A thread can be defined as vulnerable to Information Systems that affect the typical information security elements, Confidentiality, Integrity and availability.

Vulnerability of Information Systems is a noteworthy concern nowadays in all areas of financial, government, and private segments. Security of the Information Systems is one of the greatest difficulties confronts by every one of the associations in this day and age. Despite the fact that the greater part of the associations has understood the estimation of data and the part it plays in the accomplishment of the business, yet just a few take sufficient measures in guaranteeing the security of their data, preventing unauthorized access, securing information from interruption and unapproved revelations and so forth. The effect any business will bear, in the event that any of the data framework is traded off or goes down, is great; henceforth guaranteeing steadiness and security of these data framework is of principal significance to these organizations.

Majority of the organizations have considerably become dependent on computer-based information systems. Therefore, system breakdown cause outcomes ranging from difficult to disaster.

To discover these threats, threat sources and particular areas of the framework that might be influenced ought to be known, so the data security resources can be ensured ahead of time. Along these lines, successful security characterization is important to comprehend and distinguish threat and their potential effects. Actually, security threats can be observed and sorted in various routes by considering diverse criteria like source, operators, and inspirations. Threats characterization recognizes and arrange security threats into classes to survey and assess their effects, and create methodologies to avoid, or mitigate the effects of threat on the framework. There are a few known IT framework assaults characterizations and scientific categorizations in this research.

Motivation

Information systems security remains as one of the important concern on the list of key issues facing information systems executives. This project has undertaken to make understanding about threads and countermeasures of information system security.

Identity Theft Resource Center (ITRC) Data Breach Reports (2015), In this report about data breach, stated there were 177,866,236 personal records exposed in that were held by educational institutions, financial institutions, businesses, the military, or the government and health or medical institutions. These records were exposed in 781 breaches that occurred in 2015. ((ITRC), 2015)

According to ITRC Data Breach Reports (2016), The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093. This represents a substantial hike of 40 percent over the near record high of 780 reported in 2015. ((ITRC), 2017)

The growth of IT is significant and Information Technology covering all areas in current era. However, information systems threads also have significant growth subsequently. Therefore, information system security has to develop over time.

At peak, security threads can be classified as Natural disasters and human activity related causes. Human activity related causes can be sorted as Malicious and Non-Malicious threads. Non-malicious threads occur because of carelessness. Errors and Omissions are instance of non-malicious threads. Fraud, theft, employee sabotage, hackers are categorized as malicious threads. Disasters cannot be controlled by anyone. However, majority of malicious activities can be controlled.

The U.S. National Information Systems Security Glossary defines “Information Systems Security” as the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users.((NISS), 2000)

Even though majority of the threads can be identified by various steps, following to some extent they are not preventable. However, the amount the damage cause by thread can reduce by appropriate countermeasures.

In this research, couple of malicious threads and countermeasures are analyzed and synthesized.

Hacking

Simply hacking can be defined as unauthorized access to computer and network resources. Hacking is a generic term. There are different types of hacking methods.

Malicious code (Malwares)

This is program that is particularly intended to get entrance or harm a PC without the knowledge of the proprietor. There are different sorts of malware including spyware, key-loggers, worms, virus, or any kind of malicious code that penetrates a PC. Generally, program is considered malware in light of the goal of the maker as opposed to its genuine components. Malware creation is on the ascent because of the volume of new sorts made day by day and the draw of cash that can be made through composed internet crime.

Virus

A PC virus is a program, macro or script intended to bring about harm, take individual data, adjust information, send email, show messages, or some mix of these activities. At the point when the virus is executed, it spreads by duplicating itself into or over information records, projects, or boot part of a PC’s hard drive, or conceivably whatever else writable. To help spread a contamination the virus essayists utilize definite information of security vulnerabilities, zero days, or social designing to access a host’s PC.

Trojan horse

A Trojan horse is a program that seems, by all accounts, to be something safe, however in is performing undertakings, for example, offering access to victim’s PC or sending individual data to different PCs. Trojan horse is a standout among the most widely recognized strategies a criminal uses to contaminate victim’s PC and gather individual data from PC. The following are some fundamental cases of how victim’s PC could get to be distinctly contaminated with a Trojan horse.

• A website offers a free download to a program or amusement that regularly costs cash. Downloading the pirated version of a program or diversion permits user to wrongfully utilize or play, in any case, amid the introduce it additionally introduces a Trojan horse onto the PC.
• A friends Facebook record is hacked and has conveyed customized messages advising every one of their friends to see this energizing new video. Opening the video asks for a download that has a Trojan horse that infects victim’s PC.

Worm

a worm is a damaging self-duplicating program containing code equipped for accessing PCs or systems. Once inside the PC or system, the worm causes hurt by erasing, altering, circulating, or generally controlling information.

Malicious code countermeasures

Phishing

Phishing is a term used to portray a malicious individual or group of individuals who trick users. They do as such by sending messages or making site pages that are intended to gather an individual’s online bank, Master-card, or other login data. Since these messages and site pages look like honest to goodness organizations clients believe them and enter their own data.

Phishing countermeasures

• Auto-Generate Domain-Specific Password –

Numerous scientists have built up a sort of system in which, when you give your username and password, it transforms into a space particular secret word and that is even done through a straightforward technique. The essential thought behind this is to hash passwords with a mystery key alongside site space name. The site area name is essential since it will advise that secret key to go into that space. Regardless of the possibility that the client utilizes a similar secret word for each passage point on the planet, it gets changed because of this component, so it turns out to be truly hard for the hacker to get the password since it will be exceptionally interesting and long which will be difficult to recollect.

• The most ideal approach to secure against this is a minimal effort SSL authentication. This convention supports certificates for both servers and customer. There are fundamentally primary two elements of SSL: First, to check the genuine personality of its holder and, second, to scramble and pass information between the customer and server. So, if SSL is utilized, there is next to no shot that the phisher men will get his/her casualty. The server’s authentication distinguishes the site that user is going by through the program application. The customer endorsement is utilized for the confirmation and validation handle. At that point the information transportation prepare begins.
• In this sort of system, irregular passwords are produced and put away in the programs. It has a greater number of points of interest than the principal strategy for hashing passwords. It is more secure because the program will just give the accreditations to the correct URL. In this way, for example, on the off chance that user spared the secret key for the site www.example123.com, then it will pass these accreditations just if this URL shows up. In the event that anything changes in the URL, it won’t pass accreditations. Firefox has this instrument stores passwords in the wake of encoding them, yet this element is not as a matter of course, such a variety of individuals won’t utilize that.
• Many organizations have built toolbars that use a ton of problem discovering and solving methods to determine whether a URL is fake or not. Even Microsoft also used this feature, built in to Internet Explorer 7. The concept is like this.

Tool bar turns red if the server visits any known fake/phishing URL, turns to yellow if the site is a suspect site, and green if the site is safety.

• Two-factor authentication is otherwise called 2FA, two-stage check, or multi-figure verification. It requires a username and secret word, as well as some snippet of data that exclusive the client knows. That snippet of data is known as a physical token. Utilizing conventional qualifications alongside the physical token makes it hard for a phisher to adventure his/her casualty.

Spoofing

Spoofing refers to hacking or duplicity that mimics someone else, software program, equipment gadget, or PC, with the aims of bypassing safety efforts. A standout among the most usually known spoofing is IP spoofing.

Snooping

Snooping, in a security setting, is unapproved access to someone else’s or organization’s information. The practice is like spying however is not really restricted to accessing information during its transmission. Snooping can incorporate easygoing recognition of an email that shows up on another’s PC screen or watching what another person is writing.

Scanning

In scanning, the hacker gather information regarding network and host system.

For example, IP addresses, operating system, services, and installed applications can help the programmer choose which sort of endeavor to use in hacking a system. Scanning is the way toward finding frameworks that are alive and reacting on the system. Ethical hackers utilize it to recognize focus on system IP addresses.

Spoofing, Snooping and Scanning countermeasures

Ethical hackers utilize their tools set to test the checking countermeasures that have been actualized. Once a firewall is set up, a port-filtering tool ought to be keep running against hosts on the system to figure out if the firewall effectively distinguishes and stops the port scanning movement.

The firewall ought to have the capacity to recognize the tests sent by port-examining devices. The firewall ought to do stateful investigations, which implies it looks at the information of the parcel furthermore, not only the TCP header to figure out if the movement is permitted to go through the firewall.

Arrange IDS ought to be utilized to recognize the OS-discovery strategy utilized by some normal hackers’ devices, for example, Nmap. Just required ports ought to be kept open. The rest ought to be sifted or blocked.

The staff of the association utilizing the frameworks ought to be given appropriate training on security awareness. They ought to likewise know the different security strategies they’re required to take after.

Install tools like Anti-key logger, Activity Monitor, AntiSpy firewalls to monitor unusual activities on systems.

Employee Sabotages

Sabotage the state of the end is one of the situations that could make employee undermine their work environment

Why do workers intentionally sabotage their workplace?

The main reason observed to be the motivation behind why representatives attempt to disrupt their working environment is on account of they are troubled with something in their work environment, regardless of whether it be an administrator, an unreceived advancement, or disciplinary moves made against that worker.

How do employees sabotage

As working environment assets have advanced throughout the years so has worker Sabotage. No longer is employee sabotage bound to only the taking of organization’s physical assets however now it has extended to the taking of or decimation of an organization’s digital assets. As per Employees seen as PC saboteurs one way this is going on is by the utilization of guiltless advanced gadgets, for example, mp3 players, computerized cameras, or PDAs to carry digital material in or out of the organization. When they are carrying material into the organization they are normally getting something that would annihilate organization assets and when they are sneaking something out they are typically taking organization property.

Following are some of the employee sabotage events:

• In June 2012, Ricky Joe Mitchell of Charleston, W.Va., a previous network engineer for oil and gas organization EnerVest, was sentenced to jail for sabotaging the organization’s systems. He discovered he would have been terminated and chosen to reset the organization’s servers to their unique manufacturing plant settings.
• It was discovered in 2007 that database director William Sullivan had stolen 3.2 million client records including credit card, personal and banking details from Fidelity National Information Services. Sullivan consented to confess to government extortion charges and was sentenced to four years and nine months in jail and requested to pay a $3.2 million fine.

Identifying and Preventing employee sabotage

A portion of the best counteractive action against employee sabotage is to know about how workers are feeling, and great safety efforts. Some approaches to counteract employee sabotage is via preparing administrators to spot conduct that may prompt to worker sabotage and to evacuate the explanations behind a worker to wind up distinctly disappointed to the point of treachery. Some great approaches to identify disrupt as well as settle harm is by having great security conventions including hostile to infection programs, firewalls, logging apparatuses, and requiring great security rehearses like locking workstations.

IT related countermeasures.

The project will contain appropriate analysis and synthesis about following countermeasures.

1. Software – users can maintain user entrance log, system recovery, verification of system modified and access control to program source to prevent software threads.
2. Hardware – users can work on remote mirroring, surveillance system use, entrance limitation, emergency power source and periodical disk checking are analyzed to prevent hardware threads.
3. Data – users can maintain data category contains information backup, data access controls, authentication, user access rights, authorization, event logging and disposal of media to prevent data loss.
4. Network – users can install anti-virus software, encryption, user authentication, instruction detection system, firewalls, digital signatures and limitation of connection time to prevent network vulnerable.