perform actions that were not authorised by owners or users of computer systems. Commonly known classes of this kind of software include Trojans, viruses, spyware and worms.
Disaster: A disaster could be a natural disaster such as earthquakes, floods or fire; effects of negligence, effects of war, terrorism or related circumstances that are not under the control of the entity it strikes.
Threat impacts
As threats materialise via the exploitation of vulnerabilities, they produce end results that directly impact an organisation.
Prior to the fact, this provides insight into the risk that an entity faces. After the fact, this invariably leads to damage to an entity.
Confidentiality: Loss of confidentiality is caused by an unauthorised breach and dissemination of information by threat agents that is not explicitly delegated for their use.
Integrity: Loss of integrity of information means that the information in question can no longer be trusted due to inaccuracies induced by threat agents by means of unlawful alteration.
Availability: In information security, loss of availability could lead to the denial of critical services and is caused by malicious threat agent`s intent in causing harm.
In the next and final Industry Insight in this series, I will provide examples of specific threats as analysed by the current threat taxonomy.
* Frans Sauermann is information security consultant for Tsepo Technology Consulting.
Share