[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

What are information assets? Introducing the threats to information assets, including examples.

2020.09.07

Security

Hello. My name is Kikuchi and I am an infrastructure engineer.

This time, we will discuss ``What is an information asset? What threats are there to information assets? ” will be introduced. This is a security related issue.

What is information asset?

Information assets are important information stored in computers owned by companies and organizations, such as "customer personal information," "employee personnel information," and "company financial information."

Reference: https://activation-service.jp/iso/column/2378

In addition, factors that cause information assets to be lost or stolen are called "threats."

Threats include "technical threats," "human threats," and "physical threats." I will explain what kind of threat each poses.

technological threats

Technological threats are threats that use computer technology. Technological threats include:

〇Malware

: Software created to harm computers and data.

(Example)・Computer virus・Worm・Trojan horse, etc.

▼Case study

An employee's computer at Nihon Keizai Shimbun was infected with malware, and 12,514 pieces of personal information were leaked. (May 2020)

Reference site: https://cybersecurity-jp.com/news/36422

〇Backdoor

: A secret entrance that is used to allow unauthorized logins to be made multiple times into a computer once the computer has been compromised.

▼Case study

A version of the Android version of Pokémon GO that was infected with the remote control tool ``DroidJack'' was discovered. If you install this, you will be able to freely control your device remotely from outside. (2016)

Reference site: https://cybersecurity-jp.com/topics/23148

〇Spam email

: Email that sends advertisements etc. indiscriminately. The system is such that the sender cannot be identified.

▼Case study

More than 13,000 spam emails were sent using the email function of the ``Delicious Fujisawa Homepage'' operated by Fujisawa City, Kanagawa Prefecture. (August 2020)

Reference: https://cybersecurity-info.com/news/fujisawa-web-spam-mail-damage/

human threat

Human threats are threats caused by humans. This includes not only intentional mistakes, but also careless mistakes such as misplacing the computer or making operational errors. Human threats include:

〇Social engineering

: The act of stealing information by exploiting human psychology, such as pretending to be the person in question or pretending to be in an emergency.

▼Case study

Trend Micro Japan Co., Ltd. has warned that the number of phishing sites with suspicious domains that take advantage of the new coronavirus is increasing in Japan, and that credit card information and other information is suspected to be stolen through phishing emails and SMS. (March 2020)

Reference: https://cybersecurity-jp.com/news/35833

〇Impersonation

:Using a stolen ID or password and pretending to be an authorized user to commit malicious acts.

▼Case study

At Dinos Cecile Co., Ltd., unauthorized logins to the Cecile Online Shop account using externally obtained passwords occurred 22 times. There is a possibility that one of them was logged in and personal information was viewed. (July 2019)

Reference: https://cybersecurity-jp.com/news/32780

〇Cracking

: The act of maliciously stealing or destroying information on another person's computer.

▼Case study

A company employee was arrested on suspicion of violating the Unauthorized Computer Access Act and embezzling lost property after illegally accessing and hijacking an account for the game ``Puzzle & Dragon'' using a recovered smartphone. (March 2020)

Reference: https://ccsi.jp/1468/

physical threat

It is a threat of losing information due to physical damage to computers, such as disasters such as heavy rain, earthquakes, and lightning strikes, or computer failure. This also includes theft or destruction of computers through burglary.

summary

The factors that cause information assets to be lost or stolen are called "threats," and there are three types of threats: "technical threats," "human threats," and "physical threats."

In order to respond appropriately to threats, it is important to understand what types of threats exist.

We hope this article helps you understand what kind of threats there are.

Reference: “Easy Pass 2019 IT Passport Textbook” Written by Yuri Sakashita

If you found this article helpful , please give it a like!