Threat Risk Vulnerability, Countermeasures
Threat Risk Vulnerability, Countermeasures
This assignment will have students researching specific examples of threat(s) to an enterprise operating in a business sector in which the product they sell, or the products they buy, are mostly in digital form.
Reason for the assignment
Threat recognition
The Proper State of Mind
“Situational awareness is the process of recognizing a threat at an early stage and taking measures to avoid it. Being observant of one’s surroundings and identifying potential threats and dangerous situations is more of an attitude or mindset than it is a hard skill.
. Because of this, situational awareness is not just a process that can be practiced by highly trained government agents or specialized corporate security counter surveillance teams — it can be adopted and employed by anyone.”
http://www.stratfor.com/threats_situational_awareness_and_perspective#axzz3GKcYTtOt
Threats to a digital enterprise can be purely digital, and therefore intangible, or they can be a physical device which captures or effects the shape or format or integriety of some digital information. (think of a hand held device which swipes the data off the magnetic stripe on a credit card)
The nature of the technological environment, and the applications in branded consumer products, is progressing at such a fast pace that there is an explosion (figuratively) in the variety of hand held devices that exist, which, can be used for nefarious purposes. Even something as simple as suppressing the shutter click sound on a smart phone allows someone to take a video of a person in a vulnerable situation such that they may inadvertently reveal the typing in of a password, or some other access control protocol.
What you do
Describe and analyze a threat.
Identify a particular kind of threat that would effect an enterprise operating in a business sector in which the product they sell, or the products they buy, are mostly in digital form. (please try to find some big international well known firm)
For example,
- if it was Q1 2014, you could have talked about the Heartbleed bug virus that effected people logging in the Canada Revenue Agency website
- if it was Q3 2013 you could talk about how the Bluetooth connection between your Blackberry and your Garmin windshield mounted GPS was NOT encrypted and if someone beside you had the same model of Blackberry and left their default password as 1234 you could read every contact in their phones address book on your Garmin.
Recognizing Insider Threats
http://www.datacenterjournal.com/it/recognizing-insider-threats/
