Differentiate between Vulnerability & Threat

What is a Threat?

A threat is what we’re trying to protect against.Our enemy could be Earthquake, Fire, Hackers, Malware, System Failure, Criminals and many other unknown forces.

What is Vulnerability?

Vulnerability is a weakness or gap in our protection efforts. Vulnerability can be in form of weak coding, missing anti-virus, weak access control and other related factors.

What is a Risk?

Risk= Vulnerability * Threat

Risk is the product of vulnerability and threat. That is, we get a risk when our systems have a vulnerability that a given threat can attack. Thus, threats may exist, but if there are no vulnerabilities then there is no risk. Similarly, you can have vulnerability, but if you have no threat, then you have no risk.

There should be presence of both the elements (i.e. V*T) to constitute a risk.

Now, let us attempt below exercise to understand the terms more precisely:

(i) “Door is open. Please close it to avoid thieves .If they gets in, we will be robbed”

Identify Threat/Vulnerability/Risk from above statement.

Threat:

Vulnerability:

Risk:

(ii) “If antiviruses are not updated regularly, then new type of virus can destroy our data”

Identify Threat/Vulnerability/Risk from above statement.

Threat:

Vulnerability:

Risk:

Please provide your answers in comment box.  In case of any queries, please do write.

Views : 392

Data Security-Simple Steps to block USB drive

Data Security-Simple Steps to Disable USB Ports.

Needless to say that most common method of data leakage is through USB/Pen drive/Mass storage devices. Also, through such devices our PCs/laptops gets infected by viruses/malwares.  Most of the corporates have centralized control for usage of such devices. However such controls are desirable in the offices of Chartered Accountant/Audit firms also as they have critical database of their clients. It is generally observed that Data Security Policy of CA firms is relatively weak and can be easily compromised. In this article, we will understand simple step-wise description for blocking USB Ports i.e. blocking of Pen Drive/Mass Storage Devices. Please note that no software is required for controlling such devices. (Yes. It’s free of cost. So go ahead (:-   )

There are 2 options to achieve our objective:

(1)    Through Registry

(2)    Through Device Manager

(1)Through Registry:

  1. Go to Start > Run , type “regedit” and press enter to open the registry editor
  2. Navigate to the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

In the right pane, select Start and change the value to 4. (The value 3 is to enable USB Storage). Click OK. This will disable your USB port.

Please remember:

Value Function
3 To enable USB Port
4 To disable USB Port

The change will be effective immediately, however sometimes a reboot may be required. This hack will ensure that all the USB storage devices are disabled / blocked or enabled according to your choice

 

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

 

Go to USBSTOR/Start

 

Write 3 to Enable and 4 to Disable USB

(2)Through Device Manager:

  1. Go to Start > Run , type “Device Manager” and press enter to open the Device Manager
  1. Navigate to the following key: Universal Service Bus Controllers
  2. List of installed devices will appear. Select and right click. It will be give ‘Disable Option’

However, please note that above controls will work only if your PCs/Laptops have Administration Password. Otherwise, anyone can redo i.e. enable USB again and fly away with your confidential data.

Prepared By:

  1. Hemang Doshi , CISA, FII

Views : 711