Threats Categories And Control Measures

pages Pages: 4word Words: 890

Question :

For the following Threat Categories, describe which type of Control should be put in place in an organisation. Classify the controls as Administrative, Product or Physical, as well as whether the controls will Prevent, Detect, Correct or Compensate.  
Threat Categories
• Accidental corruption of information • Loss of intellectual property  • Software piracy • Theft of information (hacker)  • Theft of information (employee) • Web site defacement  • Theft of equipment  • Viruses, worms, Trojan horses • Elevation of privilege • Fire/Flood

Show More

Answer :


Threat categoriesControlDescriptionClassificationType
Accidental corruption of information
Proper shutdown the system

To protect the accidental corruption of information we should proper shutdown the system.


Secure your wireless routerProtect the wireless router using the proper secure password.administrativeprevent
Mask the dataWe can mask the data by the masking techniques. The another name of data masking is data obsfucation.administrativeprevent
Loss of intellectual propertySecure the system
To prevent the intellectual property from the system we can protect it by using the some hashing and password techniques. 



Improve employee awarenessWe can improve the employee awareness, it means give proper training to security of propertyadministrativePrevent/detect
Identify IP and give access to the right peopleWe will identify our IP and will protect it from the unauthorized access.administrativeProtect/prevent
Software piracyBeef-up software license agreementWe should always prioritize our license agreement


Include the evidence gathering technologyWe will embed the technology in the software which will collect the information regarding  registration and login, trial version.administrativePrevent/detect
Our policing effort should be timelyStatutes of limitations may prevent you from recovering for unauthorized use if a few years have passed since the incident occurred, especially if you knew of the incident and did not act. administrativeprevent
Theft of information (hacker)Don’t download any software
 We should try to avoid the downloading from the any suspicious websites.



Use anti-virusWe should any anti-virus which is provided by the any companyproductprevent
Update os and softwareWe should regular update the os and softwaresAdministrativeprevent
Website defacement

It provides the visual change, content and integrity monitoring.


MonitisCloud based monitoring platform offers blacklist and defacement monitioringproductdetect
IPVtecIt is also cloud based and proactively search the anomaliesproductPrevent/detect
Theft of equipment
Use hidden places

We should search the hidden and protective places to keep the equipments


Use the lock systemWe should  try to keep the equipment in lock.physicalprevent
theftguardWe should use the theftguard to protect the equipmentadministrativeprevent
Viruses, worms, Trojan horses

We should use the antivirus which will protect from the malicious programs



Pop-up scriptsWe will use the pop-up scripts which protect the application.productDetect/prevent
 update os and softwaresWe should update our os and softwares from regular intervalprotectprevent
Elevation of privilege
Tamper-Proofing Cookies

if you want to send data back to the client-side and be sure it hasn’t been tampered with when it returns, you need to digitally sign the data.



Keep critical information on the server sideWe will keep the important data on the sever side and will only send the session ID’sAdministrativeprevent

Use digital keys
For the access to the any information we will provide the digital signature keys.administrativeprevent
Robust, high quality firewalls

We should uses the high quality firewalls to protect the records.



Keep the data in cloudThis is the best to protect the data form any kind of natural calamityproductprevent
use external driveStore the data in the external driveproductprevent