StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets - Assignment Example

Cite this document
Summary
The paper "Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets" describes that risk avoidance is the process of recognizing a risk as well as formulating a decision to no longer involving in the activities linked with that risk…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.5% of users find it useful
Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets
Read Text Preview

Extract of sample "Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets"

Business Information System Table of Contents Internet Vulnerabilities 4 Wireless Security Challenges 4 Malicious Software: Viruses, Worms, Trojan Horses, and Spyware 5 Hackers and Cybervandalism 5 Unintentional Threats 6 Device Loss 6 Temporary Hires 6 Deliberate Threats 7 Identity Theft 7 Data Theft 7 Virus 7 Worm 8 Phishing 8 Spear Phishing Attacks 8 Approach to mitigate these risks 9 Question 4: Define and contrast - risk acceptance, risk limitation, and risk transference. 9 Risk-avoidance, transference, acceptance, mitigation, deterrence 9 Bibliography Reference List: 14 Assignment – Part A Question 1: Identify and discuss the factors that are contributing to the increasing vulnerability of organizational information assets. There are many factors that are contributing to the increasing vulnerability of organizational information assets. Given below are some of the important factors that play significant role in making the organizational assets vulnerable (Prentice Hall, 2010; KingCounty, 2009; Turban et al., 2005): Internet Vulnerabilities The research has shown that open or public networks such as the Internet are more vulnerable than internal networks for the reason that they are virtually open to everyone. Hence, when the Internet turns out to be an important part of the business network, and the most of the business tasks are supported by this network then the organization’s information arrangements also become open for attacks from outsiders. Wireless Security Challenges Wireless networks based on radio technology are also vulnerable to security penetration for the reason that radio frequency bands are easy to scan and detect for the attackers. These days Wi-Fi technology is extensively available and offering great deal of support for connectivity and information sharing. However, these networks always remain the major target of attackers which can cause problems for the organizations and attacks against information system. Malicious Software: Viruses, Worms, Trojan Horses, and Spyware A malicious software program can cause a variety of threats for example worms, computer viruses and Trojan horses. These threats can cause massive destruction to organizations’ resources in the forms of theft of organizational information, personal data theft and huge danger to corporate and personal information. Hackers and Cybervandalism A hacker is a person who aims to obtain illegal access to an information system. However, in the hacking community, the term cracker is normally employed to demonstrate a hacker with criminal objectives, though in the public press, the terms cracker and hacker are employed interchangeably. These hackers can get access to an organization’s network and launch a variety of security attacks such as: (Prentice Hall, 2010; KingCounty, 2009; Turban et al., 2005): Spoofing and sniffing Denial of service attacks Identity theft Question 2: Contrast unintentional and deliberate threats to an information resource. Provide two (2) examples of both. Information systems are vulnerable and in danger due to a number of possible threats and hazards. However, there are two major types of threats known as deliberate threats and unintentional threats. Given below are acts with no malicious determination and with malicious determination (Rainer, 2009; Safari Books Online, 2013; E.Whitman, 2004): Unintentional Threats Device Loss Human errors or mistakes are the major causes of un-intentional threats that can happen due to human error or due to negligence of human. For example, a person who has lost his device, mobile or laptop which be misused by an attacker for carrying out illegal activities. Temporary Hires Temporary hires are also major type of unintentional threats. In this scenario, temporary workers including contract labor, janitors, consultants, and guards can also create serious security loss for the organizations. Contract labor, for example temporary hires, can be ignored in information security policy. Though, these staff members can unintentionally access the information or data and distribute data without intention and care. This can be really dangerous for an organization. Deliberate Threats Identity Theft In this kind of threat a person intentionally makes use of someone’s personal information as his own personal use. For instance, a person can use his friend’s or colleagues’ personal information such as credit card number or some other bank based details to perform certain tasks. In fact, through this way a large numbers of frauds are yet done leading to millions of dollar loss to businesses and people. Data Theft A staff member, friend or member of organization can steal business data and can make use of data for negative purposes. For instance, an unsatisfied employee can do this to cause harm the business organization. This can be extensively dangerous for business and organizational information system. Question 3: Explain each of the following types of remote attacks: virus, worm, phishing, and spear phishing. What approach could you use to mitigate these information security risks within an organisation? Describe a scenario. Virus A computer virus link itself to an application or file allowing it to spread from one system to another, offering infections as it moves onward. Similar to a human virus, a digital virus is able to vary in harshness: several can cause simply mildly annoying influences as others are able to damage our software, hardware or files. Additionally, almost all kinds of a virus are linked to an executable file. In this scenario, a virus can exist on our system for a long time however it will not infect our system unless we execute or open the malicious application (Beal, 2013; Shelly et al., 2005). Worm A worm is like a virus and it is recognised as a sub-class of a virus. In addition, worms go out from system to system, however as compared to a virus; it has the capability of travelling without interacting with humans. A worm gets benefits of file or information transmission characteristic on our system that is what permits it to travel unaided (Beal, 2013; Shelly et al., 2005). Phishing Phishing is analogous to fishing in a lake; however instead of attempting to catch a fish, phishers try to steal our personal data and information. In this scenario, they transmit e-mails that seem to come from authentic websites for example PayPal, eBay or other banking organization. The e-mails state that our data requires to be validating or updating and request that we enter our password and username, after clicking a link comprised in the e-mail. In this scenario, a web site looking similar to a real web site can hack our personal information (TechTerms, 2013; Kay, 2004; Shelly et al., 2005). Spear Phishing Attacks Spear-phishing is a more specialized phishing approach. It allows a hacker to get private information regarding a user by making use of fake methods. It is basically aimed at targeting a precise employee so as to obtain access to a business’s information (PC Tools, 2010; Microsoft, 2013; Shelly et al., 2005). Approach to mitigate these risks An organization should take certain security measures in order to secure its data and information resources. First of all, an organization should train its employees and provide them with the latest knowledge on security threats and risks. They should keep and maintain record of their employees. Their employees should be given a password protected access to organization resources. In addition, all the systems should have an updated version of antivirus program (Shelly et al., 2005). Question 4: Define and contrast - risk acceptance, risk limitation, and risk transference. Risk-avoidance, transference, acceptance, mitigation, deterrence Risk avoidance is the process of recognizing a risk as well as formulating a decision to no longer involving in the activities linked with that risk. If risk is outside, as well as the level of risk is believed to be fairly high, then a great deal of attention should be paid to stopping or escaping to assume those tasks. If the tasks are fragment of the fundamental business, then recognize if there is another method of performing things that will escape or minimize the risk or loss (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). In addition, the risk avoidance should be foundational on a well-versed decision that the preeminent course of act is to diverge from what would/could take to experience to the risk. One of the major issues regarding risk avoidance is that we are navigating clear tasks we can take advantage from. This is the best and highly efficient method, however often not probable because of organizational needs (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). In risk transference, we do not just shift the risk totally to some other object, but also we share lots of burden of the risk someone else, for example an insurance corporation. A distinctive policy would recompense us a cash amount if all the steps were established to minimize risk as well as a system still was damaged (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). Risk mitigation is proficient anytime we take steps to minimize the risk. In this scenario, steps comprise installing antivirus application, educating clients regarding probable monitoring the network traffic and threats, incorporating a firewall (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). Assignment – Part B A case study critical thinking analysis using Toulmin’s Model of Argument: Claim Sensitive FBI data is not secure from attack Data Data and information stored in FBI’s computers is at danger. It is assessed that some criminal mind people got access to data of FBI and made use of that data in a wrong way. Afterward, that data was placed on website for open access. It is a serious crime and data theft led to huge damage to private information and data. Warrant Due to human negligence the system or laptop was accessed by any illegal person and data was misused afterward. In this situation this attack is done deliberately to access the secret stuff of a security firm. This also led to huge damage to security characterises of such organizational staff. Backing This security breach is a basic flaw of overall security based system’s authentication procedures which caused a number of serious issues and aspects regarding secure management of such data. The information that was accessed is really classified that can lead to huge damage to someone’s personal credibility and worth. The FBI is still denying such details however this sensitive information can only be taken from security organization using high level hacking techniques. Rebuttal There number of other criminal activities happen in past where critical and sensitive information was accessed using a variety of illegal ways. For example stealing approximately 2 million credit card numbers is one of the biggest examples of data thefts cases in American history that cost various companies more than $US300 million. In this case such huge amount of records are taken and abused. In such cases the major problem lies at the core security of organization that needs to be managed effectively in order to ensure the privacy and security of organizations’ data (ABC, 2013). Qualifier In this situation the main guilty seems to be FBI security management system that has implemented a poor security authentication mechanism that caused such a huge damage and serious issues regarding management of security and privacy of the security firm. Your Opinion In this overall analysis it is assessed that data security and privacy are most important aspects of any organization that can play a significant role in the success or failure of an organization. Application of effective security parameters and procedures can offer us a great deal of support for managing the security of corporate. In the context of FBI we have seen both kinds of security issues, human negligence (un-intentional security problem) and data theft (intentional security problem). These both factors can be seen at any huge organizational security breach or data theft event. In this situation the only need is application of better security management procedures and systems. Security management is a complex task while application of new and more smart layered approach of technology offers better solution of security management inside a firm. In addition, organizations should manage new technology based bio-informatics system for the effective management of security and privacy at the corporate. These all initiatives are aimed to present better solution for corporate security management and data safety. Without such initiatives the future of information system is in danger. Bibliography Reference List: ABC, 2013. Russian-Ukrainian syndicate hit major companies targeted in biggest credit card fraud in US history. [Online] Available at: http://www.abc.net.au/news/2013-07-26/6-charged-over-largest-ever-credit-card-fraud-in-us-history/4844814 [Accessed 14 August 2013]. Beal, V., 2013. The Difference Between a Computer Virus, Worm and Trojan Horse. [Online] Available at: http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp [Accessed 15 August 2013]. E.Whitman, M., 2004. In defense of the realm: understanding the threats to information security. International Journal of Information Management, 24(2004), pp.43-57. Federal Highway Administration, 2013. 5. Risk Mitigation and Planning. [Online] Available at: http://international.fhwa.dot.gov/riskassess/risk_hcm06_05.cfm [Accessed 18 August 2013]. Kay, R., 2004. QuickStudy: Phishing. [Online] Available at: http://www.computerworld.com/s/article/89096/Phishing [Accessed 13 August 2013]. KingCounty, 2009. lnformation Technology Governance Policies, Standards and Guidelines. Vulnerability Assessment and Management Policy. Off¡ce of Informat¡on Resource Management. Melissa, 2013. Four Types of Risk Mitigation. [Online] Available at: http://mha-it.com/2013/05/four-types-of-risk-mitigation/ [Accessed 19 August 2013]. Microsoft, 2013. How to recognize phishing email messages, links, or phone calls. [Online] Available at: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx [Accessed 12 August 2013]. NeoKobo, 2012. 2.1.6 Risk-avoidance, transference, acceptance, mitigation, deterrence. [Online] Available at: http://neokobo.blogspot.com/2012/01/216-risk-avoidance-transference.html [Accessed 20 August 2013]. PC Tools, 2010. What are Spear Phishing Attacks? [Online] Available at: http://www.pctools.com/security-news/spear-phishing-attacks/ [Accessed 10 August 2013]. Prentice Hall, 2010. Management Information Systems. [Online] Available at: http://iauec.net/MDF/ch10/chpt10-1main.htm [Accessed 20 August 2013]. Rainer, R.K., 2009. An Overview of Threats to Information Security. [Online] Available at: http://www.irma-international.org/viewtitle/14016/ [Accessed 16 August 2013]. Safari Books Online, 2013. 7.2 | Unintentional Threats to Information Systems. [Online] Available at: http://my.safaribooksonline.com/book/-/9780470889190/7-information-security/navpoint-46 [Accessed 20 August 2013]. Shelly, Cashman & Vermaat, 2005. Discovering Computers 2005. Boston: Thomson Course Technology. TechTerms, 2013. Phishing. [Online] Available at: http://www.techterms.com/definition/phishing [Accessed 13 August 2013]. Turban, E., Leidner, D., McLean, E. & Wetherbe, J., 2005. Information Technology for Management: Transforming Organizations in the Digital Economy. New York: Wiley. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Factors That Are Contributing to the Increasing Vulnerability of Assignment Example | Topics and Well Written Essays - 1750 words - 7, n.d.)
Factors That Are Contributing to the Increasing Vulnerability of Assignment Example | Topics and Well Written Essays - 1750 words - 7. https://studentshare.org/information-technology/1802965-business-information-system
(Factors That Are Contributing to the Increasing Vulnerability of Assignment Example | Topics and Well Written Essays - 1750 Words - 7)
Factors That Are Contributing to the Increasing Vulnerability of Assignment Example | Topics and Well Written Essays - 1750 Words - 7. https://studentshare.org/information-technology/1802965-business-information-system.
“Factors That Are Contributing to the Increasing Vulnerability of Assignment Example | Topics and Well Written Essays - 1750 Words - 7”. https://studentshare.org/information-technology/1802965-business-information-system.
  • Cited: 0 times

CHECK THESE SAMPLES OF Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets

Social, Political, and Organizational Factors

Does this population have one or more of the risk factors that Shi and Stevens (2010) identify?... Describe how you can reduce this disparity by mobilizing existing assets and forming a partnership with other groups.... The population in the… As indicated by the 2011 Census Bureau the Cincinnati metropolitan region has a population of almost 2,138,038, the 27th most crowded and the most populous metropolitan statistical region Social, Political, and Organizational Factors Affiliation with more information about affiliation, research grants, conflict of interest and how to contact1....
2 Pages (500 words) Essay

Windows Vulnerability

It is in this way that malicious attackers could lure system users to Vulnerability Report The TLS Protocol CBC Mode information Disclosure Vulnerability is found on a variation of windows operating systems.... This bug allows an attacker to gain remote access to the target systems, meaning that they have unauthorized and uncontrolled access to an organization's sensitive information.... Any processing handled on that website, could trigger sensitive information to flow to the attackers website....
2 Pages (500 words) Research Paper

Fcators Affecting Vulnerability and Assessment of Needs

Drugs and substances abuse plays a major in enhancing vulnerability of individuals in the U.... However, the level of vulnerability varies among individuals based on the level of… Vulnerable individuals or populations are those groups of people or individuals are pre-exposed to very high levels of risk factors such as high levels of alcohol, tobacco and other narcotics usage.... Inadequate access to basic needs such as proper housing and balanced An individual's vulnerability to negative health increases as the level of exposure to risk or causative agents increases....
1 Pages (250 words) Assignment

Security Functions Specializing in Safeguarding Sensitive Assets

"Assessing the vulnerability of buildings.... This paper "Security Functions Specializing in Safeguarding Sensitive assets" provides an annotated bibliography on the issue of safety.... According to Loughlin, (2009), there are various ways of safeguarding the assets of people depending on what kind of asset it is.... nbsp;… In cases of documents, they are locked away in vaults, locked rooms and other locked buildings which also have various security measures such as security fences, security guards, and even identification security systems for the owners of the assets....
1 Pages (250 words) Annotated Bibliography

Vulnerability Scanning

Simple vulnerabilities scanners only check the information about software version and windows registry and determine whether d: Vulnerability Scanning Vulnerability scanning deals with the staple information for security as no software is perfect for the security purposes.... Simple vulnerabilities scanners only check the information about software version and windows registry and determine whether updates and latest patches are applied or not....
1 Pages (250 words) Essay

FAR Compliance Issues And Contributing Factors

This request for proposal holds information and directives to enable the interested bidder to prepare and submit a detailed proposal and explains the terms and conditions that qualified bibbers will be expected to agree on in order to undertake the project.... The paper "FAR Compliance Issues And contributing Factors" discusses the major concern of Federal Acquisition Regulation that is to ensure that standard purchasing procedures are adhered to and the tendering process for government contracts are carried out fairly....
6 Pages (1500 words) Assignment

Entifying Information Assets, Threats, and Vulnerabilities in Top Information Security Breaches of the Decade

The vulnerability that led to this attacks are; unauthorized access even when credentials are missing, lack of managing the threat of shared password, failing to ensure organization's critical assets access is attributed to a specific employee, and failing to respond immediately to suspicious access behavior.... Five of information security breach that occurred in the last decade include are: insider misuse, unauthorized access by insiders, spam, malware, and unauthorized access by outsiders. Insider information SECURITY BREACHES A security breach or security violation is any occurrence that leads to un ized access of data, networks, services, devices, and/or applications by bypassing security mechanisms that exists....
2 Pages (500 words) Assignment

Relationship between Risk attitude and Organizational Vulnerability

n line with the background discussed above, the report aims to study the relationship between the fluctuations in adoptions of risk factor and the resultant vulnerability or stability of an organization.... The report is aimed at highlighting the relationship between the risk factor an organization has to face and the performance it in turn exhibits....
10 Pages (2500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us