Categories of Threats and Attacks to Various Information Services

Authors

  • Surabhi Shanker Associate Professor Trinity Institute of Professional Studies New Delhi
  • Aparna Chaturvedi Department of Mathematics, AIAS, Amity University, Noida
  • Mukta Sharma Associate Professor, Trinity Institute of Professional Studies, New Delhi

DOI:

https://doi.org/10.48165/tjmitm.2020.1001

Keywords:

Information system security, Threat classification, Threat; criteria, security risk, Threat Impact

Abstract

The growth of information technology has revolutionized the whole world. It has actually changed the way of communication, of doing business, of transacting and even of thinking. The impact of information technology especially internet is visible everywhere in almost all domains like hospitality, education, banking, etc. TheSecurity of Information systems is being highly challenged by the propagation of web -based applications including e-commerce and a variety of information services. Information systems are oftenunprotected to variety of threats which leads to harms that might resultinto significant financial losses. It ranges from small fatalities to entire information system demolition. It is essential that security of an information system should protect the confidentiality, integrity, and availability of the system. Now a day, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to counter them which continues to pose a challenge. Further improve our understanding of security threats;this paper addresses   a security threat classification model which allows us to study the threats class impact over time. This paper also proposes different criteria of information system security risks classification and gives a review of most of the threat classification models. It defines a model for information system security threat classification in order to propose a classification architecture that supports all threat classification principles and helps organizations implement their information security system.  

References

Sharma Mukta, Garg R.B., Proposed Framework for Online Transaction using NPN Encryption Algorithm- 2017, Volume 8, Issue-1, online ISSN-0975-8089

Gordon LA, Loeb MP, Lucyshyn W, Richardson R. CSI/FBI Computer Crime and Security Survey – 2006. 11th Annual CSI/FBI Computer Crime and Security Survey; 2006.

Lindqvist U, Jonsson E. How to systematically classify computer security intrusions. IEEE Symposium on Security and Privacy; 1997. 154-163.

Tang J, Wang D, Ming L, Li X. A Scalable Architecture for Classifying Network Security Threats. Science and Technology on Information System Security Laboratory; 2012.

Howard JD. An Analysis Of Security Incidents On The Internet 1989 – 1995. Doctoral Dissertation, Carnegie Mellon University Pittsburgh, PA, USA; 1998.

Geric S, Hutinski Z. Information system security threats classifications. Journal of Information and Organizational Sciences; 2007. 31: 51.

Shanker Surabhi, JhaRashmi, The Scenario of Organizations in the Next Decade and Beyond, Vivekanand Journal of Research, Vol.7, Special Issue 1, May 2018

Chidambaram V. Threat modeling in enterprise architecture integration; 2004.

Swiderski F, Snyder W. Threat Modeling. Microsoft Press; 2004.

Meier J, Mackman A, Vasireddy S, Dunner M, Escamilla R, Murukan A. Improving we application security: threats and counter measures. Satyam Computer Services, Microsoft Corporation; 2003 .

Alhabeeb M, Almuhaideb A, Le P, Srinivasan B. Information Security Threats Classification Pyramid. 24th IEEE International Conference on Advanced Information Networking and Applications Workshops: 2010. p. 208-213.

ISO. Information Processing Systems-Open Systems Interconnection-Basic Reference Model. Part 2: Security Architecture, ISO 7498 -2; 1989.

Ruf L, AG C, Thorn A, GmbH A, Christen T, Zurich Financial Services AG, Gruber B, Credit Suisse AG., Portmann R, Luzer H, Threat Modeling in Security Architecture - The Nature of Threats. ISSS Working Group on Security Architectures, http://www.isss.ch/fileadmin/publ/agsa/ISSS-AG-Security-Architecture_Threat-Modeling_Lukas-Ruf.pdf

Amoroso EG. Fundamentals of Computer Security Technology, Prentice-Hall PTR, Upper Saddle River, NJ; 1994.

Shiu S, Baldwin A, Beres Y, Mont MC, Duggan G. Economic methods and decision making by security professionals. The Tenth Workshop on the Economics of Information Security (WEIS); 2011.

McCue A. Beware the insider security threat, CIO Jury; 2008. http://www.silicon.com/management/cio-insights/2008/04/17/beware-theinsider-security-threa39188671/

Howard MD. LeBlanc, Writing Secure Code 2nd ed., Redmond, Washington: Microsoft Press; 2003.

Ben ArfaRabai L, Jouini M, Ben Aissa A, Mili A. A cybersecurity model in cloud computing environments. Journal of King Saud University – Computer and Information Sciences; 2012; 1: 63-75.

Jouini M, Ben ArfaRabai L, Ben Aissa A, Mili A. Towards quantitative measures of Information Security: A Cloud Computing case study. International Journal of Cyber-Security and Digital Forensics (IJCSDF); 2012; 1(3): 265-279.

Ben ArfaRabai L, Jouini M, Ben Aissa A, MiliA.. An economic model of security threats for cloud computing systems. International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec); 2012. 100-105.

Farahmand F, Navathe SB, Sharp GP, Enslow PH. A Management Perspective on Risk of Security Threats to Information Systems, Information Technology and Management archive; 2005;6: 202-225.

Rasmi M, Jantan A. Attack Intention Analysis Model for Network Forensics. Software Engineering and Computer Systems; 2011. 403-411.

Published

2020-08-15

How to Cite

Categories of Threats and Attacks to Various Information Services. (2020). Trinity Journal of Management, IT & Media (TJMITM), 11(1), 1–6. https://doi.org/10.48165/tjmitm.2020.1001