StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Insider Threat and Physical Vulnerability - Research Paper Example

Cite this document
Summary
The paper "Insider Threat and Physical Vulnerability" discusses that data security is an emerging issue for most firms, which find themselves, victims, of either external or internal attacks. Some firms go on to lose vital information, which at times ruins the company’s image…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.7% of users find it useful
Insider Threat and Physical Vulnerability
Read Text Preview

Extract of sample "Insider Threat and Physical Vulnerability"

? Insider Threat and Physical Vulnerability Insider Threat and Physical Vulnerability Introduction The health care industry can beseen to be adopting more of technological advancements in their operations with each day passing. While this can be seen as a great step towards the provision of better health care services, the idea has faced some setbacks too. This paper will discuss the vulnerability and threats of the new iTrust requirements. It will also look at how the database can be secured from attackers. The paper will look at the physical security of the database first and then later address the insider threat. Physical security of the database The growing technological advancements are posing a threat to the new requirements of the iTrust database. Cloud storage, a method of data storage that allows users to share information online is one of the basis on which the iTrust database is prone to attackers. Cloud computing can be misused to attack the database through dishonest activities. Cloud computing at the database, just like in other systems, deal with privacy and have a rather easy registration system. Although the easy registration system gets geared to make the software user friendly, criminals usually use advanced technologies to access the software. This poses the highest threat to businesses and consumers that use the system (Shaw et al, 2013). There have been cases of use of Botnets to attack a public cloud network and spread viruses. The Zeus Botnet has on several occasions attacked the Amazon cloud. The Zeus Botnet attacked Amazon’s EC2 cloud computing service managing to install a virus. The Botnet further took control of a cloud platform. The malware remained hidden for a long time while transferring millions of dollars (Shaw et al, 2013).Two ways have been proposed to deal with such malware. The security threat posed by the malware can be addressed through implementing cloud analytics. The threat can also be addressed through employing more personnel to monitor the database. Another threat that comes with cloud computing is the difficulty with which consumers get to understand the security implications associated with usage of software like itrust database. Whereas most consumers would prefer a relatively easy set of application programming interfaces, this seems to deter efforts to safeguard the database from any threats. Ensuring that the database gets adequately safeguarded may call for complex application programming interfaces. Such interfaces are able to detect any unpermitted intrusion into the system and swiftly counter-attack the attempt (Shaw et al, 2013) The issue of account service and traffic hijacking remains a legitimate threat to most of the iTrust users. Traffic hijacking has a wide range. It may involve spamming or use of stolen user credentials. Considering the sensitivity of the data stored in the iTrust database, hackers can in many ways put to risk the lives of the users. This can be done by just gaining a simple entrance. In a situation where the attack occurs on the urgent care, the attacker can manage to follow up on transactions, edit data stored on the database as well as steal users’ personal information .To curb this, preventive measures must be taken. Such preventive measures may include effecting password policies, use of tracking software and providing internet usage education to all employees (Researchomatic, 2012). The insider threat Insider threat can be defined as any threat that comes from people within the organization and who have the organization’s inside information regarding how the organization stores its information. The insider threat faced at the iTrust database is quite challenging. A lack of separation of duties seems to pose the greatest insider threat at the moment. Separation of duties ensures that an insider with too much power or authority is not able to attack the database using the power or authority that they have (SafeNet, 2013). Example of an incident of an insider threat is when a head of department upon realizing that their job is on the hang, they decide to keep the password to the department’s files to themselves. This brings the database’s operation to a halt for several days as legal processes set in to solve the issue. The iTrust database, therefore, need to enforce stricter rules that clearly incorporate a separation of duties in order to bring a balance into the iTrust database. Leakage of users’ personal information through the employees has also been rampant. At times, employees leak out information about the users to non-partisans. An example of such a case is where an employee working at the company is willing to leak information to non-partisans in exchange for money. They are promised $10,000 by some malicious individuals. The employee agrees to the deal and in the process leaks vital information about the targeted user. This information may be related with how the user operates and where they work. The overall life of such a user is put at risk (Researchomatic, 2012). There are several ways through which iTrust database can ensure that its data is free from insider threats. One such way is through treating all threats as underappreciated and as something that can come from any direction. The iTrust database should be in a position to address the issues that in most cases lead to an insider posing a threat to the firm’s database. These issues include lay-offs, transfers and other perceived grievances (Trend Micro, 2013). All possible causes of threat to a company’s database should be treated equally. This can help iTrust in addressing any issue concerning insider threat. Another important way of addressing the issue of insider threat is clearing all the loopholes. Users’ information should be safeguarded and only released to the relevant staff members. This ensures that information hardly gets to inappropriate people in the firm. There should be standards and compliance guidelines for any internal security procedures. The firm should answer the questions of how the data is going to be stored and who will have access to it. Conclusion Data security is an emerging issue to most firms, which find themselves victims, of either external or internal attacks. Some firms go on to lose vital information, which at times ruins the company’s image. Companies should, therefore, address the issue of data security in their companies. This is because if left unattended, data hampering can as well ruin a company completely. References Researchomatic (2012). Itrust Database Security Assessment. Retrieved From: http://www.researchomatic.com/essay/Itrust-Database-Security-Assessment-51498.aspx SafeNet (2013). The Foundation for Data and Encapsulation. Retrieved From: http://www.safenet-inc.com/data-protection/data-encryption/data-secure/ Shaw, E., Ruby, K. G. & Post, J. M. (2013). Political Psychology Associates. Retrieved From: http://www.dm.usda.gov/ocpm/Security%20Guide/Treason/Infosys.htm Trend Micro (2013). Data Protection- Data Security Management. Retrieved From: http://www.trendmicro.com/us/enterprise/data-protection/ Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Insider threat and Physical vulnerability Research Paper”, n.d.)
Insider threat and Physical vulnerability Research Paper. Retrieved from https://studentshare.org/information-technology/1490841-insider-threat-and-physical-vulnerability
(Insider Threat and Physical Vulnerability Research Paper)
Insider Threat and Physical Vulnerability Research Paper. https://studentshare.org/information-technology/1490841-insider-threat-and-physical-vulnerability.
“Insider Threat and Physical Vulnerability Research Paper”, n.d. https://studentshare.org/information-technology/1490841-insider-threat-and-physical-vulnerability.
  • Cited: 0 times

CHECK THESE SAMPLES OF Insider Threat and Physical Vulnerability

Physical Security Related to Computer Systems

The paper is a discussion about the first layer of security called physical security.... An introduction has been given as to what does physical security means in general and in particular in terms of computer information systems.... physical security related to computer systems is particularly explained.... Proper monitoring of the physical security measures is very necessary to make the security perfect.... A list of physical security threats has been given which are very likely to occur with a technology-based system....
8 Pages (2000 words) Term Paper

Cybersecurity Vulnerability Faced by IT Managers Today

The personnel aspect of cybersecurity governance requires organizational leadership to be absolutely committed to security, selective when assigning appropriate responsibilities and roles to staff members, practice stringent implementation of personnel and physical security measures to monitor and control access, implement proper training that is suitable for the echelon of responsibility and access, and practice strict accountability.... he possible vulnerability can be mitigated through safe practices and protective layers of security that ensures authentication....
12 Pages (3000 words) Term Paper

Evaluate the options at the security manager disposal to respond to organizational lost

n organization can frequently detect or control when an outsider (or a non-employee within the organization) attempts to access organizational data, either physically or electronically, and as such, the organization can be able to lessen the threat posed by an outsider stealing organization property.... The paper explores the implication of data theft for an organization within the financial sector with a bias towards insider threats.... Nevertheless, the “thief” who can be considered harder to discover and who can render the most damage is the insider or employees who have legitimate access....
11 Pages (2750 words) Essay

Entifying Information Assets, Threats, and Vulnerabilities in Top Information Security Breaches of the Decade

The vulnerability that led to this attacks are; unauthorized access even when credentials are missing, lack of managing the threat of shared password, failing to ensure organization's critical assets access is attributed to a specific employee, and failing to respond immediately to suspicious access behavior.... The electronic or the physical security systems are not the organization's weakest security link; human are the one with the weakest links.... The physical security measures of an organization are as important as the technical security controls....
2 Pages (500 words) Assignment

Cloud Computing Virtualisation Security Threats

The hypervisor functions as the central management point for every VM image and a control centre for a number of the critical services, resulting into vulnerability leverage points (Alliance S.... However, embracing virtualization comes with a set of security issues of the used operating system running in guest mode and newer security concerns pertaining to the hypervisor layer together with new virtualization based threats inter- Virtual Machine attacksIt is necessary to understand that virtualization is different from the conventional physical environment (Granneman)....
6 Pages (1500 words) Literature review

Risk Management Program for Data Mart

A decision among the employees to leave computers unprotected in spite of the duration allows for unauthorized physical access which would be a big risk.... The paper "Risk Management Program for Data Mart" discusses that all the organization-based risk management processes are reliant on the presence of the project-level risk management providing mechanisms to surface and manage the occurring risks or to share the costs across projects....
44 Pages (11000 words) Capstone Project

Ethical Hacking

This assignment "Ethical Hacking" focuses on Legal Issues in the existing system of processing and storing information, additional considerations with respect to centralization and how the vulnerability profile for the organization might change under the centralization.... he vulnerability of the information increases with the centralization of the Company's operations.... It has been observed that there are some serious consequences that can be suffered by the network on which the penetration test is being run if its vulnerability is high....
8 Pages (2000 words) Assignment

Human Security in Reducing Vulnerability to Natural Disasters

The paper "Human Security in Reducing vulnerability to Natural Disasters" critically analyzes how increasing human security has helped in reducing the vulnerability of humans to natural disasters in Bangladesh.... This indicates that reducing the threat posed by human insecurity has its ramifications in terms of reduced vulnerability to the natural disasters experienced.... hile addressing the impact of human security on reduced vulnerability during natural disasters, the paper recognizes that ensuring the safety of people during natural disasters is vital to reduced vulnerability....
28 Pages (7000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us