Types of Threats

• The book has a diagram form the 1970 that discusses types of threats
  • At that point, the main threats were people.
    • Operator (?)
    • Programmer
    • Maintenance/custodial
    • External users
    • Enemies.
  • And they still are.
• But there are other threats as well.
  • Natural disasters
  • Infrastructure failure (power outage)
  • Component failure.
• Human threats may be benign (non malicious)
  • Spilling coffee on a keyboard
  • Coding error
  • Data entry error (think email address, phone number)
  • sending something to the wrong address
  • Losing hardware with data on it.
• Malicious attacks may be random or directed.
  • look at /etc/secure on any of our open systems.
    • The addresses are available, so people are attempting random attacks.
  • Or think about spam.
    • Just the next email address they get, they use.
    • phishing
• Oppose this to directed attacks.
  • Target a particular person, computer, or institution
  • spear-phishing
• (Strange to me but they introduce) Two sources that list known vulnerabilities
  • cve
  • NIST (Look at this one)