Reflection

              

Conclusión

Sabemos que la seguridad de la información es muy importante ya que este es el conjunto de prevenciones que podemos utilizar para resguardar y proteger la información siempre y cuando buscando mantener la confidencialidad.

¿Acerca de este tema, cómo podemos prevenir un ataque informático?

(puedes dejar tu comentario en la parte de abajo! c: )

Deliberate Act of Trespass

Deliberate Act of Trespass

The typical requirements of this crime of computer intrusion: unreasonable access (the defendant was not authorized at the time of execution of the facts, which is recognized by the appeal itself); violation of computer security measures; and access to company employees' emails, corporate emails, and data and computer programs of the company.

The good that is protected is computer freedom understood as the right of the citizen to control personal and family information that is collected in data files, which constitutes a positive dimension of privacy that constitutes the protected legal right.

In addition, given the reserved nature of the data, the files or records must be of limited access and use to specific individuals and for specific purposes, regardless of their nature: personal, academic or work, medical, economic, etc ... It deals, in reality, with personal information related more to privacy than to privacy. They do not have to be computerized because they also accept any other type of file or public or private registry.

•    unauthorized access to info. that an organization is trying to protect

•     low-tech: shoulder surfing
•     high-tech: hacking

Deliberate Act of Sabotage or Vandalism

Deliberate Act of Sabotage 

or   Vandalism

It is a process by which a modification, destruction, obstruction or any intervention in an outside operation is carried out, in order to obtain some benefit for oneself. Sabotage is understood as any meddlesome action on other people's affairs.

These sabotages are carried out by people who seek to benefit themselves or prevent something.

The term computer sabotage includes all those behaviors aimed at eliminating or modifying functions or data in a computer without authorization, in order to hinder its correct functioning, that is, to cause damage to the hardware or software of a system.

The methods used to cause damage to computer systems are very varied and have evolved into techniques increasingly sophisticated and difficult to detect.

• Acts aimed to destroy an information asset and, ultimately, damage the image of an organization

• Example:
- hackers accessing a system and damaging or destroying critical data

Deliberate Act of Info. Extortion / Blackmail

Deliberate Act of Info.

Extortion / Blackmail

                                              

Security researchers warn: “Information security continues to be ignored by top managers, middle managers, and employees alike.

The result of this neglect is that organizational systems are far less secure than they might otherwise be and that security breaches are far more frequent and damaging than is necessary”

In order to strengthen the level of protection of information in the organization, those responsible for that information must begin with an understanding of the threats facing the information, and then must examine the vulnerabilities inherent in the systems that store,

process, and transmit the information possibly subjected to those threats. The first part of this strategy is the identification of the dominant threats facing organizational information security, and the ranking of those threats in order to allow organizations to direct priorities accordingly.

What is a deliberate act?

Deliberately it is an adverb that is used to refer to what is done deliberately. This means that these are actions developed on purpose, with intention. ... The fact that an act is deliberate or not, in short, has to do with the planning and intentionality of the subject.

• hacker or trusted insider steals information and demands compensation for its return

• example:
- theft of data files containing customer credit card information

Security threat

Security threat

Any action/inaction that could cause disclosure, alteration, loss, damage or unavailability of a company’s/individual’s assets.

In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.

A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.

A potential cause of an incident, that may result in harm of systems and organization

A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America.
 

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. 

 There are three components of threat:

> Targets: organization’s asset that might be attacked

   -information (its confidentiality, integrity, availability), software, hardware,       network service, system resource, etc.

>Agents: people or organizations originating the threat –intentional or non intentional.

   -employees, ex- employees, hackers, commercial rivals, terrorists, criminals, general public, customers.

> Events: type of action that poses the threat

-misuse of authorized information, malicious / accidental alteration of

information, malicious / accidental destruction of information, etc.