In this video, you will learn to describe how the destruction, corruption, modification, theft, removal, loss, or disclosure of information or other resources, and the interruption of service can constitute threats to the security of data or systems. About the threats, the sources that this could come from. So the flux through data communication system that's our enterprise include things, find out the destruction of information of and or other resources. Think about denial of service. This is the predominant threat to large scale information processing enterprises. So the destruction of information, by the way, also the destruction of our security enforcement points. Modification. We talked about the integrity side of that. Being able to modify a message in flight between Alice and Bob has a significant risk. Most people, including the government side, worry more about the modification than the corruption of that. But corruption can be detected. Modification not so much, although we'll show you a mechanism a little later how to detect if a message has been modified. But we think about those passive attacks where the intruders listen and record the messages and transition into an active attack. Where other slight modification of a message is executed. Very dangerous can occur for a long time before people learn. So the targets right are primarily the theft. Let's use the term critical information. Based on the credit card numbers, the goals of the attack, it also may be confidential or classified information on a defense network is theft in removal of that. So the disclosure of this information. Now this is sort of interesting from a perspective of confidentiality. So are the WikiLeaks documents which had been released much to the governments banks over the last year, a disclosure of information. They absolutely are. Is that a threat to an IT enterprise? Yes. So I believe that the WikiLeaks ecosphere is actually a confidentiality violation. Of course, we also talk about the inner interruption of services. This is the availability side. Remember we talked earlier in module one that we've got not only an availability parameter that service is capable, I mean is available, but we also need to worry about the timeliness of that. If we submitted a response to a message and are expecting a response about that it occur within a time period. So on theft here. This is a threat. So threats can really be of two classes. So one obviously is the accidental threat. This is one without work of criminal intent. The other is intentional threats where there's an intention to violate a security policy. Now from the security protection perspective, we do not care between the tool. Whether an individual, a privileged user has an oops moment, or intentionally violates the security policy that impacts the enterprise the results exactly the same. So we do not differentiate much between these two that will create use cases that will help articulate our architecture but from the result side, we don't differentiate much between those two. So beware of the differentiation between accidental and intentional threats. To be honest whether this is an intentional or unintentional result, is that if there's a response, there's an action by the enterprise, data moves out, privileges are reduced. Some change in the state of the security ecosphere that qualifies as an attack. So this is where we've moved from a vulnerability where something could happen, the threat to an attack or an exploit, where something has happened. That's the transition right there. So we worry about vulnerabilities. What could happen we react to exploits what has happened. Once again, here's the differentiation between passive and active. Passive extremely dangerous long-term presence on the network, undetected by Alice Bob or any other use. Model of architecture slides speaks to an industry average of exploits attacks being passively on the network for 284 days before detection. So like I said, difference between passive and active, there is a change to the state of the security ecosphere.