英国论文代写:网站威胁评估
在威胁评估的过程中,它会先了解到确定的组织资产的可能威胁,找出最危险的威胁,成本从威胁恢复和防止威胁最大的支出(Kizza,2015)。
XYZ银行现有的信息技术基础设施存在许多漏洞。所有这些漏洞都为开发和威胁本组织资产提供了机会。
XYZ银行资产受到的威胁如下,
1、网络钓鱼是一种非法获取某些个人或组织的敏感信息的企图。这是由攻击者通过伪装的网络已针对一些合法的实体。进入网络后,它从那里窃取信息。有时它模仿整个网站的外观或组织的在线存在,并从网站的合法用户那里窃取信息。用户认为攻击者是合法实体。网络钓鱼攻击通常是通过即时消息或电子邮件欺骗发起的。面对各种信息安全攻击,银行的客户数据是完全不安全的。攻击者可以蒸汽客户信息,可以复制网上存在的银行,使客户愚弄银行。这会严重损害企业的利益。
2、未打补丁的软件相关的攻击也越来越多。任何信息系统都不能超越脆弱性。系统可能有bug、漏洞等。开发人员和供应商在修复系统的某些现有漏洞时,为应用程序提供时间补丁。用户必须通过安装补丁并及时更新来保持系统和应用程序的更新。他们也不应该使用已经不再支持开发者或供应商的过时系统。但是,XYZ银行不更新他们的系统和应用程序,他们也没有为任何系统使用任何补丁程序。所以,他们暴露在未打补丁的软件攻击相关的攻击。
英国论文代写:网站威胁评估
In the threat assessment process, it will first try to understand possible threats to the identified assets of the organization, finding out the most dangerous threat, the cost related to recovery from the threat and the maximum expenditure for preventing the threat (Kizza, 2015).
There are a number of vulnerabilities in the existing information technology infrastructure of XYZ bank. All these vulnerabilities open up chances for exploitation and threats to the assets of the organization.
The threats to the assets of XYZ bank are listed below,
1.Phishing is an illegal attempt to capture sensitive information about some individual or organization. This is carried out by attackers by masquerading some legitimate entity of a network that has been targeted. After getting into the network, it steals information from there. Sometimes it mimics the appearance of a whole website or online presence of an organization and steals information from the legitimate users of the website. The users think the attacker as a legitimate entity. A phishing attack is usually initiated by instant messaging or email spoofing. The customer data of the bank are totally insecure in the face of various information security attacks. Attackers can steam customer information, can replicate the online presence of the bank and make the customers fool about the bank. It will harm the business severely.
2.Unpatched software related Attacks are also growing in numbers. No information systems are beyond vulnerabilities. A system is likely to have bugs, vulnerabilities etc. Developers and vendors provide time to time patching for the applications as and when they fix some existing vulnerabilities of a system. The user must keep the systems and applications updated by installing the patches and updated timely. They also should not use some outdated system that has no longer any support from the developers or vendors. But, XYZ bank don’t update their systems and applications, they don’t have used any patch for any system. So, they are exposed to the attacks related to unpatched software attacks.