Entifying Information Assets, Threats, and Vulnerabilities in Top Information Security Breaches of the Decade - Assignment Example

INFORMATION SECURITY BREACHES A security breach or security violation is any occurrence that leads to un ized access of data, networks, services, devices, and/or applications by bypassing security mechanisms that exists. Security is breached whenever a person or an application unlawfully enters a confidential, private or logical IT perimeter that is unauthorized (Gupta, et al. 2009). Five of information security breach that occurred in the last decade include are: insider misuse, unauthorized access by insiders, spam, malware, and unauthorized access by outsiders.

Insider misuse that belongs to computing resources takes many forms. If is not resolved, it can lead to very serious information security. The electronic or the physical security systems are not the organization’s weakest security link; human are the one with the weakest links. It is always assumed that the insider threats originate from rogue workers or planted ‘moles’, IT administrators and managers who are privileged to the access of sensitive information, controls and resources poses the greatest risk.

They can start and stop a system, make changes that are critical such as giving the rights to access and untraceably deleting security logs. This threat is devoted to describing the mechanisms used for compromising organizational intellectual property from within (Gupta, et al. 2012). A lot of security incidents are caused by insider misuse i.e. accidental or malicious. A lot of misuse occurs within the boundaries of trust necessary to perform duties. Preventing the misuse is difficult as the only way to stay secure is to grant access rights only to those with business need and to keep an eye on their activities.

The problem is that the majority of organizations have very limited capabilities to trace specific IT events to specific users, with any certainty. A small fraction of IT teams are aware of what is going on in their infrastructure in a particular time and some organizations look manually through files so as to get answers. Unauthorized access by insiders; by accessing the organization’s secured areas physically, or materials that have data which is sensitive make it very easy for a crime to be committed by malicious insiders.

The physical security measures of an organization are as important as the technical security controls. This threat is emerging as a great risk to corporate data. The vulnerability that led to this attacks are; unauthorized access even when credentials are missing, lack of managing the threat of shared password, failing to ensure organization’s critical assets access is attributed to a specific employee, and failing to respond immediately to suspicious access behavior. Spam is e mail message that is unwanted and is highly visible to each and every person in the organization and it serves as a way of many other forms of attacks.

This threat is continuously increasing. The other problem that spam has apart from annoyance is its cheat customers which undermines their confidence and affects the legal internet market that utilizes practices that are ethical (Rainer, et al. 2011). Spam uses the weaknesses of the security so as to remotely install software that are hidden and this changes private PCs to become proxy server or mail. They are routed through servers in the overseas to prevent detection. Malware is an infection to an organization’s network or system by worms, viruses, adware, Trojans or spyware.

In spite the advancement made in technology to prevent malware, it still ranks highly in information security breaches. There distinct difference between organizations in accordance to malicious code attacks frequency, mostly because of their differences in how good organizations defend the security events (Whitman, et al. 2009). Unauthorized access by outsiders simply refers unauthorized use of the system by the outsiders. Hackers have obtained access without the permission of the organization and this has lead to a serious concern of information security breach to organizations.

ReferencesGupta, M., & Sharman, R. (2009). Handbook of research on social and organizational liabilities in information security. Hershey, PA: Information Science Reference.Gupta, M., Walp, J., & Sharman, R. (2012). Threats, countermeasures, and advances in applied information security. Hershey, PA: Information Science Reference.Rainer, R. K., & Cegielski, C. G. (2011). Introduction to information systems. Hoboken, N.J: Wiley.Whitman, M. E., & Mattord, H. J. (2009). Principles of information security.

Boston, Mass: Thomson Course Technology.