A threat is an agent, condition or circumstance that potentially cause harm, loss, damage or compromise to assets. This includes destruction, disclosure, modification, corruption or DoS attacks.
This is considered to be a potential violation of security. Some information security threat categories include:
Network Threats
Host Threats
Application Threats
- Unauthorized access.
- Stolen, lost, damaged, modified data
- Disclosure of confidential information
- Hacker attacks
- Cyber terrorism
- Viruses and Malware
- Denial of Service
- Natural Disasters, weather or catastrophic damage like hurricanes, fire, flood or earthquakes.
This is considered to be a potential violation of security. Some information security threat categories include:
Network Threats
- Information gathering
- Sniffing and eavesdropping
- Spoofing
- Session hijacking and Man-in-the-Middle attacks
- DNS and ARP poisoning
- Password-based attacks
- Denial-of-Service attacks
- Compromised-key attacks
- Firewall and IDS attacks
Host Threats
- Malware attacks
- Footprinting
- Password attacks
- Denial-of-Service attacks
- Arbitrary code execution
- Unauthorized access
- Privilege escalation
- Backdoors
- Physical security threats
Application Threats
- Improper input validation
- Authentication and authorization attacks
- Security misconfiguration
- Information disclosure
- Broken session management
- Buffer overflow issues
- Cryptography attacks
- SQL injection
- Improper error-handling and exception management