Source: http://www.cen.eu/cen/Sectors/Sectors/ISSS/Activity/Pages/NISSG%20Report%205.

aspx Different types of Information security threats are: System and Application Threats:

Electronic communication can be obstructed and data can be read, copied and modified. By exploiting the copied data, one can invade the privacy of the individuals and can cause damage. Computers and computer networks can be invaded by unauthorized access. Usually unauthorized access is carried out with malicious intention to copy, manipulate or destroy the data. This does not limit to computers but also extends to mobile devices and other automatic devices. Viruses and other malicious software can interfere with the functioning of computers and mobile devices. These software can delete, manipulate the data or reset the equipment. Some of these virus attacks are extremely destructive and can cause loss in terms of important data and finance. Misrepresentation of people or entities can cause substantial damages, e.g. customers may download malicious software from a website masquerading as a trusted source, people might be subject to identity theft, phishing might be used to receive confidential information, contracts may be repudiated, and confidential information may be sent to the wrong persons. Sometimes unintentional security incidents can result in damage to assets and loss of important data. These incidents can be hardware or software crash or human errors or natural catastrophes. Copyrights and content distribution services are in grave danger due to illegal content decryption and copying or forwarding illegal content on the Internet. This affects the system on a large scale.

Infrastructure Threats: Infrastructure threats are related to services at national or international infrastructure level. Some of these services are medical and healthcare, emergency facilities such as police, fire fighting, immigration, finance, telecommunication networks, utilities such as water, electricity, gas, thrash, foreign and external affairs and food supply chain. The threats to these services include natural catastrophes, system disruptive activities, terrorism and other criminal activities.

Telephone and telecommunication networks have become more vulnerable due to the transition of telecommunication to internet technologies i.e. VoIP Voice over IP. The attacks are VoIP spamming, denial of service (DoS) and distributed denial of service (DDoS)

attacks.

Registration, Authentication and Authorization Services: These services ensure that users are uniquely and unambiguously identified and only authorized users are granted access. Unauthorized users are denied. The security of e-business services depend on systems capability of authenticating users of the services and denying unauthorized users. This service also includes authentication of organizations, systems, devices, applications rather than only users. Confidentiality and Privacy Services: These services are used to store and transmit e- business information securely between participants or organizations. These also make sure that private information such as individuals medical information is protected according to law of data protection. Trust Services: These services are used to ensure that e-business transactions are verifiable and traceable and can be accountable to authorized users. These services enable e-business service providers and clients to communicate and make commitments in electronic form. Network and Information Security Management Services: These services are used for management controls, processes and procedures. Ensure that management controls, processes and procedures are in place along with the technical security measures for system and network infrastructure protection. The security controls consist of policies, organizational controls, asset management controls, human resource management, controls against malware and malicious code. Assurance Services: These services are used to provide e-business users with confidence that all hardware and software applications also called technical and physical, personal and procedural also known as non-technical security measures have been properly designed, tested, configured and are operating in secure manner pertaining to security standards. Also ensure that the security measures are providing protection against assessed risk with help of independent evaluations and audits. In order to protect the network and information systems that form the basis of the e-business service, the threats to the service should be countered by a number of technical, policy or procedural security measures.

Source 2: http://searchsecurity.techtarget.com/resources#parentTopic4 http://hackerzvoice.net/ceh/CEHv6%20Module%2036%20Hacking%20Mobile%20Phones,%20 PDA%20and%20Handheld%20Devices/wp_malware7a_en.pdf

Malware, Viruses, Trojans and Spyware: Malware is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a standalone computer or a networked pc. Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. Trojan is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft. Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to remote user. It also can download other malicious programs from internet and install it on the computer. Smartphone and PDA threats: Features of Smartphones that are most at risk are Text messages, Contacts, Video, phone transcriptions, call records. Text Messages phishing also known as SMSishing. SMS spoofing, this sends fake messages to people on contact list. Contacts Malwares can send short messages containing a virus to the entire contact list. Malware can also pack the contact information and send it to malicious third party. Video Through APIs mobile malware could take over the phone and use the camera to snap photos also it can access the entire photo and video library. Phone Transcriptions Using the mobile voice recording API, a virus can record the voice calls and send the recorded file to an attacker via email or via multimedia message. Call Records call records are not much valuable but still a few viruses can exploit this function. Malicious programs can read this information and exploit. Denial of Service attack: A denial-of-service attack (DoS attack) or distributed denial-ofservice attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, DDoS attacks are sent by two or more persons, or bots. DoS (Denial of Service) attacks are sent by one person or system.

Eff.org Top Concerns: Electronic Frontier Foundation is concerned with the key issues regarding privacy, speech, innovation, transparency and consumer rights associated with the digital world. Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF achieves significant victories on behalf of consumers and general public. Free Speech: In various ways internet is enabling our access to information and allowing us to share the ideas and connect with others. If laws censor us to limit access to information or restrict our communication through internet then internets open architecture goes in vain and is unrealized. EFF defends the internet as a platform for free speech. Fair Use: Privacy: International: Transparency: