Secure Value

Image by zenonline via Flickr

Understand the common threats to your business and think about how to prevent them, detect them and respond to them before they occur

Threat models are commonly used in information security analysis to illustrate the potential for risks to impact an organization. The threat model is used to describe the characteristics of a given threat and the harm it could to do a vulnerable system. 

 If we do a project where we identify threats scenarios we’ll go into detail.  At a simple level we’ll identify the pieces of the threat scenarios including the actor (WHO), the action (HOW), the motivation (WHY), the vulnerability exploited (think WEAKNESS) and the potential impact (think DAMAGE). 

We do not address the probability of these events occurring which in most cases is impossible to predict accurately.

Over your morning coffee run through these common scenarios and ask yourself if you how they would impact you:

 A trusted employee decides to:

 ·         Download unauthorized software from the Internet which contains a Trojan horse or other malicious software. 

·         Disable antivirus scanning prior to the download of an emailed MS Office document.

·         Transfer information from a third-party computer to their work computer bringing in a virus or other malicious software into the company. 

·         With any number of portable memory devices data is copied from the network and is stolen undetected.

A disgruntled employee decides to retaliate against your company:

 ·         With knowledge of the backup tape courier routine the tape drop off is intercepted and the information contained on the tapes are used to attack your company’s reputation or are used for material gain.

·         With any number of portable memory devices data is copied from the network and is stolen undetected.

 A former employee decides to retaliate against your company:

 ·         With a haphazard termination process the former employee uses his/her still active network access and credentials to damage or steal information from an outside location.

·         With a haphazard termination process the former employee gains access to a company facility and uses his/her still active network credentials to damage or steal information from an outside location.

An authorized visitor or an unauthorized visitor or intruder penetrates one of your company’s facilities and:

 ·         Unchallenged as they walk the floors of the facility they exploit targets of opportunity such as unlocked, unattended systems, backup tapes set unsecured waiting for courier pickup, etc.

 A third party caretaker of your company information has a security incident.  While that incident may not impact your company network, your company has no controls to prevent that incident from impacting your company at a business level.

Related articles by Zemanta

• Security Controls and Principles (deurainfosec.com)