Insider Threat and Physical Vulnerability - Research Paper Example

? Insider Threat and Physical Vulnerability Insider Threat and Physical Vulnerability Introduction The health care industry can beseen to be adopting more of technological advancements in their operations with each day passing. While this can be seen as a great step towards the provision of better health care services, the idea has faced some setbacks too. This paper will discuss the vulnerability and threats of the new iTrust requirements. It will also look at how the database can be secured from attackers. The paper will look at the physical security of the database first and then later address the insider threat. Physical security of the database The growing technological advancements are posing a threat to the new requirements of the iTrust database. Cloud storage, a method of data storage that allows users to share information online is one of the basis on which the iTrust database is prone to attackers. Cloud computing can be misused to attack the database through dishonest activities. Cloud computing at the database, just like in other systems, deal with privacy and have a rather easy registration system. Although the easy registration system gets geared to make the software user friendly, criminals usually use advanced technologies to access the software. This poses the highest threat to businesses and consumers that use the system (Shaw et al, 2013). There have been cases of use of Botnets to attack a public cloud network and spread viruses. The Zeus Botnet has on several occasions attacked the Amazon cloud. The Zeus Botnet attacked Amazon’s EC2 cloud computing service managing to install a virus. The Botnet further took control of a cloud platform. The malware remained hidden for a long time while transferring millions of dollars (Shaw et al, 2013).Two ways have been proposed to deal with such malware. The security threat posed by the malware can be addressed through implementing cloud analytics. The threat can also be addressed through employing more personnel to monitor the database. Another threat that comes with cloud computing is the difficulty with which consumers get to understand the security implications associated with usage of software like itrust database. Whereas most consumers would prefer a relatively easy set of application programming interfaces, this seems to deter efforts to safeguard the database from any threats. Ensuring that the database gets adequately safeguarded may call for complex application programming interfaces. Such interfaces are able to detect any unpermitted intrusion into the system and swiftly counter-attack the attempt (Shaw et al, 2013) The issue of account service and traffic hijacking remains a legitimate threat to most of the iTrust users. Traffic hijacking has a wide range. It may involve spamming or use of stolen user credentials. Considering the sensitivity of the data stored in the iTrust database, hackers can in many ways put to risk the lives of the users. This can be done by just gaining a simple entrance. In a situation where the attack occurs on the urgent care, the attacker can manage to follow up on transactions, edit data stored on the database as well as steal users’ personal information .To curb this, preventive measures must be taken. Such preventive measures may include effecting password policies, use of tracking software and providing internet usage education to all employees (Researchomatic, 2012). The insider threat Insider threat can be defined as any threat that comes from people within the organization and who have the organization’s inside information regarding how the organization stores its information. The insider threat faced at the iTrust database is quite challenging. A lack of separation of duties seems to pose the greatest insider threat at the moment. Separation of duties ensures that an insider with too much power or authority is not able to attack the database using the power or authority that they have (SafeNet, 2013). Example of an incident of an insider threat is when a head of department upon realizing that their job is on the hang, they decide to keep the password to the department’s files to themselves. This brings the database’s operation to a halt for several days as legal processes set in to solve the issue. The iTrust database, therefore, need to enforce stricter rules that clearly incorporate a separation of duties in order to bring a balance into the iTrust database. Leakage of users’ personal information through the employees has also been rampant. At times, employees leak out information about the users to non-partisans. An example of such a case is where an employee working at the company is willing to leak information to non-partisans in exchange for money. They are promised $10,000 by some malicious individuals. The employee agrees to the deal and in the process leaks vital information about the targeted user. This information may be related with how the user operates and where they work. The overall life of such a user is put at risk (Researchomatic, 2012). There are several ways through which iTrust database can ensure that its data is free from insider threats. One such way is through treating all threats as underappreciated and as something that can come from any direction. The iTrust database should be in a position to address the issues that in most cases lead to an insider posing a threat to the firm’s database. These issues include lay-offs, transfers and other perceived grievances (Trend Micro, 2013). All possible causes of threat to a company’s database should be treated equally. This can help iTrust in addressing any issue concerning insider threat. Another important way of addressing the issue of insider threat is clearing all the loopholes. Users’ information should be safeguarded and only released to the relevant staff members. This ensures that information hardly gets to inappropriate people in the firm. There should be standards and compliance guidelines for any internal security procedures. The firm should answer the questions of how the data is going to be stored and who will have access to it. Conclusion Data security is an emerging issue to most firms, which find themselves victims, of either external or internal attacks. Some firms go on to lose vital information, which at times ruins the company’s image. Companies should, therefore, address the issue of data security in their companies. This is because if left unattended, data hampering can as well ruin a company completely. References Researchomatic (2012). Itrust Database Security Assessment. Retrieved From: http://www.researchomatic.com/essay/Itrust-Database-Security-Assessment-51498.aspx SafeNet (2013). The Foundation for Data and Encapsulation. Retrieved From: http://www.safenet-inc.com/data-protection/data-encryption/data-secure/ Shaw, E., Ruby, K. G. & Post, J. M. (2013). Political Psychology Associates. Retrieved From: http://www.dm.usda.gov/ocpm/Security%20Guide/Treason/Infosys.htm Trend Micro (2013). Data Protection- Data Security Management. Retrieved From: http://www.trendmicro.com/us/enterprise/data-protection/ Read More