conceptual map

Security threat

                                                                    

Security threat 

In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.

A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event

Any action/inaction that could cause disclosure, alteration, loss, damage or unavailability of a company’s/individual’s assets

A better definition of security threat is:

 A potential cause of an incident, that may result in harm of systems and organization

A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America

    Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

 

• There are three components of threat:

Targets: organization’s asset that might be attacked  information (its confidentiality, integrity, availability), software, hardware, network service, system resource, etc.

 Agents: people or organizations originating the threat – intentional or non-intentional  employees, ex-employees, hackers, commercial rivals, terrorists, criminals, general public, customers

Events: type of action that poses the threat  misuse of authorized information, malicious / accidental alteration of                                              information, malicious / accidental destruction of information, etc. 

here we can see a video

for more information about this you can check these links:

• https://www.techopedia.com/definition/25263/threat
• https://en.wikipedia.org/wiki/Threat_(computer)

Deliberate Act of Information Extortion / Blackmail

The development of new technologies such as cloud computing that allow the user to have many services through the Internet, technological convergence and the great reception of social networks has allowed the Internet to have an exponential growth and a tendency to a society increasingly dependent on technology, this has caused an increase in information exposed on the network with the subsequent security problems that this entails.

The exposure of information and vulnerabilities in applications and user systems and companies are exploited by criminals, one of the threats that has grown in recent times and is of general concern is the computer extortion

Computer blackmail

Computer blackmail or extortion is the threat of "public defamation" or, in its case, with the objective of obtaining some pecuniary or material benefit from someone, or obligation to act in a certain way.

Within the cybercrime this figure takes a special form with the "extortion" and "threats" that a person can suffer online, requesting sexual content or minors using social networks; but it can also produce through cyber attacks on a web page or blog, attacking its structure and functioning or collapsing its servers and in exchange for money to import for various amounts so that everything works again as before.

Deliberate act of extortion

the deliberate act of extortion consists of the same act, of the use of violence or intimidation, applied through the computerized means, in such a way that the victim is able to perform an act against himself or others, processed through the web.

The deliberate act of extortion is basically an extortion technique that uses tools and resources provided by the Internet for a monetary purpose, among the most common scenarios are:

• Threats of disclosure of sensitive information: which basically consists of requesting money in exchange for not publicly exposing confidential information.

• Threats of destruction of information: consisting of the request for money in exchange for the non-elimination of important information of the victim.

• Denial of service for platforms such as web portals, applications, etc.: consisting of requesting money in exchange for stopping denial of service (DDoS) attacks that cause interruptions on the benefits provided by a certain web infrastructure.

• Blocking personal accounts: consisting of the request for money in exchange for the unlocking of user accounts, of which the delinquent has taken over.

• Data hijacking also known as ransomware: which consists of requesting money in exchange for "releasing" data from the victim that are generally encrypted in such a way that the owner of the data can not access their own information.

Both the deliberate act of extortion and other threats to information security occur due to the existence of vulnerabilities in the system, which can be mitigated through the implementation of appropriate policies and controls for the environment and infrastructure.

Types of blackmail or deliberate acts of extortion that can be given:

•  sexting: This method consists of extorting someone with the threat of spreading through the Internet a picture of him that is committed and generally of sexual content. In return, the blackmailer asks to have sexual relations with the victim for different purposes. Although this crime is committed against adults and minors, when the blackmail occurs on the latter, the risks multiply.
•  theft of data files containing customer credit card information

there are a video  

for more information about this you can check these links:

• www.yourdictionary.com/blackmail-extortion
• http://www.yourdictionary.com/blackmail-extortion
• https://searchsecurity.techtarget.com/definition/cyberextortion

Deliberate Act of Sabotage or Vandalism

what is the sabotage?

sabotage is a process by which a modification, destruction, obstruction or any intervention in an outside operation is performed, with the purpose of obtaining some benefit for oneself.

• The computer sabotage:The term computer sabotage includes all those behaviors aimed at eliminating or modifying functions or data in a computer without authorization, in order to hinder its correct functioning, that is, to cause damage to the hardware or software of a system. The methods used to cause damage to computer systems are very varied and have evolved into techniques increasingly sophisticated and difficult to detect.

what is the computer vandalism?

A computer crime is any action, typical, unlawful and guilty, that is given by computer channels or that aims to destroy and damage computers, electronic media and Internet networks

some examples of Deliberate Act of Sabotage or Vandalism are:

• Sometimes, sabotage is used to blame outsiders. Example: a man who has a diamond puts it in the pocket of the person who wants to get into trouble, without her noticing, for when they find the diamond is in that person, giving the idea that it was she who stole it or what has illegally Here is observed a sabotage to dirty another.

• acts aimed to destroy an information asset and, ultimately, damage the image of an organization
• example: hackers accessing a system and damaging  or destroying critical data

for more information about this you can check these links:

• https://www.whittingtonassociates.com/2005/08/computer-sabotage-an-insider-threat/
• https://www.reference.com/technology/computer-sabotage-26aedb2d35d843eb
• www.tugurium.com/gti/termino.php?Tr=computer%20sabotage

Deliberate Act of Trespass

what is the deliberate act of trespass?

It is the transfer of information of differnt type of a determined type of apparatus to another similar or different type. Today one of the simplest and most useful processes to perform with electronoc appliances and many of the possibilities are specially adapted to facilitate the task to the average user.

This transfer is always data and these can be represented in different styles either in multimedia material (audio or video), texts, images, among others.

Normally, the transfer process can be given in three basic ways:

• Through a network system (INTERNET)
• Through a port (USB)
• Through different storage media (CD, DVD, ETC.)

Depending on the quality of the devices or the method chosen, the speed of the transfer may vary. On the other hand, the devices involved in the process must have the same protocol language that makes them compatible.

In this sense, having computers in a network allows access from one device to information stored in another device.

In the case of USB ports, these are usually used with external devices such as cell phones, pen drivers, printers, other computers and storage devices

The transfer can also occur with or without the need for cables.

If one needs cables to carry out this process, these should be UTP cables, optical fiber or coaxial cables.

Wireless transfers are basically satellite, with infrared systems, wi-fi technology, bluetooht, etc.

acts intended to destroy an information asset and, ultimately, damage the image of an organization

example:

hackers that access a system and damage or destroy critical data

The difference with a general purpose communication protocol is that the file transfer

protocols are not designed to send arbitrary data or facilitate asynchronous communication, such as Telnet sessions. Its objective is only to send the sequence of bits stored as a single unit in a file system, in addition to all metadata, such as file name, file size, date and time.

In Computer Science, "file transfer" is a generic term to refer to the act of transmitting files through a computer network. Although the term is usually linked to the File Transfer Protocol (FTP), there are many ways to transfer files over a network. The difference with a general purpose communication protocol is that the transfer protocols Files are not designed to send arbitrary data or facilitate asynchronous communication, such as Telnet sessions. Its objective is only to send the sequence of bits stored as a single unit in a file system, in addition to all metadata, such as file name, file size, date and time.

In Computer Science, "file transfer" is a generic term to refer to the act of transmitting files through a computer network. Although the term is usually linked to the File Transfer Protocol (FTP), there are many ways to transfer files through a network.

File transfer can take place on a variety of levels:

• Transfers of transparent files through network file systems.
• Transfer of explicit files from dedicated file transfer services, such as FTP or HTTP.
• Transfer of distributed files between point-to-point networks.
• Transfer of files in instant messaging systems.
• Transfer of files between computers and peripheral devices.
• File transfer over direct modem or serial links

There are two types of file transfers:

1. Transfer of files «Pull-based»: the receiver initiates a request for file transmission.
2. Transfer of files «Pushy-based»: the sender initiates a request for transmission of files.

for more information about this you can check these links:

• https://www.coursehero.com/.../Some-examples-of-deliberate-threats-Espionage-or-tresp...
• https://www.coursehero.com › ... › IT › IT 31266

Reflection

all people must know the risks they run before uploading any type of information to the internet and be aware of it and know how to react to any type of these situations so as not to be a victim of this more

How do you think we could avoid or stop these crimes that are committed on the Internet or what solutions could we give to these security threats?