What are the classifications of threats in information security?

Any type of asset that is not operating optimally and is mission-critical or important to the organization, including data that are not backed-up, is known as vulnerability, while anything imperfect is known as weakness. Any type of counter measure that becomes fairly automated and meets the expectations of upper management is known as control.

There are several types of controls in a computer security environment, and threats, are as follows −

  • Malicious Software − Malicious software is also referred to as malware. It is a software that carry harm to a computer system. Malware can be in the structure of worms, viruses, trojans, spyware, adware and rootkits, etc. It can steal protected data, delete files or insert software not approved by a user.

    Worms and viruses behave separately, as they can rapidly proliferate and undermine a whole computer system. They can implement unsavory events from a user’s computer without the user’s knowledge. In the wake of a virus or worm, a computer system can experience meaningful damage.

  • Spoofing − It is generally an attack on a computer device in which the attacker stoles the integrity of a user to steal the user's data or to breach the system's security.

    There are several types of spoofing including IP spoofing, Email spoofing, MAC spoofing, DNS spoofing, and URL spoofing. The DNS spoofing attacks can go on for a long run of time without being identified and can generate serious security problems. Attackers usually target high enterprises or organizations to steal the data and then connect with the target team to hack their system.

  • Sniffing − Sniffing is the procedure in which some data packets passing in the network are monitored. Network administrators generally use sniffers to monitor and troubleshoot network traffic. Attackers needs sniffers to monitor and gather data packets to acquire sensitive information including passwords and user accounts. Sniffers can be set up as hardware or application on the system.

  • Theft − The loss of important hardware, software or information can have meaningful effects on an organization’s effectiveness. Theft can be divided into three basic elements such as physical theft, data theft, and identity theft.

    Physical Theft − Physical theft contains the theft of hardware and software. It is nothing that physical theft is not limited to computer systems alone, elements are targeted by criminals due to their small size and associatively high value.

    Data Theft − Data theft generally contains making copies of essential files without causing some harm to the originals. This can contains stealing sensitive data and confidential data or creating unauthorized changes to computer records.

    Identity Theft − Identity theft is a crime in which an imposter acquire key element of personal data, including social security identification numbers, driver’s license numbers, or credit card numbers, to imitate someone else.