week 2

8.2 Types of threats and vulnerabilities

8.2.1 Understand potential technical threats and their impacts on organisations

and individuals, including prevention and mitigation methods:

• botnets

• denial of service (DoS)/Distributed Denial of Service (DDoS)

• malicious hacking:

o hacktivists/nation states/organised crime/individual

o password cracking/brute force

o cross-site scripting

o SQL injection

o buffer overflow

• malware:

o viruses

o worms

o key loggers

o ransomware

o spyware

o remote access trojans

• social engineering:

o phishing

o spear phishing

o smishing

o vishing

o pharming

o watering hole attacks

o USB baiting

• domain name server attack/redirection of traffic

• open/unsecured Wi-Fi networks.

8.2.2 Understand potential technical vulnerabilities to systems and data:

• inadequate security processes:

o weak encryption

o inadequate password policy

o failure to use multi-factor authentication

• out-of-date components:

o hardware

o software (lack of support/compatibility with legacy systems,

zero-day bugs)

o firmware.

8.2.3 Understand potential human threats, including prevention and mitigation

methods, to systems and data:

• human error:

o file properties

o confirmation boxes

o staff training

• malicious employee:

o immediate removal from the premises

o suspend user accounts immediately

• disguised criminal:

o accompany all visitors

o check identification of visitors

• poor cyber hygiene:

o locking all unattended machines

o not writing passwords down

o poor password management.

8.2.4 Understand potential physical vulnerabilities, including prevention and

mitigation methods, to systems, data and information, including:

• lack of access control:

o entry control systems

• poor access control:

o do not allow tailgating

o use complex access codes

o change codes regularly

o monitor access areas

o audit of staff access to secure areas

• nature of location:

o protect against shoulder surfing

o protect against the environment

o protect against vandalism

• poor system robustness:

o rugged machines

• natural disasters.

8.2.5 Understand the potential impact to an organisation of threats and

vulnerabilities:

• loss/leaking of sensitive data

• unauthorised access to digital systems

• data corruption

• disruption of service

• unauthorised access to restricted physical areas.

Last Updated
2025-07-07 15:58:01