Week 3 - Risk and an introduction to human factors Flashcards
Define risk?
the degree of impact from a threat and the likelihood of that threat occurring.
Two terms used to quantify risk?
impact
likelihood
Quantify risk - summarise impact
measure of the degree of harm to assets by a breach
Quantify risk - summarise likelihood
considered in relation to threat and vulnerability levels. the higher the levels, the higher the likelihood.
Risk management - what are the three categories once identified and quantified?
acceptable
limited or no impact
tolerable
ALARA as low as reasonably achievable- as low as possible to meet standards.
ALARP as low as reasonably practicable - further action no worth it
intolerable
threats must be eliminated or systems abandoned.
Define the human factor
socio-technical the interaction of human and security technologies.
the individual
the job
the organisation
Define social engineering
the act of deceiving an individual into revealing information that can be us to gain confidence and trust
Principles of social engineering psych reciprocity
people tend to return favors
Principles of social engineering psych scarcity
time sensitive such as job offers or discounts
Principles of social engineering psych authority
people tend to obey authority figures
Principles of social engineering psych commitment and consistency
people don’t like to go back on their word and will continue a task even if risky
Principles of social engineering psych liking
people can be persuaded to perform a task if they like the person asking
Principles of social engineering psych consensus
people will copy behaviours especially if they see the other benefiting.
social engineering techniques phishing
untargeted attempts to solicit personal information from a victim
social engineering techniques spear-phishing
a targeted form of phishing