What are information assets? Introducing the threats to information assets, including examples.
Hello. My name is Kikuchi and I am an infrastructure engineer.
This time, we will discuss ``What is an information asset? What threats are there to information assets? ” will be introduced. This is a security related issue.
What is information asset?
Information assets are important information stored in computers owned by companies and organizations, such as "customer personal information," "employee personnel information," and "company financial information."
Reference: https://activation-service.jp/iso/column/2378
In addition, factors that cause information assets to be lost or stolen are called "threats."
Threats include "technical threats," "human threats," and "physical threats." I will explain what kind of threat each poses.
technological threats
Technological threats are threats that use computer technology. Technological threats include:
〇Malware
: Software created to harm computers and data.
(Example)・Computer virus・Worm・Trojan horse, etc.
▼Case study
An employee's computer at Nihon Keizai Shimbun was infected with malware, and 12,514 pieces of personal information were leaked. (May 2020)
Reference site: https://cybersecurity-jp.com/news/36422
〇Backdoor
: A secret entrance that is used to allow unauthorized logins to be made multiple times into a computer once the computer has been compromised.
▼Case study
A version of the Android version of Pokémon GO that was infected with the remote control tool ``DroidJack'' was discovered. If you install this, you will be able to freely control your device remotely from outside. (2016)
Reference site: https://cybersecurity-jp.com/topics/23148
〇Spam email
: Email that sends advertisements etc. indiscriminately. The system is such that the sender cannot be identified.
▼Case study
More than 13,000 spam emails were sent using the email function of the ``Delicious Fujisawa Homepage'' operated by Fujisawa City, Kanagawa Prefecture. (August 2020)
Reference: https://cybersecurity-info.com/news/fujisawa-web-spam-mail-damage/
human threat
Human threats are threats caused by humans. This includes not only intentional mistakes, but also careless mistakes such as misplacing the computer or making operational errors. Human threats include:
〇Social engineering
: The act of stealing information by exploiting human psychology, such as pretending to be the person in question or pretending to be in an emergency.
▼Case study
Trend Micro Japan Co., Ltd. has warned that the number of phishing sites with suspicious domains that take advantage of the new coronavirus is increasing in Japan, and that credit card information and other information is suspected to be stolen through phishing emails and SMS. (March 2020)
Reference: https://cybersecurity-jp.com/news/35833
〇Impersonation
:Using a stolen ID or password and pretending to be an authorized user to commit malicious acts.
▼Case study
At Dinos Cecile Co., Ltd., unauthorized logins to the Cecile Online Shop account using externally obtained passwords occurred 22 times. There is a possibility that one of them was logged in and personal information was viewed. (July 2019)
Reference: https://cybersecurity-jp.com/news/32780
〇Cracking
: The act of maliciously stealing or destroying information on another person's computer.
▼Case study
A company employee was arrested on suspicion of violating the Unauthorized Computer Access Act and embezzling lost property after illegally accessing and hijacking an account for the game ``Puzzle & Dragon'' using a recovered smartphone. (March 2020)
Reference: https://ccsi.jp/1468/
physical threat
It is a threat of losing information due to physical damage to computers, such as disasters such as heavy rain, earthquakes, and lightning strikes, or computer failure. This also includes theft or destruction of computers through burglary.
summary
The factors that cause information assets to be lost or stolen are called "threats," and there are three types of threats: "technical threats," "human threats," and "physical threats."
In order to respond appropriately to threats, it is important to understand what types of threats exist.
We hope this article helps you understand what kind of threats there are.
Reference: “Easy Pass 2019 IT Passport Textbook” Written by Yuri Sakashita