Essay on Iram 2

2199 Words Jun 4th, 2016 9 Pages
THREAT FRAMEWORK
Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. Currently, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. The ISF’s Information Risk Analysis Methodology (IRAM) enables organizations to access business information risk and select
…show more content…
12. Introducing Trojan horses - Computer code that masquerades as an authorized program but which carries out an unauthorized action (or set of actions).
13. Introducing malicious code - The introduction of malicious code (example: rootkits), malicious mobile code (example: unauthorized active content), spyware or adware.
14. Carrying out social engineering The deliberate manipulation of staff to elicit information that can be used to undertake an attack (example: by providing User id and password details).
15. Distributing SPAM Excessive distribution of unsolicited (commercial) messages (including email, instant messaging and telephony).
Category 2 – Internal misuse and abuse
16. Gaining unauthorized access to systems or networks - Deliberately gaining access to computer systems or networks to which a user is not authorized (example: by means of password theft or other covert action).
17. Changing system privileges without authorization - Changing system privileges to either enable or deny access to information or functionality.
18. Changing or adding software without authorization - Changing or adding software to produce unauthorized system behavior or actions (example: to divert funds to unauthorized accounts).
19. Modifying or inserting transactions, files or databases without authorization - Changing or adding transactions, files or databases to produce unauthorized system behavior or actions.
20. Misusing systems to cause

Related Documents