The IT Law Wiki
Register
Advertisement

Definition

A threat is any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service. Threats are implemented by threat agents.

Snapshot 2009-11-07 20-17-23

Information systems

Information systems are subject to serious threats that can have adverse effects on organizational operations (including missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the government by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems.

Threats to information systems include environmental disruptions, human errors, and purposeful attacks. Attacks on information systems today are often well-organized, disciplined, aggressive, well-funded, and in a growing number of documented cases, extremely sophisticated. Successful attacks on public and private sector information systems can result in great harm to the national and economic security interests of a country.

Indeed, systems sometimes fail without any external provocation, as a result of design flaws, implementation bugs, misconfiguration, and system aging. Additional threats arise in the system acquisition and code distribution processes. Serious security problems have also resulted from discarded or stolen systems. For large-scale systems consisting of many independent installations (such as the Domain Name System (DNS)), security updates must reach and be installed in all relevant components throughout the entire life cycle of the systems. This scope of updating has proven to be difficult to achieve.

See also

Advertisement