StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Risk and the Possible Threats to Information Security - Research Paper Example

Cite this document
Summary
The paper describes information security risk as any danger that may lead to the loss or damage of information. While determining the course of action to be taken in maximizing security, the current activities and performance of the current information systems should be properly scrutinized…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.2% of users find it useful
Information Security Risk and the Possible Threats to Information Security
Read Text Preview

Extract of sample "Information Security Risk and the Possible Threats to Information Security"

 Introduction Information is the processed data that helps managers and other officers in an organization to make decisions (Borchgrave 2001). It is therefore important that it should be handled with care throughout processing and storage. Information security is a very essential necessity in an organization or company. This is accomplished through various technical measures and strategies. In order to come up with viable solutions, it is important to identify the possible threats to the security of information then design the solutions based on the problems and the weaknesses identified (Kairab 2004). Information is treated according to the level of management accorded the authority to amend or process it. Information is considered secure if it reaches the right recipient without being distorted or interfered with in which case it would have served its desired purpose. This essay is an evaluation of the possible threats to information security and the various measures that can be taken to ensure that it is secure. Information security risk is any danger that may lead to the loss or damage of information (Kairab 2004). While determining the course of action to be taken in enhancing and maximizing security, the current activities and performance of the current information systems should be properly scrutinized to identify any loop holes that may make the system vulnerable. Any action or process that can compromise the confidentiality, integrity or the availability of information should be identified as a risk and once highlighted proper measures should be taken immediately to control it (Kairab 2004). These qualities of information should be maintained because they can cause serious damage to the organization’s name and integrity if compromised and as a result scaring away customers and potential investors thus lowering the chances of excelling. Technology has advanced and with the advancement, it has become possible for many organizations to connect to other global networks for example through internet and the World Wide Web (Broder 2006). This means that the information concerning these organizations can be accessed from any place in the whole world. The mode of working has also changed with many companies facilitating telecommuting which involves employees working from remote locations and sending their work directly to the company’s database through the company’s network. Some even have employed people to conduct research activities while in their home countries after which they send the results of their research through the organizations’ websites (Broder 2006). Advertising has also changed with many organizations using their own websites that also facilitate online buying and selling (Northcutt 2005). These have helped in expanding markets and attaining global recognition for these organizations. However, these developments have posed a great challenge to the maintenance of information security. Physical challenges that cause direct harm to the computers also are threats to information and when strategizing on the mechanisms to be used in securing information they should be addressed for not only do they threaten the information but also the assets which are expensive not to mention that they are the easiest to control. Telecommuting is advantageous in that it enables employees to finish their tasks in time by using their free time to complete their assignments. On the other hand, this mode of working poses various threats to the organizations’ computers and information (Fisher 2005). This is because, as these employees upload information from their computers, computer viruses attach themselves to the files being uploaded if their computers are not virus protected. These viruses are deposited in the recipient’s database where they replicate and destroy files that carry information that is important to the organization. This may cost the organization a lot of time and resources trying to recover the lost data and repairing computers that may have crashed due to the virus infections (Harley 2007). As information is being sent to the company’s database, there is a risk of exposure to hackers who break into networks with the intention of stealing information which they use to cause malicious damage to the organizations’ name and integrity. In most cases, many organizations allow these employees to access data bases which contain information that is confidential concerning customers and the company’s financial information. These are details that are very important and should only be accessed by a limited number of people who can be closely monitored. Not all people can be trusted and allowing access to these employees may turn out to be a threat to information security if they get to leak this information to competitors or the press. This lowers the dignity of the organization resulting to loss of customers and investors who prefer those companies that regard information with secrecy and discretion (Patterson 2005). Advertising through the organization’s website is a strategy that has proved to be efficient and profitable. It has enabled quick access to information for those customers who do their shopping online. Every organization is fighting and determined to join and reach the wider market opportunities offered by this technology without knowing that by doing so, 3 they are creating opportunities for rogue programmers. These people either out of curiosity or personal gain create viruses and other malware which they attach to the websites such that once a person visits the web site, he is prompted to perform an action for example to download certain software for free or updates (Borchgrave 2001). They use these websites to disperse their corrupt programs to unsuspecting customers’ computers once they accept these requests. This in turn compromises the good intention with which the website was created. Once the visitors of the site discovers this, he will no longer visit the site and that way the organization loses the chance to spread information to these willing and potential buyers. The mode of information storage is also an important factor in determining the possible risks. Many organizations store their information in databases that are stored in computers. Computers are the best storage facilities because they can store a lot of information which does not experience dilapidation and can be accessed after a long time in its original state. However, they face various physical threats either caused intentionally or through depreciation (Patterson 2005). The management should look into the level of maintenance and conduct frequent inspections to ensure that the machines are free from dust to reduce the rate of depreciation that results to possible loss of data if the machines get destroyed. Constant back up of data should be done to ensure that the files are not lost completely when the machines are out of service. Intentional damage of computers also happens in many organizations to cover activities of fraud. Theft of hardware also happens crippling the operations of the machines. This should be addressed by installing security surveillance equipment and strong doors which should be locked after everyone have left (Patterson 2005). Every computer user should be assigned his/her own computer so that in case of any vandalizing, someone should be answerable. Power generators and uninterruptible power supplies should also be installed to protect the computers from low power voltages and power failure. These equipments ensure that there is a constant power supply reducing the chances of memory loss in the computers leading to loss of information. After identifying the activities performed in the current systems that pose as a threat to information security, the effectiveness of the threat control methods in place should then be analyzed and if they do not offer the desired resistance to the threats, proper mechanisms should be put in place either preventive or corrective, to reduce the occurrence of these risks (Kairab 2004). It is easier to come up with solutions for problems that are already identified through brain storming and structured walk through. It is also necessary to involve all the information users to ensure that they know of the dangers and if they contribute to the threats, they should learn from the knowledge they get from participating in the assessment process and take it upon themselves to ensure that the information is protected. The most common threat to information is computer viruses. These are programs that are created by rogue programmers with the intention of causing harm to computers that get infected. They can be transmitted from one computer to another through various methods that include and not limited to downloading materials from infected sites on the internet and using infected removable storage devices (Harley 2007). The organizations should ensure that all the computers have been installed with antivirus soft wares which should be updated regularly. They should also ensure that all the employees working from their personal computers at home are provided with free antivirus soft wares so that any information they upload to the company’s data base is scanned first for virus infection. The possibility of hackers breaking into the networks should be addressed by ensuring that any data being sent through the network is encrypted. Encryption is the use of secret codes that can only be understood by the sender and receiver of the information. If the information is hacked, it would be hard or impossible for the hacker to decrypt and that way he would not get the contents of the message (Borchgrave 2001). This has been done in the US and it has worked prompting the government to term it as unbreakable. The information should also be password protected so that any person with the intention of gaining unauthorized access to it would be restricted. This would reduce the chances of availing sensitive information to the wrong persons who may be hired to tamper with the information or to destroy the reputation of the organization for personal benefit or scheming competitors. Fire walls and spam protection should be done to check on any suspicious files that may be sent to the organization’s network through emails and avoid giving confidential information to any requests that may come as log in forms (Sherwood 2005). Conclusion Information security is very essential and should be properly maintained and protected. This is because it helps the management to make important decisions regarding the organizations’ operations. If proper protective measures are not taken, the company risks losing valuable information and clients. It could also have its reputation at stake if the information gets into the hands of malicious people could it be hackers, crackers or rogue users who could be hired agents of competitors, press or even current and past employees of the company who may want to undermine the company in terms of market at their corporate gain or personal vendetta. It is therefore important for organizations to conduct frequent risk assessments so that appropriate measures can be taken to protect information. The assessment involves scrutinizing the operations of the current systems and identifying the different information systems. Information which is vulnerable should be classified and the possible threats should be assessed. Control measures in place are measured to determine their effectiveness after which better controls are designed. Decisions made should be cost effective and should be supported by the management. This is because if the cost is too high, then the profit margin would go down where as the main objective of the firm is maximizing profits. References Borchgrave A. (2001). Cyber Threats and Information Security: Meeting the 21st Century Challenge. Center for Strategic & International Studies. Broder J. (2006). Risk Analysis and the Security Survey. Butterworth-Heinemann. Fisher M. (2005). The Distance Manager: A Hands On Guide to Managing Off-Site Employees and Virtual Teams. McGraw-Hill. Harley D. (2007). Avien Malware Defense Guide. Syngress. Kairab S. (2004). A Practical Guide to Security Assessments. Auerbach Publications. Northcutt S. (2005). Inside Network Perimeter Security. Sams. Patterson D. (2005). Implementing Physical Protection Systems Asis International. Sherwood J. (2005). Enterprise Security Architecture. Cmp. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information Security Risk and the Possible Threats to Information Research Paper, n.d.)
Information Security Risk and the Possible Threats to Information Research Paper. Retrieved from https://studentshare.org/technology/1726959-information-security-risk-secure-system-computer-science
(Information Security Risk and the Possible Threats to Information Research Paper)
Information Security Risk and the Possible Threats to Information Research Paper. https://studentshare.org/technology/1726959-information-security-risk-secure-system-computer-science.
“Information Security Risk and the Possible Threats to Information Research Paper”, n.d. https://studentshare.org/technology/1726959-information-security-risk-secure-system-computer-science.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Risk and the Possible Threats to Information Security

Cyber Threats

This paper will focus on the threats that are normally found to be common on the internet and suggest the possible mitigation strategies that can be applied.... When some host wants to send some information to a certain host, it will send a broadcast asking who has a certain IP address.... ARP does not have a mechanism of correcting the information that it gets from the hosts which are communicating in the network (Salomon & Cassat 2003).... This is called ARP poisoning, that is the ARP table has been poisoned with wrong information....
5 Pages (1250 words) Assignment

Data Security Policy and Effective W5 Security System

The data and information security risk can be illustrated as the intensity of its effect on organization activities (including operational jobs, illustrations, or status), organization assets, or on individual and/or financial information collected during the process of entering into business information arrangements.... Business and client information security and privacy are the leading concern in any… This report deals with the preservation of business and client information as well as other confidential information by improving Modern technology poses a threat in terms of ease of access to data and information which is exchanged over the Internet, which can compromise the privacy of both individuals as well as confidential information pertaining to business activities (Laudon & Laudon, 1999)....
5 Pages (1250 words) Essay

Risk and Security

trategies to Minimize these Threats The first step in mitigating the security threats is to know about all the possible threats that an information system is vulnerable to.... ConclusionIn a nutshell, technology has its own merits and demerits, and for companies to avoid information security breach, it is necessary that risk assessment be done properly (Elky, 2006).... Strategies for managing information security risks.... An introduction to information system risk management....
1 Pages (250 words) Essay

Risks Associated with the Internet as Part of a Business Solution

Without a doubt, a variety of security threats and risks exist in all areas of the Internet, and the business processes that make use of the Internet.... In this scenario, some of the probable risks and security challenges can comprise disruptions caused by coding error, malicious code, natural disasters that have significant impacts on fundamental Internet routers and hubs, and security attacks and threats posed by terrorists or other attackers....
4 Pages (1000 words) Essay

Enigma Security Services - Most Important Threats and Assets

The paper "Enigma security Services - Most Important Threats and Assets" describes that the processes of setting up security policies for the company must be in line with the legal provisions, as well as uphold the rights, freedom, and privileges of the staff at the company.... hellip; security is just an aspect to ensure that the assets and sensitive information of the company are safe and do not fall into the wrong hands.... As such, the security provisions at the organization should not be in any way affecting the productivity of the organization, especially through compromising the privacy of the workers....
12 Pages (3000 words) Coursework

Policies and Procedures for Washington Posts Information System

nbsp; This is being addressed by the Generally Accepted information security Principles (GAISP), under the “Pervasive Principle” wherein it addresses the parameters of confidentiality, integrity, and availability of information, as shown in the guidelines developed by GAISP.... As the Organization for Economic Co-operation and Development (OECD) emphasized in their Guidelines for the security and Information Systems, nature, volume and sensitivity of the information that is exchanged has expanded substantially (Guidelines for the security of Information Systems and Networks: Towards a Culture of security, 2002)....
7 Pages (1750 words) Case Study

Information Technology Threats and Security

From the paper "Information Technology Threats and security" it is clear that The threats are explored like a virus, malware, malicious activities, etc.... The growing demand for dependency on information technology requires the high demand for the prevention of threats and improved security as McCarthy (2013) founded in his work on E-authentication.... There are many effective antivirus and internet security software that detect the latest threats....
6 Pages (1500 words) Assignment

Information Security - the Difficulty in Estimating the Probability of a Threat or Attack Occurring

hreats to information security are either propagated by certain individuals or they happen accidentally.... It becomes more complex to understand the basis to which a threat can occur especially when the countermeasures to information security are properly implemented.... … The paper “information security - the Difficulty in Estimating the Probability of a Threat or Attack Occurring” is a  meaningful variant of assignment on information technology....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us