Retrieved from https://studentshare.org/information-technology/1432997-information-security-white-paper
https://studentshare.org/information-technology/1432997-information-security-white-paper.
Lack of awareness and execution to protect company’s information assets can result in loss of revenues, bad reputation for the company and probable law suits by the customers for not being able to protect their data. 2. Threats and Vulnerabilities There are numerous types of threats and vulnerabilities that are required to be considered for the protection of information. Data breach is defined as the disclosure of information to unauthorized individuals in an intentional or unintentional manner.
Verizon Business Risk Team (2009) stated that the degree of data breaches is the highest in the modern times than it has ever been. Figure 1: Percentage of Different Types of Data Breaches from 2004 to 2008 (Verizon Business Risk Team, 2009) Data breaches tend to threaten the confidentiality, integrity and authenticity of the data. Confidentiality aspect requires the data to be hidden from unauthorized third parties to protect the privacy of the individual. Hash, Bartol, Rollins, Robinson, Abeles and Batdorff (2005) explained that integrity of data provides the assurance that it is not tampered with or modified at any level as a result of malicious intent.
Authenticity of data also ensures that the data is complete and accurate. The absence of such attributes of data makes the data unreliable and may prove to lead to misleading directions and results for the management of the organization. Data breaches may result from outside or inside sources. Moore, Cappelli, Caron, Shaw and Trzeciak (2009) defined insider theft as instances when employees (current or ex-employees) may disclose information for personal motives or as a result of lack of awareness of required information security measures.
Employees might help the outside intruders gain unauthorized access to sensitive data by leaking passwords or loopholes in the security systems. Such employees may also damage or destroy the data as a result of personal conflicts or grudges against the management. Outside sources of threats and vulnerabilities include denial of service (DOS) attack, virus and worms attacks. Houle and Weaver (2001) explained that DOS attacks are directed to impair the IT services and resources so that legitimate users cannot avail them.
Common sources that are witnessed to become targets are bandwidth, data storage services and computing power of a resource. Abundant fake requests are sent to the server to make it incapable and unavailable to cater the requests from legitimate users. Viruses and worms are also common threats that reside in a computer without the knowledge of the owner and perform spiteful actions to harm the data. Viruses and worms are automatically installed on the system if the user opens a compromised email attachment, visits an unreliable website, opens an infected image or clicks on a compromised online advertisement etc.
Non-repudiation was defined by Hole (2009); it ensures that the transfer of messages between participating parties is valid and real. Effective security measures need to be taken by companies to ensure that sender and receiver cannot deny the transfer and receiving of the messages, respectively. 3. Counter Measures for Improving Security Cannady and Harrell (n.d.) proposed a technique to tackle the threat of insider theft; they recommended that ‘user profiles’ should be developed and stored in the server.
These user profiles are developed on the basis of routine activities
...Download file to see next pages Read More