3rd Floor, West Wing, Forestry Commission Building, Fife st/L Takawira, Bulawayo.

Tel:
+263-9-886621 Cell: 0713170079 www.cdszimtraining.com Email: [email protected]

NAME : SIMISOSENKOSI

SURNAME : NCUBE

CENTRE :

INTAKE :

PROGRAMME :

MODULE NAME :

MODULE CODE :

CONTACT : 0774969821

LECTURER :

QUESTION : State the common cyber attacks and relate how they can compromise
systems, also include the importance of CIA n information management.

DUE DATE : 13 APRIL 2024

LECTURER’S COMMENT: ......................................................................................................................

...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
Cyber-attacks have become increasingly common in today's digitally connected world, posing
serious threats to individuals, organizations, and governments. These attacks can compromise the
confidentiality, integrity, and availability of information systems, causing significant financial
and reputational damage. In this essay, we will discuss some of the common cyber-attacks and
how they can compromise systems. Additionally, we will explore the importance of CIA
(confidentiality, integrity, and availability) in information management and how it plays a crucial
role in protecting against cyber threats.

Phishing attacks are among the most common cyber threats, wherein attackers use fraudulent
emails or websites to trick individuals into providing sensitive information such as passwords or
financial details. These attacks can compromise the confidentiality of systems by obtaining
unauthorized access to sensitive data. By posing as legitimate entities, attackers can deceive
users into disclosing their login credentials, compromising the security of their accounts and
sensitive information.

Malware attacks, including viruses, worms, and ransomware, are another prevalent form of
cyber-attack that can compromise the integrity of systems by infecting them with malicious
software. These attacks can modify or destroy data, disrupt system operations, and extort ransom
payments from victims. Ransomware attacks, in particular, have become increasingly
sophisticated, encrypting victims' data and demanding payment for its release, causing
significant financial losses and operational disruptions.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are aimed at
disrupting the availability of systems by flooding them with a large volume of traffic, rendering
them inaccessible to legitimate users. These attacks can overwhelm network resources, causing
service outages and downtime for organizations. By targeting critical infrastructure or services,
attackers can disrupt operations, cause financial losses, and damage the reputation of
organizations.

Social engineering attacks exploit human vulnerabilities to manipulate individuals into divulging
confidential information or performing actions that compromise security. These attacks rely on
psychological tactics to deceive or manipulate users, such as pretexting, baiting, or tailgating. By
exploiting trust or naivety, attackers can gain unauthorized access to systems, steal sensitive
information, or manipulate users into transferring funds or disclosing confidential data.

Pharming attacks involve redirecting legitimate website traffic to fraudulent websites or servers
to steal users' sensitive information. By exploiting vulnerabilities in the Domain Name System
(DNS) or manipulating web traffic, attackers can deceive users into disclosing their login
credentials, financial details, or other confidential information. These attacks can compromise
the integrity of systems by redirecting users to malicious sites or stealing their sensitive data.

SQL injection attacks target databases by inserting malicious code into SQL queries to gain
unauthorized access to sensitive data. This can lead to data breaches, identity theft, or financial
fraud. SQL injection attacks exploit vulnerabilities in poorly designed or insecure websites,
allowing attackers to manipulate databases and extract valuable information.

Man-in-the-Middle (MitM) attacks intercept and alter communications between parties to

eavesdrop on sensitive information or manipulate data exchanges. By inserting themselves
between communication channels, attackers can intercept passwords, financial transactions, or
other confidential data shared between users. These attacks can compromise the confidentiality
and integrity of communications, enabling attackers to steal sensitive information or impersonate
legitimate users.

Social engineering attacks manipulate individuals into divulging sensitive information or

performing actions that compromise security. This can include pretexting, baiting, phishing, or
tailgating techniques to deceive people into trusting the attacker and disclosing confidential
information. Social engineering attacks exploit human psychology and trust relationships to gain
unauthorized access to systems or facilities.

Ransomware attacks encrypt files on a system and demand payment in exchange for the
decryption key. This can lead to data loss, financial damage, and operational disruptions.
Ransomware attacks often target businesses, government agencies, and critical infrastructure
systems, extorting victims for money in exchange for restoring access to their data.

Phishing attacks, malware attacks, DoS/DDoS attacks, social engineering attacks, pharming
attacks, and MitM attacks are just a few examples of the diverse cyber threats that individuals
and organizations face in today's digital landscape. These attacks can compromise the
confidentiality, integrity, and availability of information systems, causing significant harm to
individuals, businesses, and governments. As such, it is essential to prioritize the protection of
systems and data through robust information security measures and practices.

Confidentiality, integrity, and availability (CIA) are fundamental principles in information

management that govern the protection of sensitive data, the accuracy of information, and the
accessibility of systems. These principles ensure that data is kept confidential from unauthorized
users, that it remains intact and accurate, and that it is accessible when needed. By upholding
these principles, organizations can safeguard their information assets from cyber threats and
maintain the trust and confidence of their stakeholders.

Confidentiality is concerned with restricting access to sensitive information to authorized users

and preventing unauthorized disclosure or exposure. By implementing access controls,
encryption, and data loss prevention mechanisms, organizations can protect their confidential
data from unauthorized access or disclosure. Confidentiality measures help prevent data
breaches, identity theft, and unauthorized disclosure of sensitive information, safeguarding the
privacy and security of individuals' data.

Integrity ensures the accuracy, completeness, and reliability of information by protecting it from
unauthorized modifications, deletions, or alterations. By implementing data validation,
checksums, and digital signatures, organizations can detect and prevent unauthorized changes to
their data. Integrity controls help ensure the trustworthiness and reliability of information,
preventing data corruption, tampering, or manipulation by malicious actors.
Availability ensures that information and systems are accessible and operational when needed,
without disruptions or downtime. By implementing redundancy, disaster recovery, and fault
tolerance measures, organizations can ensure the continuous availability of their systems and
services. Availability controls help prevent service outages, downtime, or disruptions caused by
cyber-attacks, hardware failures, or natural disasters, ensuring the reliability and resilience of
information systems.

The CIA triad provides a comprehensive framework for evaluating and addressing the security
needs of information systems, guiding organizations in protecting their data assets and mitigating
cyber risks. By considering the principles of confidentiality, integrity, and availability,
organizations can develop effective security policies, procedures, and controls to safeguard their
information assets from cyber threats. The CIA triad serves as a foundational concept in
information security management, emphasizing the importance of maintaining the
confidentiality, integrity, and availability of data to ensure its protection and security.

In conclusion, cyber-attacks pose serious threats to individuals, organizations, and governments,

compromising the confidentiality, integrity, and availability of information systems. Phishing
attacks, malware attacks, DoS/DDoS attacks, social engineering attacks, pharming attacks, and
MitM attacks are common forms of cyber threats that target the vulnerabilities of systems and
users. By understanding the nature of these attacks and implementing robust security measures,
organizations can mitigate their risks and protect their information assets from harm. The
principles of confidentiality, integrity, and availability are essential in information management,
guiding organizations in safeguarding their data assets and ensuring the security and reliability of
their systems. By upholding the CIA triad, organizations can enhance their cybersecurity posture
and defend against cyber threats in an increasingly digital world.
References
1. Stallings, W. (2017). Cryptography and network security: principles and practice. Pearson
Education India.

2. Goodrich, M. T., & Tamassia, R. (2011). Introduction to computer security. Pearson

Education.

3. Whitman, M. E., & Mattord, H. J. (2016). Principles of information security. Cengage

Learning.