Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our threats and threat agents module. Threats are a potential danger to your assets if a threat agent decides to take advantage of that asset's vulnerability. A threat could be an accidental trigger or an intentional exploitation. A threat agent or threat source is someone who has the potential to cause a threat by taking advantage of a vulnerability.
Threats can be natural disasters such as tornadoes, earthquakes, floods, landslides, avalanches, and things of that nature. They can be caused by humans, and these can either be unintentional, such as an error made by an employee that causes the deletion of your data or a deliberate action or attack by a hacker or perhaps a disgruntled employee.
They can also be environmental such as pollution, a power failure, a chemical or things of that nature. Natural disasters definitely have the potential to threaten your organization. Earthquakes can occur most anywhere in the world. Floods occur with the gradual accumulation of water or even as a flash flood.
FEMA, the Federal Emergency Management Agency provides flood maps for the United States which you can use to avoid placing your organizations facilities within an area that is prone to flooding. Storms such as tornadoes, hail, rainstorms can cause problems with your organization's facility. And lightning can create an electrical hazard.
Fires are able to destroy your facility very rapidly and cause a lot of damage. Wildfires spread in predictable patterns and you can use those patterns to avoid placing your organization's facility in an area that is prone to wildfires. You can also have localized events based on specific region where you are located and different types of disasters that occur there.
If disasters are prone to occurring in your certain area, you most likely will have local resources in that area that you can use to prepare for these types of emergencies. Human threats can be unintentional caused by some type of accident, an error or just carelessness. But they could have devastating consequences, such as an employee who misplaces a cigarette and causes a fire, or an employee who is not very computer-savvy and accidentally deletes all of your sensitive data.
Humans can also cause intentional attacks such as cyber attacks, accessing resources that they are not permitted to access, or also causing physical destruction or stealing items from your organization. Man made disasters are large scale human threats such as terrorist attacks, fires, explosions, strikes or vandalism. And these types of disasters can obviously be very detrimental to your organization.
Hackers are one type of threat agent. Black hat hackers, also known as crackers, are skilled hackers who exploit security of systems without authorization, and they generally do this for either personal gain or for recognition. White hat hackers are security professionals, penetration testers, or researchers who break into computer systems only when they have the permission of the system owner.
Grey hat hackers are skilled hackers who conduct security research without the permission of the system owner, however they are not doing this with malicious intent. They are generally doing it to expose some type of vulnerability or some type of other problem with the system. Script kitties is a name for unskilled hackers who use hacking tools or scripts that are created by other people in order to try to attack systems.
And hacktivists are considered to be black hat hackers. They are motivated by political reasons. And if they do not like something that a government organization is doing, for example, they could attack that government organization's website or destroy their systems. Advanced persistent threats, or APTs, are adversaries with sophisticated levels of expertise and they also have access to significant resources, which allow them to create opportunities to attack using multiple vectors such as cyber attacks, physical attacks, and deception.
Usually, they will establish a foothold in your infrastructure and you will not notice them for a long period of time. During the time when they have access to your systems, they can be exfiltrating data or removing it off of your network and they will generally also attempt to extend their access to other parts of your systems.
Generally these individuals work for or are sponsored by government agencies and therefore, they have access to significant resources and a significant amount of money. For the CISSP exam you should remember the difference between a threat and a threat agent. Remember that a threat is some type of danger that could be caused by a threat agent, and the threat agent is the individual or the event that will cause that threat to occur, such as a natural disaster or a hacker.
This concludes our threats and threat agents module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!