Guidebook on Best Practices for Airport Cybersecurity (2015) / Chapter Skim
Currently Skimming:
Pages 80-88
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 80... ...
80 A P P E N D I X A Categorized List of Cybersecurity Threats Category Name Description Confidentiality Breach Compromise of encryption material Adversary able to gain access to encryption keys. Release of personally identifiable information (PII)
|
From page 81... ...
Categorized List of Cybersecurity Threats 81 Category Name Description Ineffective Testing Introduction of vulnerabilities into software products Due to inherent weaknesses in programming languages and software development environments, errors and vulnerabilities are introduced into commonly used software products. Reverse engineering An attacker discovers the structure, function, and composition of an object, resource, or system by using a variety of analysis techniques to effectively determine how the analyzed entity was constructed or operates.
|
From page 82... ...
82 Guidebook on Best Practices for Airport Cybersecurity Category Name Description Insider Threat / Data Breach Compromise of mission-critical information Adversary compromises the integrity of mission- critical information, thus preventing or impeding ability of organizations to which information is supplied from carrying out operations. Vulnerabilities exploited using zero-day attacks Adversary employs attacks that exploit as-yetunpublicized vulnerabilities.
|
From page 83... ...
Categorized List of Cybersecurity Threats 83 Category Name Description Malicious Code (Continued) Malicious code delivery to internal organizational information systems (e.g., virus via email)
|
From page 84... ...
84 Guidebook on Best Practices for Airport Cybersecurity Category Name Description Social Engineering Attacks specifically based on deployed information technology environment Adversary develops attacks (e.g., crafts targeted malware) that take advantage of adversary knowledge of the organizational information technology environment.
|
From page 85... ...
Categorized List of Cybersecurity Threats 85 Category Name Description Externally based network traffic modification (man-in-the-middle) attacks Adversary, operating outside organizational systems, intercepts/eavesdrops on sessions between organizational and external systems.
|
From page 86... ...
86 Guidebook on Best Practices for Airport Cybersecurity Category Name Description Unauthorized Network Access (Continued) Network sniffing of exposed networks Adversary with access to exposed wired or wireless data channels used to transmit information uses network sniffing to identify components, resources, and protections.
|
From page 87... ...
Categorized List of Cybersecurity Threats 87 Category Name Description Physical attacks on infrastructures supporting organizational facilities Adversary conducts a physical attack on one or more infrastructures supporting organizational facilities (e.g., breaks a water main, cuts a power line)
|
From page 88... ...
88 Guidebook on Best Practices for Airport Cybersecurity Category Name Description Unintended Data Leak (Continued) Spill sensitive information Authorized user erroneously contaminates a device, information system, or network by placing on it or sending to it information of a classification/sensitivity which it has not been authorized to handle.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.