Security Standards  «Prev  Next»

Potential threats to your Resources

Potential threats to your resources are:
  1. Local resources: Viruses and applets can damage local systems
  2. Network resources: IP spoofing, system snooping, and obtaining information
  3. Server resources: Unauthorized entry, interrupted service, and trojan horses
  4. Database and Information Resources: Obtaining trade secrets and customer data
Before we get into detail about what the article is going to cover and help demystify steps need for assessing your current security posture, we would need to understand a few basic terms and what they mean so when used in the context of this article, you have complete understanding of what it is they mean and are referring to.
  1. Threat: An expression of an intention to inflict pain, injury, evil, or punishment as well as an indication of impending danger or harm. It is also considered a possible danger or menace. In the Information Technology (IT) arena, a threat is anything that is what was mentioned but in the realm of IT. In simpler terms, a threat is anything that you feel would hurt your company's assets, especially those such as your data, or anything else contained on the computer network and its systems as well as the systems themselves.
  2. Assets: Anything of value, a useful or valuable quality or thing; an advantage or resource. Again, in the IT realm, this would be considered data, the systems that the data is contained on or the infrastructure that connects such systems. Think of the costs associated with your infrastructure, the human resources needed to run them, and the data (your company data) that those systems contain. Most top level executives today are starting to see that all three pieces of this IT paradigm make up the whole... the systems, the people who run them and the data that they contain in the real word production environments of businesses today, to not consider all three important assets is quite foolish, and together, that sum of the parts should be considered the complete asset.

Question: Why is it important for you to know such terms?
When we start to talk about the origins of threat which can be internal and external, we would need to understand what a threat is, what the differences are between the different sub categories of threats, and what the threat is against, which is generally your assets. Again, the point of this introduction is to really prime you to think (using specific terminology) like an IT Security Analyst, more importantly, define the terms you will hear me talk about throughout. If you do not know what a threat is in basic terms, or what an asset is to you, then the article may not make much sense. That being said lets move on to the meat of the article, which is what the different kinds of threats are, where they come from, what you need to consider about them, and what damage such threats can have on you, your company, and the network and systems you work with.