security threats
Area of System Threat Potential Vulnerability
D:H Technical hardware failures or errors Equipment failure
D:H:Pe:Pr:S Missing, inadequate, or incomplete Loss of access to information systems due to disk drive failure without proper backup and recovery plan organizational policy or planning in place
D:H:S:Pe Sabotage or vandalism Destruction of systems or information
D:S Memory Safety Violation Buffer overflows
D:S Technical software failures or errors Bugs, code problems, unknown loopholes
H Forces of nature Fire, flood, earthquake, lightning
H:Pe:Pr:S Human error or failure Accidents, employee mistakes
H:Pr:S Technological obsolescence Antiquated or outdated technologies
H:Pr:S Missing, inadequate, or incomplete controls Network compromised because no firewall security controls
H:S: User interface failures Data integrity loss
H:S:Pe Deviations in quality of service ISP, power, or WAN service issues from service providers
Pe:Pr: Information extortion Blackmail, information disclosure
Pe:Pr:S Theft Illegal confiscation of equipment or information
Pe:Pr:S Software attacks Worms, Trojan horse, virus, denial of service
Pe:Pr:S Espionage or trespass Unauthorized access and/or data collection
Pe:Pr:S Compromises to intellectual property Piracy, copyright infringement
S Input validation errors Format string attacks, SQL injection, Cross-site scripting (web application)
Legend: D=Data, H=Hardware, Pe=People, Pr=Procedure, S=Software
Table 1 - Table identifying the top threats to the new customer rewards program at Kudler Fine Foods
Areas of the System
In Table 1, areas of the system at risk of being potentially vulnerable include the five areas of a system which are as follows:
• Data – This category refers to factual inputs used by programs in the production useful information.
• Hardware – This category includes the computers, peripherals, servers, I/O devices, storage and communication devices.
•
D:H Technical hardware failures or errors Equipment failure
D:H:Pe:Pr:S Missing, inadequate, or incomplete Loss of access to information systems due to disk drive failure without proper backup and recovery plan organizational policy or planning in place
D:H:S:Pe Sabotage or vandalism Destruction of systems or information
D:S Memory Safety Violation Buffer overflows
D:S Technical software failures or errors Bugs, code problems, unknown loopholes
H Forces of nature Fire, flood, earthquake, lightning
H:Pe:Pr:S Human error or failure Accidents, employee mistakes
H:Pr:S Technological obsolescence Antiquated or outdated technologies
H:Pr:S Missing, inadequate, or incomplete controls Network compromised because no firewall security controls
H:S: User interface failures Data integrity loss
H:S:Pe Deviations in quality of service ISP, power, or WAN service issues from service providers
Pe:Pr: Information extortion Blackmail, information disclosure
Pe:Pr:S Theft Illegal confiscation of equipment or information
Pe:Pr:S Software attacks Worms, Trojan horse, virus, denial of service
Pe:Pr:S Espionage or trespass Unauthorized access and/or data collection
Pe:Pr:S Compromises to intellectual property Piracy, copyright infringement
S Input validation errors Format string attacks, SQL injection, Cross-site scripting (web application)
Legend: D=Data, H=Hardware, Pe=People, Pr=Procedure, S=Software
Table 1 - Table identifying the top threats to the new customer rewards program at Kudler Fine Foods
Areas of the System
In Table 1, areas of the system at risk of being potentially vulnerable include the five areas of a system which are as follows:
• Data – This category refers to factual inputs used by programs in the production useful information.
• Hardware – This category includes the computers, peripherals, servers, I/O devices, storage and communication devices.
•