Académique Documents
Professionnel Documents
Culture Documents
2
Topic Covered Lec. 2
1. Threats, Attacks and Assets
2. Type of Thread Actions
3. Threats and Assets
1. Hardware
2. Software
3. Data
4. Communication Lines and Networks
4. Security Functional Requirements
1. Threat
Threat and Types of Threat Actions
A potential for violation of security, which exists
when there is a circumstance, capability, action, or
event, that could breach security and cause harm.
That is, a threat is a possible danger that might
exploit a vulnerability.
There are major four types of Threats Actions:
1. Unauthorized Disclosure
2. Deception
3. Disruption
4. Usurpation
2. Types of Threat Actions
1. Unauthorized Disclosure
A circumstance or event whereby an entity gains access to
data for which the entity is not authorized.
There are following types of Unauthorized Disclosure:
1. Exposure: Sensitive data are directly released to an
unauthorized entity.
2. Interception: An unauthorized entity directly accesses
sensitive data traveling between authorized sources and
destinations.
3. Inference: A threat action whereby an unauthorized
entity indirectly accesses sensitive data (but not
necessarily the data contained in the communication) by
reasoning from characteristics or by-products of
communications.
4. Intrusion: An unauthorized entity gains access to
sensitive data by circumventing a system’s security
protections.
2. Deception
A circumstance or event that may result in an authorized
entity receiving false data and believing it true.