B. NON TECHNICAL CYBER SECURITY THREATS TO INFORMATION SYSTEM
• Insider - An insider is known as someone with legitimate access to the network. Because information and data accessed by insiders can be easily copied, stolen, deleted, misfiled, or updated, insider threats can be some of the most damaging, harmful regardless of whether they occur due to user carelessness or do the malicious activity.
• Physical Security- Physical Security is significant to preventing unauthorized access to sensitive data, information as well as protecting an organization’s personnel and their resources. An effective and impacted physical security system is an integral part of a comprehensive security system. Physical safety measures consist
…show more content…
Socially engineered attacks are the means for some hackers to access codes and gain password, IP addresses, server and routers names, and other information that can be exploited to break into a network security and privacy.
• Insufficient Backup and Recovery- Lack of robust data and recovery solution puts an organization’s data at risk and undermines the effectiveness of its IT operations. Data and system recovery capabilities allow an organization to reduce the risk of damage associated with a data breach. It is essential to conduct routine backups of critical data and store backup media in a safe and secure manner.
• Poor Passwords- Implementing a policy on strong user passwords is critical to data protection. It is especially important for users with access to the most sensitive information. Modern password-cracking programs can easily break weak passwords, such as those containing common words or word groups found in a dictionary. For this reason, user-selected passwords are generally considered to be weaker than randomly-generated passwords. User-generated Page 5 of 8 passwords often follows a predictable pattern or association to something in the user’s life (city, family, or pet names for example) and are therefore more vulnerable to password-cracking programs. While randomly-generated passwords may be harder to remember, they are relatively more secure.
Developing backup procedures, implementing company-wide, recovery plans need to be developed and offsite backup locations should also be considered
The Data recovery document should be refined to include the priority of data restoration when all business functions have been compromised
A hacker attacks an easy target first, and then uses it to hide his identity and traces of launching attacks at more secured sites. The aim of an attack is to gain complete control of the system (in order to edit, delete, install or execute any file in any user’s directory), often by gaining access to a “ super-user” account. This will allow both maximum access and the ability to hide your presence.
(TCO 6) Many believe that the most important physical security control is _____. (Points : 5)
Physical security – are generally intended to deter potential intruders 9 e.g. warning signs and perimeter markings); to detect intrusions and monitor / record intruders (e.g. intruder alarms and CCTV systems); to trigger appropriate incident responses (e.g. by security guards and police).
Any enterprise has to pay special attention to computer security. Computer security is a field that is concerned with the control of risks related to computer use. A primary focus should be on the external threats to the computing environment. In enterprise with branches cross country, it is important to allow information from "trusted" external sources, and disallow intrusion from anonymous or non-trusted sources. In a secure system, the authorized users of that system are still
Most organizations do not like to implement strict password policies as this is relatively undesirable by the organizations users. However, failure to implement such a policy leaves the organization very vulnerable to someone being able to gain unauthorized access. There are several courses of action that can be taken by the organization to mitigate this threat. One that would practically eliminate the threat would be implement a multi-factor authentication system. This requires that the user attempting to authenticate must have multiple items to authenticate whether it is something they have such as an ID card combined with something they know such as a PIN, or something they know such as their username, and something they are such as a fingerprint. This form of authentication makes it almost impossible for an unauthorized user to gain accesses, because if they are able to obtain one part of the equation, say the part that someone knows, they must also obtain the second part which is something that person has or is. Without these two separate keys, the unauthorized user won’t be able to unlock the door and obtain access to the organizations information resources. Although implementing a multi-factor authentication solution can be relatively expensive and time consuming. So if the organization chooses to stay with a single-factor authentication system, then they need to implement a strict password policy that requires complex passwords, along
CIO is well aware of the preventive measures taken against the external threats and has switched the focus to the internal threats. Detection and prevention of internal attack is equally important to the external attacks in the network. Most networks are vulnerable to betrayal from within do to the assumption that everyone who is inside the
The contract is an agreement that is given the full force by the law. It has been further defined as legally binding agreement between two or more parties negotiating and agreeing to a deal, under which both of the sides are bounded by the terms of that agreement. In its nature, the contract is a promise or set of the promises which is essentially commercial and is involving either sale or hire of the commodities. Contract are the base for performing business, and the laws on this matter are clear and designed to enforce the rights, but also responsibilities of all the parties to the contractual agreement. The contract law is the scope of law which recognizes and governs those rights, responsibilities and duties arising from the concluded agreement.
Firstly, Disaster Recovery, this is a procedure that needs to be implemented in the case an accident occurs within an organisation that may result in the loss of data, for example fire/ water damage. This is when a plan needs to be applied to allow the recovery of data; an example of this could be recovering the backup files, installing new equipment and uploading the backup on the new network. For this to be effective this recovery policy relies on backups to be done regularly, otherwise recovery would not be eligible. The disaster recovery policy is highly beneficial and important as it saves not only the organisation but their money and reputation.
DTL Power Corporation is an electricity generating and distributing company headquartered in Santa Fe, New Mexico. Currently, they have 5.4 million electricity customers and 485,000 natural gas customers. Also, DTL Power has full or majority ownership of 14 nuclear reactors in 12 nuclear power plants. Additionally, it has 2 hydropower plants in the Midwest and 5 wind energy centers along the East Coast. Last year, incidents around the world involving nuclear reactors have led the company to increase security and safety regulations at its nuclear plants. Furthermore, the company is also researching additional environmentally friendly opportunities such as geothermal energy.
Boxer and Napoleon are two very different characters; they are not similar in any way. Boxer cares about the animals and would do anything for them and Napoleon only seems to care about himself and thinks of the animals as slaves. The animals on the farm seem to respect Boxer very highly but they are terrified of Napoleon and his bodyguards. The animals, because of their respect for Boxer, would do anything for him out of their own good will, but the only reason that they might do anything for Napoleon is because they know if they don't, Napoleon will do something to them, or maybe not give them any food. Although for Boxer this is not true because he is a gullible character and trusts Napoleon with his life and would do anything for him.
Companies can prevent falling victim to unauthorized physical access by developing and implementing simple policies, standards, procedures, and guidelines for employees as well as guests to follow. Secure all areas containing sensitive systems and/or data. Require staff to follow entrance procedures when entering a secured area. Also ensure that physical data such as important documents are secured. Require
In the early days of computing, a hacker was primarily referred to as a computer guru, someone who is extremely technical with a high expertise in computer also known as “Expert Programmers”. Nevertheless, as technology is advancing at a face pace, hacking has adopted a completely different definition. The modern definition is someone who access a computer system primarily to steal or destroy information. Hacking has caused major harm in the realm of technology. Over the years, hackers have become much more lethal in their craft. They manage to break into complex information systems from entities such as banks, government agencies, and private businesses. Furthermore, they often manipulate their victims through social engineering in order to obtain financial benefits. Hackers hold different label such as: black hat hacker and white hat hacker in which all have their own motives.
Technology is the application of scientific knowledge for practical purposes. One example of technology in the ancient world is the invention of the clock in Ancient Egypt. Ancient Egyptians were some of the first to find a way to keep time. Some forms of timekeeping involved sundials, shadow clocks, merkhets, water clocks and obelisks. Obelisks were built as far back as 3500 BCE and Egyptian sundials as far back as 1500 BCE.