Essay Human Vulnerability and IT Security

2336 Words 10 Pages
Information Technology (IT) managers are constantly tasked with evaluating their organization’s overall security posture and reporting the greatest vulnerabilities to leadership. Senior management is often surprised to hear that the greatest vulnerability within an organization is not a misconfigured firewall or a virus being forwarded across an internal e-mail server, but rather a human being. When compared to a piece of hardware or software, a human user is easily the single most targeted weakness within an organization.
Defining the Human Vulnerability
Charles and Shari Pfleeger define a vulnerability as “a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss
…show more content…
The combination of any of these vulnerabilities puts a user and their organization at risk of being exploited by a threat.
Password Management is the process of ensuring that systems are protected with unique and complex passwords. Effective password management safeguards data confidentiality, integrity, and availability to intended and authorized users. Individuals who are unfamiliar with the concept of password management may opt for weak passwords because they are easier to remember, or possibly even write their passwords down and leave them in their work environment. In 2002, the British online bank known as Egg found that 50% of user passwords for their e-banking services were family member’s names (Pfleeger & Pfleeger, 2007, p. 225). According to Gregg Kreizmen, Gartner’s research director “two-thirds of U.S. consumers surveyed use the same one or two passwords for all Web sites they access that require authentication” (“Gartner Says Consumers”, 2009). Many security professionals advise that passwords should be at least seven characters long, and avoid easily guessed phrases such as names, places, or things. Additional best practices include using a blend of special characters, numbers, and upper and lower case letters. If an adversary is capable of exploiting a weak or unprotected password, he or she could cause a great deal of damage to an organization’s resources.
Inappropriate data storage refers to the process of improperly storing or