This is tip No. 6 in our series, "
How to assess and mitigate information security threats,"
excerpted from Chapter 3: The Life Cycle of Internet Access
Protection Systems of the bookThe Shortcut
Guide to Protecting Business Internet Usagepublished by
Realtimepublishers.
Electronic defenses, especially perimeter defenses, can be
defeated if attackers gain physical access to IT assets. If an
attacker can reach an office, the attacker could:
- Install hardware keyloggers to capture keystrokes, including
usernames and passwords
- Pose as a driver from a parcel delivery service and pickup
backup tapes and disks
- Engage in social engineering with office staff to learn about
security procedures, office policies, and the names of executives
and managers in the office
- Use a rogue device to access a poorly secured wireless
network
Any one of these ploys might not be enough to compromise a
system or result in a disclosure, but they can provide pieces to
the security puzzle that attacker is trying to assess. Physical
access controls, surveillance, and security awareness training are
countermeasures to this type of threat.
From increasingly sophisticated malware to social engineering to
physical threats, there are many ways to fall victim to information
security attacks. With a large set of countermeasures at one's
disposal, the question arises, how to choose among them?
How to
Assess and Mitigate Information Security Threats
Introduction
Malware: The Ever-Evolving Threat
Network-based attacks
Information theft and cryptographic
attacks
Attacks targeted to specific
applications
Social engineering
Threats
to physical security
Balancing the cost and benefits of
countermeasures
This chapter excerpt from the free eBookThe Shortcut
Guide to Protecting Business Internet Usage, by Dan
Sullivan, is printed with permission from Realtimepublishers,
Copyright 2006.