Threats and Countermeasures
Plenty of threats, if carried out, could cause damage to the organization. We discuss some of these threats in the following sections.
Errors and Omissions
Errors and Omissions (E&O) is an insurance term that describes strategic and tactical errors that an organization can face, whether by commission (performing an action) or omission (failure to perform an action). In addition to general liability coverage, insurance companies also sell Errors and Omissions insurance. Errors and Omissions liability is also known as professional liability.
An example of Errors and Omissions is an error that prevents a company from delivering goods or services per the terms of a contract.
Organizations can prevent some Errors and Omissions through product reviews and quality control processes. For example, an accounting firm can implement systems that help to prevent calculation errors, and a medical transcription organization may implement access control systems to prevent the accidental disclosure of information.
Fraud
Fraud is defined as any deceptive or misrepresented activity that results in illicit personal gain. Workers who have detailed knowledge of business processes and/or insider access to information are in a particularly good position to defraud their employers.
Some examples of fraud include
Writing bad checks
Lying about personal information in order to receive a product or service for which the person isn’t entitled
You can best counter fraud by using controls and processes to ensure that people aren’t misrepresenting themselves or the information that they assert. Generally, you use controls that attempt to confirm information.
Other countermeasures may include establishing a fraud detection capability to ensure that employees and customers aren’t trying to cheat the organization out of goods, services, or cash. A fraud detection system analyzes transactions and provides a list of possibly fraudulent transactions that security and systems professionals within the organization can review.
Organizations also need to examine their business processes and the roles and responsibilities of key personnel executing those processes. Among other things, business processes should make defrauding the organization through collusion difficult — meaning that employees can’t easily work together for their illicit personal gain. See our discussion in the sections “Separation of duties and responsibilities” and “Job rotation,” both earlier in this chapter.
Hackers and crackers
Hackers are (by their own account, anyway) computer enthusiasts who enjoy discovering the intricacies of computers and programming languages, and they can often be considered experts. The term hacker has been associated more with individuals who break into computer systems and networks in order to cause disruption or steal information. Hackers insist that those malicious individuals are known as crackers. Whatever you call them, you need to prevent them from accessing your systems and data for malicious or unauthorized purposes.
Industrial espionage
Industrial espionage is the act of obtaining proprietary or confidential information in order to pass it to a competitor. Espionage is difficult to prevent, but you can deter such activity with visible audit trails and access controls.
Loss of physical and infrastructure support
Loss of physical and infrastructure support is a broad category that represents the kinds of actions that result in a data processing operation losing its physical facilities and/or supporting infrastructure. These actions include, but aren’t limited to, interruptions in public utilities or events that result in the closure or evacuation of a building. We discuss this topic in depth in Chapter 11.
Malware
Malware is malicious code or software that typically damages or disables, takes control of, or steals information from a computer system. Malware broadly includes
adware: Pop-up advertising programs that are commonly installed with freeware or shareware.
backdoors: Malicious code that enables an attacker to bypass normal authentication to gain access to a compromised system.
bootkits: A kernel-mode variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption.
logic bombs: Malicious code that is activated when a specified condition is met, such as a particular date or event.
rootkits: Malicious code that provides privileged (root-level) access to a computer.
spyware: Malicious software that collects information without the user’s knowledge, and/or interferes with the operation of a computer (such as redirecting a web browser or installing additional malware).
Trojan horses: Malicious software that masquerades as a legitimate program.
viruses: Malicious code that requires a user to perform a specific action to become active, such as clicking an executable (.exe
) attachment or a malicious website link.
worms: Malicious code that is spread rapidly across networks without any user interaction required to activate the worm. Worms typically exploit known vulnerabilities and flaws that have not been patched.
Sabotage
Sabotage is the deliberate destruction of property, which could include physical or information assets. This is best deterred and detected with highly visible audit trails, and it is best prevented with strict physical and logical access controls.
Theft
Theft involves taking property from its owner without the owner’s consent. A wide variety of controls can deter and prevent theft, including locks, alarm systems, cameras, audit trails (in the case of information theft), and identifying marks on equipment.
Unlike the theft of physical assets, such as computers, you can find detecting data theft very difficult. When someone steals data, that data is right where you left it; the thief has simply made an unauthorized copy of the data and moved it to a secret location.