.png){kind=logo}
.Copyright © 2015 Pearson Education, Inc..Chapter 1 The Threat Environment Learning Objectives
By the end of this chapter, the student should be able to:
➢Define the term threat environment.➢Use basic security terminology.➢Describe threats from employees and ex-employees.➢Describe threats from malware writers.➢Describe traditional external hackers and their attacks, including break-in processes, social engineering, and denial-of-service attacks.➢Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation.➢Distinguish between cyberwar and cyberterror.Teaching Suggestions Special Issues This chapter is packed with information, but students already know much of it, and the individual concepts are not difficult. There are only two things that tend to puzzle students a little. First, they have a difficult time understanding the implications of intentionality in the definition of hacking. It is important to have students work through multiple examples. Second, some find the distinction between carding and identity theft difficult.(Corporate Computer Security, 4e Randall Boyle, Raymond Panko) (Solution Manual all Chapters) 1 / 4
Chapter 1: The Threat Environment
Corporate Computer Security, 4 th Edition Randall J. Boyle and Raymond R. Panko
1–2 Copyright © 2015 Pearson Education, Inc.Role in the Book Chapter 1 looks at the threat environment—the attackers and attacks that corporations face. The remainder of the book follows the traditional plan-protect-respond cycle that corporations use to defend against the threats that this chapter describes.This book, then, is about defense rather than offense. Students like to work with attack software, and I know that some teachers build their courses around attacks.However, attacks change constantly, and knowing how to attack does not teach a student how to defend. Defense is complex, and it needs a whole course.Teaching the Material Flow of Material ➢ The chapter begins with a definition of the threat environment. It then introduces basic terminology, including confidentiality, integrity, availability, compromises, incidents, breaches, countermeasures, safeguards, and controls.➢ The chapter then covers the series of data breaches at Sony Corp., including the factors that led to it, a short primer on SQL injection, and the consequences the company faced after a massive privacy breach.➢ Next, the chapter covers threats from employees and ex-employees. This section introduces the importance of internal threats. It specifically covers several attacks, including sabotage, hacking, financial theft, theft of intellectual policy (especially trade secrets), extortion, sexual or racial harassment, computer and Internet abuse, and data loss through lost media.➢ The chapter discusses malware, which is a general term for evil software. This includes the usual suspects of viruses and worms and the payloads they carry. It also includes Trojan horses, including remote access Trojans, downloaders, spyware, and rootkits. It ends with a discussion of mobile code and social engineering in malware.➢ Next come traditional external hackers and their attacks, including break-in processes, social engineering, and denial-of-service attacks.➢ The chapter emphasizes that criminals have become the dominant attackers today.The section on career criminals notes that criminal attacks often use international criminal black markets. Criminals engage in fraud (in which the attacker deceives the victim into doing something against the victim’s self-interest), financial theft, the theft of intellectual property, and extortion. The section then discusses stealing private customer and employee data for use in carding (credit card number theft) and identity theft.➢ The chapter ends with the nightmare scenarios of cyberwar and cyberterror.Cyberwar, which is waged by national governments, could produce unprecedented damages. In cyberterror, terrorists use IT to attract converts, conduct direct attacks, make physical attacks worse by creating confusion, and engage in cybercrime to finance their terrorism. 2 / 4
Chapter 1: The Threat Environment
Corporate Computer Security, 4 th Edition Randall J. Boyle and Raymond R. Panko
1–3 Copyright © 2015 Pearson Education, Inc.Covering the Material This is a great chapter for student brainstorming. The chapter is organized around the types of attackers the company faces and the attacks they use against you.
First, have the class come up with a list of people who may attack them. Write them on the board, leaving room for attacks below the names. After they have exhausted their list, complete it.
Second, have them generate the attacks each will use. When they get to hacking, go over the book’s definition closely and work out some examples to see why the concept is complex.Assigning Homework To focus students, you can assign specific Test Your Understanding questions, Hands-On Projects, Project Questions, and end-of-chapter questions they should master or even hand in as homework. You can also specify questions or parts of questions they do not have to master. Multiple choice and true/false questions in the testbank are tied to specific parts of specific questions, so creating multiple guess questions on exams is relatively straightforward.Case Study Some teachers like to start class off with a case discussion that illustrates the material covered in the chapter. Starting class off with a case discussion increases student involvement and encourages students to read the chapter material before class.Each chapter includes a business case that directly relates to the material covered in the chapter. The business case comes directly from a real-world example. At the end of each business case, you will find “key findings” from a related annual industry report.The report’s key findings are related to the business case and are focused on current industry issues. All industry reports are online and completely free. Footnotes provide URLs to each report. Industry reports tend to be 20-60 pages in length, and can be assigned as additional reading.Answer Key Introduction
- Why is it important for firms to understand the threat environment?
Until you understand the threats you face, you cannot defend yourself.
b) Name the three common security goals.
Confidentiality, integrity, availability. 3 / 4
Chapter 1: The Threat Environment
Corporate Computer Security, 4 th Edition Randall J. Boyle and Raymond R. Panko
1–4 Copyright © 2015 Pearson Education, Inc.
c) Briefly explain each.
Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network.Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data.Availability means that people who are authorized to use information are not prevented from doing so. Neither a computer attack nor a network attack will keep them away from the information they are authorized to access.
d) What is an incident?
When a threat succeeds in causing harm to a business, this is called an incident.
e) What are the synonyms for incidents?
Breaches or compromises.
f) What are countermeasures?
The methods companies use to thwart attacks are called countermeasures.
g) What are the synonyms for countermeasure?
Synonyms for countermeasures include safeguards, protections, or controls.
h) What are the goals of countermeasures?
To thwart attacks.
i) What are the three types of countermeasures?
Preventative Detective Corrective
- Who were the victims in the Sony breach?
The victims of the series of data breaches at Sony Corporation are multifold. Sony Corp. itself was obviously one of the victims, with approximately $170 million in losses. They also suffered losses related to reputation, consumer base, regulatory fines, etc.Sony users were also victims. Their personally identifiable information was stolen. Some of their information was stolen multiple times.Other victims may include Sony Corp. shareholders, Sony employees, regulatory bodies that had to allocate time and personnel to the case, taxpayers who had to fund investigations, etc.
b) How did the attackers steal the information from Sony? Explain.
They used SQL injection to extract information from databases using Web interfaces.
- / 4
.png)