An information system threat is a probable event that could result in harm to the owner of the information system. A threat is realized through successful execution of one or more attacks against a system. For example, the threat may be unauthorized access to web applications through theft of user authentication credentials. Attacks that may be used to realize the threat may include keystroke logger, phishing, pharming, network communications intercept, or social engineering.
Determining threat to systems is not always as obvious as it is for a bakery or an on-line gambling company. However, the dichotomy does emphasize the fact that a threat to one system owner may not be a threat to another. The significance of threat exposure to various systems is a core security decision factor. Threat analysis is the process of identifying threats, determining their significance to the system owner, and selecting the correct controls to address the attack methods through which the threat may be realized.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment