Introduction
In this generation of advance Information Technology, people exchange the information using numerous devices to accomplish their task in routine life. Information which used to be recorded on paper is now taking form of electronic record. Personal Information is now more feasible to access or destruct for the attacker because of weak IT security like virus or attack to the system or network. To protect the privacy, individual should secure their information. However, the only way to determine flaws and recognize threats, weather it is technical or non-technical or any other, is to find vulnerability and perform risk assessments. In this paper, we will discuss the information security risk in the life and solutions to mitigate
…show more content…
For the information security, it is essential to find risks related to the use, processing, storage, and transmission of information or data and the processes and systems used for that.
Unauthorized access, usage, recording, modification, distraction, etc. are the risk to the information security. There are many different ways through which personal information can be lost or accessed, misused, modified, or disclosed. Common risks to the information security are described below:
• Unauthorized access or misuse of records by a friend or colleague or any other familiar person.
• Hacking or other illegal acquisition of system or device database or information by outsider.
• By mistake disclosure or sending of information to wrong person or organization.
• Failure to store or organize information properly and securely.
• Loss or theft of portable storage devices, paper documents, computer or any other equipment containing personal information.
In order to develop a proper security which can protects critical data, systems, and other resources, individual must first understand what it is facing in terms of potential sources of harm that may exploit existing vulnerabilities. Threat assessment identifies potential sources of attack to information assets and estimating the probability and consequences associated with their action. Understanding of the source of attacks, along with their likelihood of
Loss or theft of organization’s devices like Laptops and portable devices which containing the institutional records.
When an employee is granted database privileges that surpass the requirements of their position, these excessive privileges could be abused. In example, a bank employee whose job requires the ability to change only basic account holder contact info could take advantage of excessive database privileges and add funds to their account balances or of a colleague’s savings account. Further, when someone changes position within a business or leaves it, usually his or her access rights to sensitive data do not change. In the latter case, if these employees depart on bad terms, they can use their old access privileges to commandeer high value data or inflict damage in a revenge attack. This tends to happen because privilege control mechanisms for job roles were not well defined or maintained. Therefore, employees may be granted generic or default access privileges that surpass their actual job requirements, or even when they just accumulate such privileges over time changing positions within the business.
A user (faculty, staff, contractor, or third-party provider) has obtained unauthorized access to private information maintained in either paper or electronic form.
The first example is known as a cyberattacks, which is an offensive exploitation of computer systems, technology-dependent enterprises, and networks (Whittle, 2008). This type of attack uses malicious codes to change computer codes, dada, or logic which typically results in adverse consequences that can lead to cybercrimes. To mitigate this type of attack would be to monitor employees closely and pay attention to employees who may potentially abuse their positions. Managers could make the decision to use automatic safeguards and password management to help prevent such attack. Social engineering is another example of an internal information security risk. This is an attack that relies on human interaction and involves tricking others into breaking their normal security procedures. To mitigate this type of attack, managers should educate their employees not to provide their passwords over the phone or email. Information leaking is another internal information security risk. This is known to be one of the most popular types of risks, as it can be easy to leak information accidently. Digital cameras, cellphone and USB drives are examples of how information and be leaked from an organization since they are easily portable (Whittle, 2008). To prevent this sort of risk from happening, it has been suggested for employers to block access to web-based email and data storage
An important aspect of information sharing is information privacy. With the advancement in technology, there has been increase in vulnerabilities related to personal
Digital communications technologies, such as the Internet, mobile smartphones and WiFi-enabled devices, have become part of everyday life. By dramatically improving access to information and real-time communication, innovations in communications technology have boosted freedom of expression, facilitated global debate and fostered democratic participation. The security risk assessment is an on-going process of discovering, correcting and preventing security problems. The risk assessment is an integral part of a risk management process designed to provide appropriate levels of security for information systems. The threat from cyber criminals and hackers has increased; as our dependent develop, prospect for them to prey on us are boosted. The cyber fraud is among the fastest growing form of crime in the world
We won’t stop emphasizing on the importance of information security in every organizations. As a team of conscious security experts, we know the extent of damages you can incur as a result of poor or weak security settings. Like we usually say in most of our publications, information security is a serious business, which must not be overlooked by any organization. There are many questions and issues we need to tackle as far as information security is concerned, but unfortunately, we won’t be discussing them here, as we have already prepared a comprehensive and exclusive courses for each of them. However, if possible, we would discuss some of the issues in this article.
There are several cyber security vulnerabilities that organizations and individuals need to consider to protect the integrity and confidentiality of their computer systems and networks. These vulnerabilities include software and hardware, intranet, enterprise network, wide and local area network, and transmission media. This paper, therefore, focuses on software and hardware vulnerabilities as the most important and the reasons it is the most important. The paper further focuses on the risks associated with these vulnerabilities (software and hardware) and provides the recommendations on ways to manage the risks.
data has potentially been viewed, stolen or used by an individual unauthorized to do so. It
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.
Users: This can include social engineering threats, misconfiguration of equipment, and inside threats where employees steal or leak information intentionally.
As a kind of resources, information has the character of universality, sharing, value-added, hand-liability and multiple utilities and these advantages make information has special significance for human beings. The essence of information security is to protect information systems or information resources in the information network from various types of threats, interferences and damages. According to the definition of international organization for standardization, information security is mainly refers to the integrity, availability, confidentiality and reliability of the information. Every country, government department or industry all must attach great importance to the problem of information security as it is a national security strategy which should not be ignored. However, for different departments and trades, the demand for information security and the key is distinguishing. The scope of information security itself is very wide, such as the problem of preventing the disclosure for commercial enterprises, the problem of preventing teenagers from browsing on bad information and the problem of personal information leaking. The information security system under the environment of network is the key to guarantee information security, including computer security operating systems, all kinds of security protocols, security mechanisms and the security systems. Any bug in above systems will threat the global security. I will discuss the issue of
In present scenario every company has an objective, in this digital era, companies uses automated information technology system to process their information for better support. Risk assessment and management plays an important role in protecting company’s information assets, and therefore its objectives. An effective risk assessment process is a significant factor of a successful IT security program. The major goal of a company’s risk assessment process should be to protect the companies and its abilities to perform their objectives.
The information age has brought with it the need to secure computer networks against unauthorized access, data manipulation and identification protection. “There is no such thing as 100% secure” or “if an attacker wants something bad enough they will get it”, is heard often when information assurance is discussed. In fact, as one Information Security professional well knows, when a defense is developed to stop the breach, the enemy exhausts all means to find another way to get to the information/data or the “golden nugget”. This game of “cat and mouse” is no more omnipresent than in the field of Risk Management. One of the many important tools used to “fight the good fight” against nefarious groups is the Risk Assessment. The risk assessment application being developed is no stranger to these cyber-delinquents and is developed with a blend of the top recommendations from the various agencies. The RAAPP will increase the feasibility of conducting a risk assessment; thereby increasing the frequency risk assessments are conducted in order to fortify operations and protect the “golden nugget”.
This project provides you an opportunity to apply the competencies gained in various units of this course to identify security challenges and apply strategies of countermeasures in the information systems environment.