The Project Paper part-1 covers chapters read during Week #1 through Week #8.The Project Paper part-2 covers chapters read during Week #9 through Week #13. Review the information provided in the tex
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Seven Domains of a Typical IT Infrastructure
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 13
User Domain Common Threats
Lack of user awareness
User apathy toward policies
User violating security policy
User inserting CD/DVD/USB with personal files
User downloading photos, music, or videos
User destructing systems, applications, and data
Disgruntled employee attacking organization or committing sabotage
Employee blackmail or extortion
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Fundamentals of Information Systems Security Page 14
Workstation Domain Common Threats
Unauthorized workstation access
Unauthorized access to systems, applications, and data
Desktop or laptop operating system vulnerabilities
Desktop or laptop application software vulnerabilities or patches
Viruses, malicious code, and other malware
User inserting CD/DVD/USB with personal files
User downloading photos, music, or videos
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 16
LAN Domain Common Threats
Unauthorized physical access to LAN
Unauthorized access to systems, applications, and data
LAN server operating system vulnerabilities
LANupdatesserver application software vulnerabilities and software patch
Rogue users on WLANs
Confidentiality of data on WLANs
LAN server configuration guidelines and standards
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 18
LAN-to-WAN Domain Common Threats
Unauthorized probing and port scanning
Unauthorized access
Internet Protocol (IP) router, firewall, and network appliance operating system vulnerability
Local users downloading unknown file types from unknown sources
WAN
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 20
WAN Domain Common Threats
Open, public, and accessible data
Most of the traffic being sent as clear text
Vulnerable to eavesdropping
Vulnerable to malicious attacks
Vulnerable to corruption of information and data
| Vulnerable to Denial of Service (DoS) and | WAN | |
| Distributed Denial of Service (DDoS) attacks |
Insecure Transmission Control Protocol/Internet Protocol (TCP/IP) applications
Hackers and attackers e-mailing Trojans, worms, and malicious software freely and constantly
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 21
Remote Access Domain Common Threats
Brute force user ID and password attacks
Multiple logon retries and access control attacks
Unauthorized remote access to IT systems, applications, and data
Confidential data compromised remotely
Data leakage in violation of data classification
standards Internet
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 23
Systems/Applications Domain
Common Threats
Unauthorized access to data centers, computer rooms, and wiring closets
Difficult-to-manage servers that require high availability
Server operating systems software vulnerability management
Security required by cloud computing virtual environments
Corrupt or lost data
Cloud
Computing
Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 24
