CISSP certification: Insider vs. outsider compromises.

Types of attackers:

  • Outsiders:
    • Unauthorized individuals – Trying to gain access, they launch the majority of attacks, but are often mitigated if the organization has good Defense in Depth.
    • Interception, malicious code (e.g., virus, logic bomb, Trojan horse), sale of personal information, system bugs, system intrusion, system sabotage or unauthorized system access.
    • 48-62% of Risks are from outsiders.
  • Insiders:
    • Authorized individuals – Not necessarily to the compromised system, who intentionally or unintentionally compromise the system or data.
    • This could be: Assault on an employee, blackmail, browsing of proprietary information, computer abuse, fraud and theft, information bribery, input of falsified or corrupted data.
    • 38-52% of Risks are from insiders, another reason good Authentication and Authorization controls are needed.

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

Leave a Reply