A Systems Approach to Information Security

When looking at an Information System there are 3 contact points where users (and attackers) interact with a system. Any of one or a combination of these contact points can be exploited by an attacker to gain unauthorized access to information. The 3 contact points includes the hardware, software and management processes for a system.

Hardware exploits include:

Software exploits include:

Management Process exploits include:

Typical Information System