What are information assets? What threats do information assets face? We'll introduce them with examples

Hello, I'm Kikuchi, an infrastructure engineer

This time, I will introduce "What are information assets? What kind of threats do information assets face?" This is a security-related topic

 

 

What are information assets?

Information assets are important information stored on computers and owned by companies and organizations, such as "customer personal information," "employee personnel information," and "company financial information."

Reference: https://activation-service.jp/iso/column/2378

 

Also, factors that can lead to the loss or theft of information assets are called "threats."

There are three types of threats: technological threats, human threats, and physical threats. We will explain what each type of threat is

 

 

Technological threats

Technological threats are threats that use computer technology. Technological threats include the following:

 

Malware

: Software designed to cause harm to computers and data

(Example) Computer viruses, worms, Trojan horses, etc

▼Examples

An employee's computer at the Nikkei Inc. was infected with malware, resulting in the leakage of 12,514 personal information records. (May 2020)

Reference site: https://cybersecurity-jp.com/news/36422

 

Backdoor

: A secret entrance that allows unauthorized logins to a computer that has already been compromised multiple times

▼Examples

A version of the Android version of Pokémon GO infected with the remote control tool "DroidJack" was discovered. When this tool is installed, the device can be remotely controlled by an outsider. (2016)

Reference site: https://cybersecurity-jp.com/topics/23148

 

Spam emails

: Emails that send advertisements and other content indiscriminately. The sender cannot be identified

▼Examples

More than 13,000 spam emails were sent using the email function of the "Delicious Fujisawa Products Homepage" operated by Fujisawa City, Kanagawa Prefecture (August 2020)

Reference: https://cybersecurity-info.com/news/fujisawa-web-spam-mail-damage/

 

 

 

Human threats

Human threats are threats caused by humans. They include not only intentional threats but also careless mistakes such as leaving a computer behind or operating it incorrectly. Human threats include the following:

 

Social engineering

: The act of stealing information by exploiting weaknesses in human psychology, such as pretending to be the person in question or pretending to be in an emergency

▼Examples

Trend Micro Japan Inc. warned of an increase in phishing sites with suspicious domains that appear to be taking advantage of the COVID-19 pandemic in Japan, and that they are suspected of stealing credit card information and other data via phishing emails and SMS. (March 2020)

Reference: https://cybersecurity-jp.com/news/35833

 

Impersonation

: Using stolen IDs and passwords to commit crimes while pretending to be a legitimate user

▼Examples

Dinos Cecile Co., Ltd. experienced 22 unauthorized logins to its "Cecile Online Shop" account using passwords obtained from external sources. One of these logins may have resulted in personal information being viewed. (July 2019)

Reference: https://cybersecurity-jp.com/news/32780

 

Cracking

: The act of maliciously stealing or destroying information on another person's computer

▼Examples

A male office worker was arrested on suspicion of violating the Unauthorized Access Prevention Act and embezzlement of lost property after illegally accessing and taking over a Puzzle & Dragons (Puzzle & Dragons) game account using a smartphone he found. (March 2020)

Reference: https://ccsi.jp/1468/

 

Physical threats

This is the threat of losing information due to physical damage to a computer, such as a disaster like heavy rain, earthquake, or lightning strike, or computer failure. This also includes the theft or destruction of a computer by burglars

 

 

summary

The factors that lead to the loss or theft of information assets are called "threats," and there are three types of threats: "technical threats," "human threats," and "physical threats."

It is important to understand what threats exist in order to respond appropriately to them

I hope this article has helped you understand the threats you face

 

 

 

 

Reference: "Easy Pass 2019 IT Passport Textbook" by Yuri Sakashita