The IT Law Wiki
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Cell phone
RFID tag
Radio frequency spectrum
Cloud consumer
Internet
Newly Changed Pages
Computer terminal
Persuasive evidence
Website operator
Bfdi
Email bombing
Pornography
Message modification
Most Popular Pages
community
Community portal
forum
FANDOM
Fan Central
BETA
Games
Anime
Movies
TV
Video
Wikis
Explore Wikis
Community Central
Start a Wiki
Don't have an account?
Register
Sign In
Sign In
Register
The IT Law Wiki
34,539
pages
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Cell phone
RFID tag
Radio frequency spectrum
Cloud consumer
Internet
Newly Changed Pages
Computer terminal
Persuasive evidence
Website operator
Bfdi
Email bombing
Pornography
Message modification
Most Popular Pages
community
Community portal
forum
Editing
Attacker
Back to page
Edit
Edit source
View history
Talk (0)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Definitions == An '''attacker''' is "[a]n entity that works against one or more [[privacy protection]] goals."<ref>[[Privacy Considerations for Internet Protocols]], at 7.</ref> An '''attacker''' is a {{Quote|person deliberately [[exploit]]ing [[vulnerabilities]] in technical and non- technical [[security control]]s in order to steal or [[compromise]] [[information system]]s and [[network]]s, or to [[compromise]] [[availability]] to legitimate [[user]]s of [[information system]] and [[network resources]].<ref>ISO/IEC 27033-1:2015.</ref>}} == Attackers' advantages in today's systems == A number of factors in the current [[security]] environment provide would-be attackers with significant advantages over those trying to protect the large-scale [[network]]s and [[interconnect]]ed [[IT system]]s on which society increasingly depends. An attacker needs to find only one [[vulnerability]]; the defender must try to eliminate all [[vulnerabilities]]. Powerful [[attack tool]]s, including [[automated tool]]s for [[malicious]] actions, are now freely available for [[download]]ing over the [[Internet]] to anyone who wants them, and little skill is required to use them. The resources — including training and equipment — needed to launch potentially harmful [[attack]]s are not only readily available but relatively inexpensive compared to the costs of [[securing]] [[system]]s, [[network]]s, and [[information]], and responding to [[attack]]s. As a result, some classes of [[attack]]s can be initiated with little sophistication. Although these [[attack]]s are not generally significant [[threat]]s to [[system]]s that are kept [[patch]]ed and well [[secure]]d, they are effective against the many [[unpatched]] and poorly [[secure]]d [[system]]s [[connect]]ed to the [[Internet]], and contribute to a background level of ongoing [[malicious]] [[network]] activity. The [[automated tool]]s that can be used by people with relatively little skill or knowledge continue to multiply, and are gradually increasing in capability in step with improvements in [[cyber security and information assurance]] [[technologies]]. Attackers also have the ability to [[exploit]] [[vulnerable]] [[third-party]] machines to launch their [[attack]]s. Classes of [[attack]]s that require much greater expertise pose significantly greater threats. But while the sophistication required to mount such [[attack]]s limits them to a smaller set of [[adversaries]], the capabilities of these high-threat [[adversaries]] also continue to advance. These trends offer a wide range of individuals and entities — from [[malicious]] [[hacker]]s to nation states — the opportunity to support or directly engage in [[cyber attack]]s. == References == <references /> == Source == [[CSIA IWG]], [[Federal Plan for Cyber Security and Information Assurance Research and Development]] 5-6 (Apr. 2006). [[Category:Computer crime]] [[Category:Security]] [[Category:Definition]]
Summary:
Please note that all contributions to the The IT Law Wiki are considered to be released under the CC-BY-SA
Cancel
Editing help
(opens in new window)
Template used on this page:
Template:Quote
(
view source
)
Follow on IG
TikTok
Join Fan Lab