Identify threats and analyse risk

Submitted by shevorne.desil… on Mon, 02/26/2024 - 20:20

Sub Topics

This topic will introduce you to a range of common cybersecurity threats on devices and networks. We will also discuss strategies for analysing risks and techniques to categorise identified vulnerability alerts.

In this topic, you will learn about:

Security threats to devices and networks
Risk analysis strategies
Categorising system vulnerability alerts

Let us begin.

Security threats on devices and networks encompass a range of threats that can compromise the confidentiality, integrity, and availability of information.

Reading

Watch out for threats | Cyber.gov.au

Threats | Cyber.gov.au

Let us explore some of the common types of security threats to devices and networks.

Malware and ransomware

Malicious software such as viruses, worms, Trojans, and ransomware can infect devices and networks, leading to data loss or unauthorised access.

The following video discusses the features of malware and ransomware threats.

Phishing and smishing

In phishing and smishing attacks, cybercriminals use deceptive emails, websites or text messages to trick users into divulging sensitive information, such as passwords or financial details.

The following video discusses the features of phishing and smishing attacks.

Business email compromise

Business Email Compromise (BEC) poses a significant threat by exploiting email communication to deceive employees into transferring funds or sensitive information to fraudulent entities. Attackers use social engineering tactics to impersonate trusted individuals or entities, resulting in financial losses, data breaches, and compromised business operations.

The following video explores the threat of business email compromise.

Botnets and DDoS attacks

Botnets are networks of compromised devices controlled by attackers to launch Distributed Denial of Service (DDoS) attacks. By flooding target systems or networks with overwhelming traffic, DDoS attacks disrupt services, causing downtime and financial losses. Botnets amplify attack potency, making them potent tools for cybercriminals to exploit vulnerabilities and cause widespread disruption.

The following video discusses the features of botnets and DDoS attacks.

Close up of desktop computer with computer language

In the context of maintaining high-security networks, risk analysis involves identifying, evaluating, and prioritising potential risks to a system or organisation. It assesses the likelihood and impact of these risks to determine their significance.

Risk analysis aims to provide insights that guide decision-making on how to best allocate resources and implement controls to manage and mitigate identified risks effectively.

Fundamental methodologies

The following video discusses some of the fundamental methodologies for analysing and assessing risks. Pay close attention to the difference between ‘analysis’ and ‘assessment’ as these terms are used interchangeably in the industry.

Techniques for enhancing risk analysis efforts

The risk analysis efforts can be further enhanced by using techniques designed to dig deeper into the data behind those risk. The following video outlines several of these techniques.

female programmer watching code languages on multiple computer screens

System vulnerability alerts are categorised based on severity, exploitability, and impact. Severity ranks the potential harm, exploitability assesses the likelihood of an exploit, and impact evaluates the consequences.

The following video discusses the Common Vulnerability Scoring System (CVSS) which is an industry standard technique for categorising system vulnerability alerts.

Other techniques used to categorise system vulnerability alerts include, but are not limited to the following.

Severity levels: Assign severity levels (e.g., critical, high, medium, low) based on the potential impact of the vulnerability on system integrity, confidentiality, and availability.
Asset criticality: Prioritise vulnerabilities affecting critical assets, categorising them based on the importance of the compromised asset to overall business functions.
Categorisation by exploitation vector: Classify alerts based on the vectors through which vulnerabilities can be exploited, such as network-based, local, or physical access.
Affected systems and assets: Categorise vulnerabilities based on the specific systems, applications, or assets they affect, allowing for targeted remediation efforts.
Attack vectors: Classify vulnerabilities based on the potential attack vectors, such as SQL injection, buffer overflow, or cross-site scripting, aiding in targeted mitigation strategies.
Risk to business operations: Evaluate the potential impact of vulnerabilities on critical business operations, categorising them according to their business continuity and operational risk.
User access level: Consider the access level required for exploiting vulnerabilities, categorising them based on whether they require local access, network access, or privileged credentials.

Reading

Your Guide To Vulnerability Categories And Severity-Levels (redlegg.com)

Incident Severity Levels 1-5 Explained | Splunk

How did you go?

Congratulations on completing the topic Identify threats and analyse risk.

In this topic, you learnt about:

Security threats to devices and networks
Risk analysis strategies
Categorising system vulnerability alert

Knowledge Check

Complete the following three (3) activities to check your ability understand the key concepts discussed in this topic. You may repeat this activity as often as you like. Use the arrows to move between the different activities.

Assessments

Now that you have learnt the basic knowledge and skills for this module, you are ready to complete the following assessment events.

Assessment 2 (Short Answer Questions)

Assessment 3 (Case Study)

Module Linking

M00921A

Main Topic Image

Female programmer thinking and typing infront of the computer

Is Study Guide?

Off

Is Assessment Consultation?

Off