To defend against attacks on information and information systems, organizations must define the threat in these three terms:
■ Adversaries: Potential adversaries might include nation-states, terrorists, criminals, hackers, disgruntled employees, and corporate competitors.
■ Adversaries: Potential adversaries might include nation-states, terrorists, criminals, hackers, disgruntled employees, and corporate competitors.
■ Hacker motivations: Hackers’ motivations might include intelligence gathering, the theft of intellectual property, denial of service (DoS), the embarrassment of the company or clients, or the challenge of exploiting a notable target.
■ Classes of attack: Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.
■ Classes of attack: Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.
ليست هناك تعليقات:
إرسال تعليق