Free Essay

Security Threats to Companies

In:

Submitted By destructionn
Words 2691
Pages 11
Final Essay- security Threats for companies | Security Threats for Companies | Focusing on Employees | | Meadows Steven A CTR SITEC United States Special Operations Command | 4/17/2014 | American Military University

TABLE OF CONTENTS
Introduction 2
Chapter 1 4 External Threats 1.1 4
Malicious Code 1.1.a 4
Firewalls 1.1.b 6
Chapter 2 7
Physical Threats 2.1 7
Structure Outside 2.1.a 7
Structure Inside 2.1.b 7
Chapter 3 9
Internal Threats 3.1 9
Employee Access 3.1.a 9
Employee Attitude 3.1.b 10
Employee Training 3.1.c 11
File Permissions 3.2 11
Least Access 3.2.a 11

References 12

Introduction
The internet has become a global resource for the working companies. Those who utilize the internet have near endless resources at their fingertips. This gives companies large advantages that those that don't utilize the information available to them on the internet. However, with great advantages, and information, comes great responsibility, and risks. The internet is also full of those who want to hurt companies, for reasons unknown to the company or for reasons that the company may be aware of, but is unable to prevent. Companies will never be able to eliminate the human factor from the work place. Even as self-automation and computers take over the human bodies for work and productivity, the human factor is still there. Someone, somewhere has to have access to the systems in order to maintain accountability, control, quality, and ensure the systems are running the way they are/were designed to. This human factor, even in today's world where we don't have T-800's running our systems, (That's the model # of the original Terminator played by Arnold) is what I will be discussing in the next few pages. This human factor that opens businesses up for failure and damages, how to help circumvent a lot of the abilities for distraught employees who want to do the company damage, and methods to secure files so even when the distraught employee gets into the system, has very little access to do anything. In this order, we will discuss methods of keeping your company safe from internal and external threats. We will begin by discussing External threats, the threats that a company is exposed to, and how to mitigate damages done to the company. We will then follow that up with physical threats to the company; this will be a combination of internal and external attacks. From there we will discuss internal threats and how to mitigate employee access and ability to damage the networks or leak sensitive information. Concluding with file system sharing permissions and the "Lease amount of access" method of keeping files safe.

CHAPTER 1: External Threats

1.1.a Malicious Code Malicious codes don't necessarily have to come from external threats, they can be implemented internally. However, the focus here will be on the types of malicious codes that companies are exposed to. Malicious codes are designed for a purpose, a specific function, that function and execution of that function/purpose varies upon the type of code. Some can be damaging, others copying, some controlling, spying, and some just replicate for no other purpose but to spread. The types of malicious code include, but are not limited to: Viruses, worms, Trojan horses, adware or spyware, logic bombs, denial-of-service (DoS) attacks, and blended threats. Viruses operate in four environments: file viruses, boot viruses, macro viruses, and network viruses. File viruses infect the system or target in a few ways to include being a parasite, a companion, or through link viruses. File viruses are written for a particular operating system (OS) and can infect nearly any executable. When said executable is ran, the virus is activated, which in turn, causes the virus to do what it was programmed to do. These types of viruses can override file contents, delete them, or even replace them completely. Also known as Prepending, Appending, and Inserting viruses. Companion viruses don't overwrite data, but clone it. So that when a program is run, or a file opened, the link actually opens up the virus, not the original. Link viruses, do not change the physical contents of a file, but when the file is executed or started, the virus then forces the OS to execute their code. Boot viruses attack either the boot sector, master boot record, or active boot sector. IE when a system is booted, the virus being part of the boot code, it will execute and run. Macro viruses are typically associated with business software. They are designed primarily to infect documents, spreadsheets, databases, and presentation files. Macro viruses use the macro languages written and built into business software, IE: Microsoft Office. Network viruses attack the network directly. Even without executing or opening the attachments in emails infected with a network virus, the network can still be infected. Worms, unlike viruses, are self-replicating, stand-alone software. And, unlike a virus, they do not need to attach themselves to any files. They will continue to replicate without users intervention. Some worms are coded to destroy, others to shut down, some to just crash and overload systems. Trojan horses are, just like what they were named after, (the wooden horse) is a program, an unauthorized program that is contained within a legitimate program. When a user downloads this legitimate program, and/or executes it, the Trojan is executed. There are nearly a dozen types of classifications for Trojans, however, this essay isn't about Trojans, viruses, and malware, it's about knowing the threats to the systems so that you can better prepare and are more aware of them. Adware and spyware are not technically viruses or malicious code, however with the rate of employees using websites that aren’t work related, these programs and annoyances are becoming more prominent. These programs can redirect home pages, cause pop ups, and mislead individuals to access sites that in turn, will cause a malicious code to be downloaded. Denial-of-Service attacks, also known as DoS attacks are extremely dangerous and damaging, in the sense that one DoS attack can shut down an entire company for hours, if not longer. A DoS attack sends fake requests to a server, overloading it and preventing legitimate traffic, eventually the server will shut down. A blended threat uses a combination of all of the above.

1.1.b Firewalls This section will focus primarily around enterprise based firewalls. As this papers' main focus is on the enterprise level. Firewalls are the first line of defense from external and internal threats. From an insider threat perspective, if a user is trying to access a site that is malicious in content and is filtered as a denied site, the firewall will ultimately deny the user access, then nullifying that threat. From an outsider perspective, firewalls have a hefty job of filtering everything coming in and out of the network. You can set a firewall to allow or deny specific rules, users, IP's, etc. A firewall filters both inbound and outbound traffic as mentioned prior, however, firewalls can't stop the human factor. Firewalls can't stop an employee from calling someone, or emailing someone sensitive information or passwords and login information, thus a firewall alone isn't an end all means to security, but it's a good place to start.

Chapter 2: Physical Threats
2.1.a Outside From a security perspective, a company's data is only as safe as the physical implementations to stop theft. A security advisor must always keep in mind that a disgruntled employee knows all the weak spots in a company. They want to do damage, so they do there research. Everything from physical barriers to protect vehicles from crashing into the building, facility access controls, intrusion detectors, and alarms. Access to the server room is the most important aspect, as anyone who has access to the server room, has access to everything on the companies networks and servers. That is where our primary focus will be in this section. The server room needs to have as little access to it as possible from outside personnel. There should be no way anyone but an authorized individual can gain access to the server room, even if they have access to the door to the server room, man-traps work wonders. A facility access control device should include access logs, employees should have specific access badges and pins to allow them into the server room so you can track who went in and out and when they did.
2.1.b Inside Once a person has access to the inside of the company, they can then attempt to have access to the server room. Precautions need to be taken that only verified and authorized individuals have access to the server room. First thing is first, always lock up your server room. As basic as it sounds, and as common sense as it may seem, a lot of companies don't lock up server rooms, or networking closets. They utilize and implied trust with employees and those that enter their complex. IE: I trust you to not do something dumb, because I trust you. Which is flawed in oh so many ways. You then need to set up some sort of surveillance in order to monitor the locked door. Anyone with a crowbar, a jackhammer and explosives can break into a server room. You need to see who, what, when, and how someone got into your server room unauthorized. You also need to make sure your security logs and videos are being stored somewhere other than that server room! If someone breaks in, they can corrupt the hard drives that can be used to incriminate them. Companies need to also utilize rack mount servers. Once a rack is full and bolted to the ground, closed and locked, they are nearly impossible to move, in any sort of timely fashion. Reducing risks of damage, theft or tampering to null. Companies also need to ensure they are backing up their data and ensuring the backups are secure. Good backups that are secure are an essential aspect of disaster recovery plans. The physical workstations should be secured and there shouldn't be any easy access to the hard drives.

Chapter 3: Internal Threats

3.1.a Employee Access As you see by the above graph, the majority of insider misuses are preventable. For example, where that firewall we had talked about earlier would come in handy. You can use a firewall to stop media downloading, p2p, rogue access points, remote-access programs, so on and so forth. A lot of the items in this list were initially harmless in intention by the user. However, not every user knows the safety concerns associated with these threats on a work computer. Viruses and Malicious content are some of the bigger concerns from these threats. Hence why we talked about it earlier. One of the points we didn't touch was the human aspect of Hackers, black hats. Black hats are people whose primary goal in life is to crack a system and perform malicious intentions. Writing about how to stop/prevent hackers is an impossible task, as it's impossible to stop someone dedicated enough, with the right skillset and technological advantage from cracking a system. This block of writing revolves around employees. Employee access to systems and the internet. If you give an employee unrestricted access to the internet, you are bound, eventually to get something malicious. It's just the nature of the beast. All it takes is one wrong site, one miss-clicked popup, one bad email, to infect a system. With that in mind, you need to restrict employee access to websites and software usage on the systems/network to what the system administrator, and tech advisors agree upon. You can't however, restrict so much that you reduce productivity to a non-acceptable level. For example, where I work, for USASOC, I can't access my employee profile anymore, and we as IT individuals, have to do a work around and find a loop hole, in the system, managed by our bosses! Just so we can clock in and out. They find that our companies' home pages and website are an unnecessary risk. This work around, takes 5 minutes a day, per person that works for the company that I do, in the location that I do. Although not a major impact, it's still an impact none the less.
3.1.b Employee Attitude Complacency wreaks havoc in companies. Those who become complacent eventually stop following the rules as they should. One way to rectify this would be to change up employee roles. Never keeping them in the same job for too long, or the same office, or cubicle. By moving them around, they continue to get vision and exposure; it also keeps them happy and non-complacent. But, not all internal issues come from the "user" level. As far as administrators are concerned, you need to limit the access they also have. Of a four step process, admin #1 who oversights the first two steps, should NOT have access to the last two steps. Which leads me to the point of least access. I will cover that in 3.2.a.
3.1.c Employee Training By administering proper training, employees are much less likely to unintentionally cause harm to the company. By knowing the types of malicious codes, viruses, spam, spim, phishing, pharming, whaling and spear phishing, just to name a few, a user can better protect themselves and the company. People won't report what they don't know to be wrong or unusual. As well, companies must reassure employees that no harm will come to them if it was an accident or unintentional. I can, from personal experiences of working in the information assurance realm, tell you that people try to hide stuff they know they accidentally did wrong. This makes it worse, there fear of repercussions cause a lot more problems.
3.2 File Permissions
3.2.a Least Access Simply put, only give people, servers, software, systems, anything that has access to anything, the least amount of permissions possible, without hampering the daily duties or productivity too much. Administrators must find a balance between safety, usability, and productivity. By making a system too secure, it hampers usability and productivity. But, by making it less secure, you open the system up for safety concerns. Least access will help keep those prying eyes employees tend to have, from being able to pry, and those upset employees from causing too much harm.

References

Wunsch, J. (2014). Keep Company and Employee Information Safe. About.com. Retrieved January, from http://humanresources.about.com/od/healthsafetyandwellness/a/protect_data.htm

File Security - Protect File Data and Ensure Compliance. (2014). File Security - Protect File Data and Ensure Compliance. Retrieved January, from http://www.imperva.com/products/fsc_file-security-and-compliance_overview.html

Google's Approach to IT Security. (2012). Retrieved 2014, from https://cloud.google.com/files/Google-CommonSecurity-WhitePaper-v1.4.pdf

File and Folder Permissions. (2000, January 1). File and Folder Permissions. Retrieved 2014, from http://technet.microsoft.com/en-us/library/bb727008.aspx

Employee Computer Operating and Security Policy - University of Maine at Augusta. (2012). University of Maine at Augusta. Retrieved April 17, 2014, from http://www.uma.edu/employeecomputerpolicy.html

SANS InfoSec Acceptable Use Policy. (2006). www.sangs.org. Retrieved April 17, 2014, from http://www.sans.org/security-resources/policies/Acceptable_Use_Policy.pdf

Data Leakage Worldwide: Common Risks and Mistakes Employees Make. (2008). Cisco. Retrieved April 17, 2014, from http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-499060.html

Security Threats in Employee Misuse of IT Resources. (2009, March). Computer Economics. Retrieved April 17, 2014, from http://www.computereconomics.com/article.cfm?id=1436

Smith, R. E. (2013). Elementary information security. Burlington, MA: Jones & Bartlett Learning.

Taylor, R. W. (2011). Digital crime and digital terrorism (2nd ed.). Boston: Prentice Hall.

Guil, F. (2006). Global Information Assurance Certification Paper. Giac. Retrieved April 17, 2014, from http://www.giac.org/paper/gsec/2892/computer-rooms-meet-physical-security-measures/104866

Similar Documents

Premium Essay

Threat Assessment

...Threat Assessment Robert Nassar SEC 440 February 20, 2012 Threat Assessment When conducting an assessment to a company’s information or (computer) security system, the person or personnel must determine all possible risks that may threaten a company’s security. Risk as defined by OHSAS (Occupational Health & Safety Advisory Services) is the product of the probability of a hazard resulting in an adverse event, times the severity of the event the possibility of losing something. With this being said an assessment needs to include the possibility of loss, and how to minimize the risk of loss or the manageable way to contain all possible risks. To determine what types of risks a company maybe associated with is an on going process since in the cyber world new viruses, worms and thousands of different types of spyware are created everyday, the system must be monitored daily. Vulnerability is the potential point of attack, such as a computer without a password to access the system, which makes the system vulnerable to unauthorized access to the system. If a password was installed to the system it can reduce the risk of unauthorized access. While conducting an assessment one can understand the vulnerabilities and the difficulty of exploiting vulnerability, with a result in containment and deterrence of such a threat, with priority of such threats as a guideline. Depending of the level of threat, the vulnerability of access to a company’s information can be analyzed from high...

Words: 1457 - Pages: 6

Premium Essay

Fkfk

...Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 1 1/6/2013 DISCOVER: CONCEPTS Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Introducing ISS ISS Information Systems Information Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 The A-I-C Triad Fundamentals of Information Systems Security © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 2 1/6/2013 Confidentiality Personal Data and Information • Credit card account numbers and bank account numbers • Social security numbers and address information Intellectual Property • Copyrights, patents, and secret formulas • Source code, customer databases, and technical specifications National Security • Military intelligence • Homeland security and government-related information © 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 7 Integrity Maintain valid, uncorrupted, and accurate information. User names and passwords Patents and copyrights Source code Diplomatic...

Words: 1526 - Pages: 7

Premium Essay

Appendix C

...an outside security consulting team to perform a threat and risk assessment for one of its branches. The consulting team has identified the following threats and accompanying risk levels for this particular store: 1. Fire (medium) 2. Internal theft (high) 3. Shoplifting (medium) 4. Burglary (high) 5. Bomb (low) The retail chain has decided to respond to these threats in the following manner: For threat #1, management has decided to take no further precautions because the store is currently up to code and the insurance policy the company carries fully covers it in the event of fire. For threat #2, management has decided to implement background checks for all new applicants and all employees must now have their bags and backpacks checked by security before exiting the store. For threat #3, management has decided to add no additional security measures. Losses due to shoplifting are expected and have been included in the store’s budget. For threat #4, management has installed a comprehensive alarm and surveillance system in all stores, with around-the-clock security monitoring. Now, break-ins at this store cannot occur without detection. For threat #5, management intends to institute no countermeasures. With several other branches throughout the region, the company overall would suffer only minimal losses even if this threat were to materialize. In the following table, identify the type of risk management option the company has employed...

Words: 721 - Pages: 3

Premium Essay

Cyber Threats

...TOP FIVE CYBER SECURITY THREATS FOR 2012 11 August 2012 ABSTRACT The ten cyber security threats in the IT world are boosts in mobile drives and in security tasks, increased C-suite targeting, growing use of social media that will contribute to personal cyber threats, being already infected, and everything physical can be digital. This paper discusses what these threats are, how to defeat and/or demonstrate proficiency in defeating the cyber threats, and the rising importance of cyber security at the work place. These security threats are becoming more common every day. Workplaces and personal lives are being attacked by using smaller more mobile devices. Therefore these cyber threats will be talked about in Therefore, these cyber threats will be assessed, to give you an idea of what they can do to your company or life, and the proper response on how to mitigate them.   TOP FIVE CYBER SECURITY THREATS FOR 2012 With cyber security becoming an issue in todays corporate society the corporate world is looking into all of the threats to mitigate the leaking of sensitive information to the public. This has come to light with hactivists conducting large-scale exploits to infiltrate law enforcement agencies and major companies and steal sensitive data that could embarrass or damage certain organizations (Wansley, 2012). In this paper the top five cyber security threats for 2012 will be assessed and talked about to help control, mitigate,...

Words: 931 - Pages: 4

Premium Essay

Competitors/Substitutes in Marketing

...Competitors/Substitutes Analyzing Competitive Forces • Threat of intense segment rivalry Currently in the home security industry, there is intense competition for growth in the market, making the threat of intense rivalry high. Market growth for security is rising because of various safety factors and consumers wanting their families and assets protected. By adding an insurance feature to our existing product line, ADT Security & Insurance can significantly lower its threat of segment rivalry because it takes out our direct competition. In order to keep this threat low, we will need to stay proactive in the market with our new extension and continue to increase our customer loyalty and branding, while continuing to create innovative new ideas for enhancing our services and maintaining a high competitive advantage. • Threat of new entrants At the present time, the threat of new entrants into the home security market is high. It has been recently reported that existing companies such as Verizon and Comcast are currently attempting to enter the home security market, offering some of the same products and services as ADT Security, along with competitive price points (www.verticalresearchpartners.com). There are however a few barriers that may slow their attempt. Although these companies are well-established names in the cable/telecom industries, with the current economic standings the way they are, gaining revenue to add, advertise and market...

Words: 1523 - Pages: 7

Premium Essay

Week 7 Project

...The Current Problems with Network Security and How We Can Fix Them Abstract Network Security has come a long way from the times when their wasn’t a need to worry about networks being attacked, and now to the current evolution of people where it’s not if your network will be attacked, it is when. The Current Problems with Network Security and How We Can Fix Them Network Security is defined by Sans Institute as the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment (SANS, 2014). As you can see with that definition the meaning can interpreted many different ways, so with this paper I will describe what network security is and how we can fix the ongoing problems. Current State of Network Security Before you fix or document any problems with network security you must first evaluate the current state of the problems we face. Most networks are somewhat secure, meaning they have the resources to make them nearly “bullet-proof”, but due to current policies within organizations, the information technology team is unable to enforce maximum security due to employees needing to plug their IPod’s in, charge their cell phones, and access social media sites, etc. the list could go...

Words: 2317 - Pages: 10

Premium Essay

Network Security Plan

...Network Security Plan For a general security solution plan at Richman Investments, this report will give an outline of the needed multi-layered security plan for the entire network including all branch offices. There are many risks that are involved with any network, good planning and policies put into place can mitigate security flaws. The multi-layer security solution can be a useful guideline to start and sustain these security measures within the company. The following topics for security planning will be discussed in a brief and general detail are; User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, Remote Access Domain, WAN Domain, and System/Application Domain. There are many different and unique threats to all domains listed; this report only covers a small portion of ways to mitigate such threats, risks, and vulnerabilities. User Domain In the first layer of the multi-layer security is the user domain. For any user within the company accessing the network on any given workstation or portable device, that user is subjected to the acceptable use policy (AUP). Users are the greatest risk to any network and proper assessment of user policies and the Global Policy configurations need to be well thought out and enforced by these policies. Under this AUP, if violated can be subjected to employee dismal or grounds for punishment actions. Users can be disgruntled employees and can cause serious issues to the network if they have access to sensitive information...

Words: 1254 - Pages: 6

Premium Essay

Handling Security and Ethical Issues

...Handling Security and Ethical Issues at TBWI Course: IT560-01 Handling Security and Ethical Issues at TBWI A growing concern, especially with the recent information leak at Target, is the issue of security. Outlined are security concerns for TBWI and how best to handle them. In addition to handling security issues, there may be complicated ethical issues that may occur. To best handle these situations, those ethical issues are addressed, with recommendations for how best to handle them. Security Concerns In 2013, B2B International and Kaspersky Lab conducted a Global Corporate IT Security Risks survey and the results were quite startling. In a conservative estimate, “The average damage suffered by large companies from a single serious incident was $649,000. For small and medium-sized companies, the average damage was $50,000” ("Global corporate it," 2013). These damages can be the result of fines, lawsuits, as well as lost revenue from customers, who no longer have faith in the security of the company. It takes many years for a business, such as TBWI, to build a reputation, but it can all be lost in a matter of seconds. Because of this, the following security concerns need to be recognized, with a plan in place for prevention. External threats External threats are those that occur from people not involved with TBWI. These could be competitors or random hackers or thieves. These types of threats can occur at the software and hardware...

Words: 1640 - Pages: 7

Premium Essay

Risk Mananament

...The concept of security has many associations. It can include safety to individuals, the society, groups that include status, religion and colour, businesses and any other legitimate organizations. The concept of security has been an issue across generations both in animal and human societies. The often quoted sentence ‘survival of the fittest’ comes to mind in this instance. This suggests that individuals and groups (of any order) will resist and create conflict in order to survive in a particular environment, whether it is within a family, society, politics, or a business environment. Whatever the reasons may be or legitimacy of the conflict, it is up to the receiving party to ensure that they survive and grow in spite of security issues. In the business world, competition often produces security problems. The concept of globalization, the growth and expansion of multinationals has resulted in new security threats that are related to political and religious factors. In other words, business organizations can be subject to threats from local businesses, political parties, and terrorist organizations. Local businesses can create problems because the new entrants are seen as a threat and competition to their existing businesses activities. Political parties that are not in power may pose a threat because they oppose the ruling party and not the business enterprise. Terrorism and other forms of violence may occur against specific business organizations since they are seen as a representative...

Words: 5050 - Pages: 21

Premium Essay

Establishing Security Risks and Countermeasures for Large Scale Businesses

...Establishing Security Risks and Countermeasures for Large Scale Businesses Stephen Yopp 23 May 2014 ISSC-361 American Military University Establishing risks and countermeasures can be a complex procedure, even more so when protecting hundreds of systems from internal and external threats. Many tools exist to assist in implementing and scaling security operations. There are many assets that represent risks to businesses ranging from information systems to the data which is stored on them and therefore almost as many existing threats (Smith, 2013). The National Institute of Standards and Technology (NIST) describes 11 types of assets; people, organizations, systems, software, databases, networks, services, data, computing devices, circuits, and websites (Halberdier, Waltermire, and Wunder, 2011). This list is more extensive than the categories discussed, for the sake of brevity, but it might be helpful to enterprise employees seeking to identify different assets. Hardware represents a large investment for businesses. Servers, network devices, cables, workstations, and mobile devices can cost enterprise businesses millions of dollars up front. Because information systems are such an integral part of modern business, companies cannot afford to be without access to file and print servers or internet access. This means that the loss of hardware would represent setbacks in productivity, potential negative impacts to the organization’s reputation, and necessary additional...

Words: 3285 - Pages: 14

Free Essay

Ing Life

...ING Life and Connection and Security Business Solution Brandon Osborne Strayer University Dr. Richard Brown February 15, 2016 ING Life ING Life is the leading provider of life insurance in Canada. The company is based in Ontario and operates out of three regional offices. In 1997, brokers at ING relied on phone, fax, and postal service to process policy information. Response times would take from hours to days to process. The company did have 56-kbps frame wide area network, but it only connected to the Ontario headquarters and the 70 managing general agent offices within the organization. It would send information through TCP/IP to a System Network Architecture (SNA) and route the data to the corporate mainframe in Connecticut. In July of 1999, ING begin to connect its brokers the extranet. All the brokers would have to do now was connect to the Internet and log into the Web server using their browser. The could access the corporate mainframe as if they were using TN3270 terminal with response times being under one minute. Before ING could launch their new public infrastructure, they had a security consultants probe for vulnerabilities in the system. But even as the years go by, new threats and weaknesses endanger the security of ING and the private information that it holds in its systems. Charl Van der Walt (2002) quoted in an article by saying; “The Internet, like the Wild West of old, is an uncharted new world, full of fresh and exciting opportunities...

Words: 862 - Pages: 4

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see them...

Words: 1422 - Pages: 6

Premium Essay

Mobile Technology

...vulnerability to malicious attacks and threats. Many companies are providing mobile devices to employees in order to conduct business away from the office. This has proven to be major headache for IT professionals. Normally, IT professionals control network activity through vulnerability assessments, scans, audits, and security patches; unfortunately, the same does not hold true for mobile devices. Unlike wired network connections, mobile devices favor wireless internet connectivity and are constantly broadcasting for connection to a wireless network. Many hotels, restaurants, and airports offer free WI-FI to the public, unlike home or office networks, most public networks are not secure. It is tempting to utilize free connectivity to check email, however, these networks do not offer the level of encryption needed to conduct company business and employees should be advised to avoid unencrypted public wireless internet connectivity. Disabling Bluetooth wireless capability is another way to assist in protecting mobile devices from malicious attacks. Switching the Bluetooth access to the off position will prevent the mobile device from searching, broadcasting, and synchronizing with other Bluetooth enabled devices. Turning the Bluetooth to the off position also eliminates entry point for hackers, malware, viruses, and access to personal data. To further safeguard mobile devices, companies must establish a mobile device security policy. The policy should include...

Words: 733 - Pages: 3

Premium Essay

Information Security White Paper

...Information Security White Paper UMUC In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical and information technology assets, and to ensure that all information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as: Threats |Confidentiality |Integrity |Availability | |Denial of Service Attack |Low |Medium |High | |Power Supply Failure |Low |Low |High | |Malicious Code Infection |High |High |High | |Theft and Fraud |High |Medium |High | |Website Intrusion |High |High |High | |Unauthorized...

Words: 697 - Pages: 3

Free Essay

Identifying Potential Malicious Attacks, Threats and Vulnerabilities

...Recently the Chief Information Officer of our company Celtic Gamers Frontier Inc. (CGF) has read of an increase in the threat space regarding the electronic game industry and he is concerned with regards to our Companies overall architecture, and the risks to our Research and Development efforts and other Intellectual Property. He has tasked the company’s corporate information technology group to produce an information paper detailing the types of cyber threats and malware are being reported on the internet. They would also like the security group to give the company’s executive leadership a detailed report regarding the threats, vulnerabilities and the overall risks that may be present in our current corporate infrastructure. The security department for the organization is relatively small and short on resources so this task has been given to me to do the research and create an executive report detailing the current vulnerabilities, risks and threats and potential impact to our network should we have any security incidents. “Unfortunately, there are inherent risks to computer usage — hackers, viruses, worms, spyware, malware, unethical use of stolen passwords and credentials, unauthorized data removal by employees with USB flash drives, or servers crashing and bringing productivity to a halt” ("Cybersecurity," 2013) . The CGF network is a typical office network composed of an external firewall with an external DMZ with public use servers, and internal firewall protecting...

Words: 1563 - Pages: 7