CISSP certification: Insider vs. outsider compromises.

Post author:Thor Pedersen
Post published:September 24, 2017
Post category:CISSP Certification / CISSP, CISM, CISA, and PMP BLOG / IT security / Updates

Types of attackers:

Outsiders:
- Unauthorized individuals – Trying to gain access, they launch the majority of attacks, but are often mitigated if the organization has good Defense in Depth.
- Interception, malicious code (e.g., virus, logic bomb, Trojan horse), sale of personal information, system bugs, system intrusion, system sabotage or unauthorized system access.
- 48-62% of Risks are from outsiders.
Insiders:
- Authorized individuals – Not necessarily to the compromised system, who intentionally or unintentionally compromise the system or data.
- This could be: Assault on an employee, blackmail, browsing of proprietary information, computer abuse, fraud and theft, information bribery, input of falsified or corrupted data.
- 38-52% of Risks are from insiders, another reason good Authentication and Authorization controls are needed.

Tags: (ISC)², CISSP, CISSP CBK, CISSP Certification, CISSP class, CISSP domains, CISSP Practice questions, CISSP Salary, CISSP study, CISSP training

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.

CISSP certification: Insider vs. outsider compromises.

Thor Pedersen

You Might Also Like

Cisco extending all certifications by 180 days:

CISSP certification: Data disposal.

CISM Domain 1: Policies, procedures, guidelines, and frameworks