Embedded Files
Describe a range of digital security threats and vulnerabilities
Pick 2 threats and 2 vulnerabilities
Assessment
Report
Descriptions must include how the threats and vulnerabilities may be used against an organisation
Threats, to include technical and non-technical, for example:
• Gaining access to confidential information
• Messing up a game, just for the fun of it
• Having an army take over a power plant
Assessment guidance
Vulnerabilities, to include technical and non-technical, for example:
• social engineering attacks (preying on people's fears)
• unlocked doors to building
• lack of training
• unpatched end points
Digital Security Threats
Digital Security Threats
1. Hacking
What it Is: Unauthorized access to computer systems, often to steal data or cause harm.
Technical or Non-Technical: Technical
Example: Someone cracking a password to gain access to confidential files.
2. Malicious Spam
What it Is: Unsolicited emails that may contain harmful links or attachments.
Technical or Non-Technical: Technical
Example: You receive an email claiming you won a prize, but the link downloads a virus onto your computer.
3. Malware
What it Is: Software designed to harm or exploit hardware, software, or people.
Technical or Non-Technical: Technical
Example: A program that records your keystrokes to steal your login credentials.
4. Phishing
What it Is: Fraudulent attempts to get sensitive information by pretending to be someone else.
Technical or Non-Technical: Both
Example: An email pretending to be from your bank asks you to log in, but it's actually a fake site designed to steal your info.
Vulnerabilities
Vulnerabilities
1. Social Engineering Attacks
What it Is: Manipulating people into divulging confidential information.
Technical or Non-Technical: Non-Technical
Example: Someone posing as an IT support agent calls an employee and convinces them to share their password.
2. Unlocked Doors to Building
What it Is: Physical access points to a building that are not secured.
Technical or Non-Technical: Non-Technical
Example: An unlocked door allows an intruder to walk in and gain access to computers left unattended.
3. Lack of Training
What it Is: Employees or users not being educated about best security practices.
Technical or Non-Technical: Non-Technical
Example: Staff members using easy-to-guess passwords because they aren't trained on the importance of strong password security.
4. Unpatched End Points
What it Is: Computers, servers, or other devices that haven't been updated with the latest security patches.
Technical or Non-Technical: Technical
Example: A computer running outdated software becomes an easy target for malware that exploits known vulnerabilities.
Assessment Guidance
Assessment Guidance
For Threats: Make sure to have safeguards like firewalls, spam filters, and anti-malware software in place. Educate users on the risks of phishing and how to recognize suspicious activity.
For Vulnerabilities: Address non-technical vulnerabilities with training and policies, such as mandatory password changes and security awareness training. Ensure physical security measures are robust. For technical vulnerabilities, have a rigorous patch management process to keep all systems up to date.
By understanding these threats and vulnerabilities, you can take steps to fortify your "digital castle" and keep unwanted intruders at bay.
Browser push notifications
Page updated
Google Sites
Report abuse