StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Increasing Vulnerability of Organizational Information Assets - Assignment Example

Cite this document
Summary
This assignment "Increasing Vulnerability of Organizational Information Assets" presents factors that are contributing to the increasing vulnerability of organizational information assets. There are some of the important factors that play role in making the organizational assets vulnerable…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.5% of users find it useful
Increasing Vulnerability of Organizational Information Assets
Read Text Preview

Extract of sample "Increasing Vulnerability of Organizational Information Assets"

?Business Information System Table of Contents Internet Vulnerabilities 4 Wireless Security Challenges 4 Malicious Software: Viruses, Worms, Trojan Horses, and Spyware 5 Hackers and Cybervandalism 5 Unintentional Threats 6 Device Loss 6 Temporary Hires 6 Deliberate Threats 7 Identity Theft 7 Data Theft 7 Virus 7 Worm 8 Phishing 8 Spear Phishing Attacks 8 Approach to mitigate these risks 9 Question 4: Define and contrast - risk acceptance, risk limitation, and risk transference. 9 Risk-avoidance, transference, acceptance, mitigation, deterrence 9 Bibliography Reference List: 14 Assignment – Part A Question 1: Identify and discuss the factors that are contributing to the increasing vulnerability of organizational information assets. There are many factors that are contributing to the increasing vulnerability of organizational information assets. Given below are some of the important factors that play significant role in making the organizational assets vulnerable (Prentice Hall, 2010; KingCounty, 2009; Turban et al., 2005): Internet Vulnerabilities The research has shown that open or public networks such as the Internet are more vulnerable than internal networks for the reason that they are virtually open to everyone. Hence, when the Internet turns out to be an important part of the business network, and the most of the business tasks are supported by this network then the organization’s information arrangements also become open for attacks from outsiders. Wireless Security Challenges Wireless networks based on radio technology are also vulnerable to security penetration for the reason that radio frequency bands are easy to scan and detect for the attackers. These days Wi-Fi technology is extensively available and offering great deal of support for connectivity and information sharing. However, these networks always remain the major target of attackers which can cause problems for the organizations and attacks against information system. Malicious Software: Viruses, Worms, Trojan Horses, and Spyware A malicious software program can cause a variety of threats for example worms, computer viruses and Trojan horses. These threats can cause massive destruction to organizations’ resources in the forms of theft of organizational information, personal data theft and huge danger to corporate and personal information. Hackers and Cybervandalism A hacker is a person who aims to obtain illegal access to an information system. However, in the hacking community, the term cracker is normally employed to demonstrate a hacker with criminal objectives, though in the public press, the terms cracker and hacker are employed interchangeably. These hackers can get access to an organization’s network and launch a variety of security attacks such as: (Prentice Hall, 2010; KingCounty, 2009; Turban et al., 2005): Spoofing and sniffing Denial of service attacks Identity theft Question 2: Contrast unintentional and deliberate threats to an information resource. Provide two (2) examples of both. Information systems are vulnerable and in danger due to a number of possible threats and hazards. However, there are two major types of threats known as deliberate threats and unintentional threats. Given below are acts with no malicious determination and with malicious determination (Rainer, 2009; Safari Books Online, 2013; E.Whitman, 2004): Unintentional Threats Device Loss Human errors or mistakes are the major causes of un-intentional threats that can happen due to human error or due to negligence of human. For example, a person who has lost his device, mobile or laptop which be misused by an attacker for carrying out illegal activities. Temporary Hires Temporary hires are also major type of unintentional threats. In this scenario, temporary workers including contract labor, janitors, consultants, and guards can also create serious security loss for the organizations. Contract labor, for example temporary hires, can be ignored in information security policy. Though, these staff members can unintentionally access the information or data and distribute data without intention and care. This can be really dangerous for an organization. Deliberate Threats Identity Theft In this kind of threat a person intentionally makes use of someone’s personal information as his own personal use. For instance, a person can use his friend’s or colleagues’ personal information such as credit card number or some other bank based details to perform certain tasks. In fact, through this way a large numbers of frauds are yet done leading to millions of dollar loss to businesses and people. Data Theft A staff member, friend or member of organization can steal business data and can make use of data for negative purposes. For instance, an unsatisfied employee can do this to cause harm the business organization. This can be extensively dangerous for business and organizational information system. Question 3: Explain each of the following types of remote attacks: virus, worm, phishing, and spear phishing. What approach could you use to mitigate these information security risks within an organisation? Describe a scenario. Virus A computer virus link itself to an application or file allowing it to spread from one system to another, offering infections as it moves onward. Similar to a human virus, a digital virus is able to vary in harshness: several can cause simply mildly annoying influences as others are able to damage our software, hardware or files. Additionally, almost all kinds of a virus are linked to an executable file. In this scenario, a virus can exist on our system for a long time however it will not infect our system unless we execute or open the malicious application (Beal, 2013; Shelly et al., 2005). Worm A worm is like a virus and it is recognised as a sub-class of a virus. In addition, worms go out from system to system, however as compared to a virus; it has the capability of travelling without interacting with humans. A worm gets benefits of file or information transmission characteristic on our system that is what permits it to travel unaided (Beal, 2013; Shelly et al., 2005). Phishing Phishing is analogous to fishing in a lake; however instead of attempting to catch a fish, phishers try to steal our personal data and information. In this scenario, they transmit e-mails that seem to come from authentic websites for example PayPal, eBay or other banking organization. The e-mails state that our data requires to be validating or updating and request that we enter our password and username, after clicking a link comprised in the e-mail. In this scenario, a web site looking similar to a real web site can hack our personal information (TechTerms, 2013; Kay, 2004; Shelly et al., 2005). Spear Phishing Attacks Spear-phishing is a more specialized phishing approach. It allows a hacker to get private information regarding a user by making use of fake methods. It is basically aimed at targeting a precise employee so as to obtain access to a business’s information (PC Tools, 2010; Microsoft, 2013; Shelly et al., 2005). Approach to mitigate these risks An organization should take certain security measures in order to secure its data and information resources. First of all, an organization should train its employees and provide them with the latest knowledge on security threats and risks. They should keep and maintain record of their employees. Their employees should be given a password protected access to organization resources. In addition, all the systems should have an updated version of antivirus program (Shelly et al., 2005). Question 4: Define and contrast - risk acceptance, risk limitation, and risk transference. Risk-avoidance, transference, acceptance, mitigation, deterrence Risk avoidance is the process of recognizing a risk as well as formulating a decision to no longer involving in the activities linked with that risk. If risk is outside, as well as the level of risk is believed to be fairly high, then a great deal of attention should be paid to stopping or escaping to assume those tasks. If the tasks are fragment of the fundamental business, then recognize if there is another method of performing things that will escape or minimize the risk or loss (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). In addition, the risk avoidance should be foundational on a well-versed decision that the preeminent course of act is to diverge from what would/could take to experience to the risk. One of the major issues regarding risk avoidance is that we are navigating clear tasks we can take advantage from. This is the best and highly efficient method, however often not probable because of organizational needs (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). In risk transference, we do not just shift the risk totally to some other object, but also we share lots of burden of the risk someone else, for example an insurance corporation. A distinctive policy would recompense us a cash amount if all the steps were established to minimize risk as well as a system still was damaged (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). Risk mitigation is proficient anytime we take steps to minimize the risk. In this scenario, steps comprise installing antivirus application, educating clients regarding probable monitoring the network traffic and threats, incorporating a firewall (NeoKobo, 2012; Federal Highway Administration, 2013; Melissa, 2013). Assignment – Part B A case study critical thinking analysis using Toulmin’s Model of Argument: Claim Sensitive FBI data is not secure from attack Data Data and information stored in FBI’s computers is at danger. It is assessed that some criminal mind people got access to data of FBI and made use of that data in a wrong way. Afterward, that data was placed on website for open access. It is a serious crime and data theft led to huge damage to private information and data. Warrant Due to human negligence the system or laptop was accessed by any illegal person and data was misused afterward. In this situation this attack is done deliberately to access the secret stuff of a security firm. This also led to huge damage to security characterises of such organizational staff. Backing This security breach is a basic flaw of overall security based system’s authentication procedures which caused a number of serious issues and aspects regarding secure management of such data. The information that was accessed is really classified that can lead to huge damage to someone’s personal credibility and worth. The FBI is still denying such details however this sensitive information can only be taken from security organization using high level hacking techniques. Rebuttal There number of other criminal activities happen in past where critical and sensitive information was accessed using a variety of illegal ways. For example stealing approximately 2 million credit card numbers is one of the biggest examples of data thefts cases in American history that cost various companies more than $US300 million. In this case such huge amount of records are taken and abused. In such cases the major problem lies at the core security of organization that needs to be managed effectively in order to ensure the privacy and security of organizations’ data (ABC, 2013). Qualifier In this situation the main guilty seems to be FBI security management system that has implemented a poor security authentication mechanism that caused such a huge damage and serious issues regarding management of security and privacy of the security firm. Your Opinion In this overall analysis it is assessed that data security and privacy are most important aspects of any organization that can play a significant role in the success or failure of an organization. Application of effective security parameters and procedures can offer us a great deal of support for managing the security of corporate. In the context of FBI we have seen both kinds of security issues, human negligence (un-intentional security problem) and data theft (intentional security problem). These both factors can be seen at any huge organizational security breach or data theft event. In this situation the only need is application of better security management procedures and systems. Security management is a complex task while application of new and more smart layered approach of technology offers better solution of security management inside a firm. In addition, organizations should manage new technology based bio-informatics system for the effective management of security and privacy at the corporate. These all initiatives are aimed to present better solution for corporate security management and data safety. Without such initiatives the future of information system is in danger. Bibliography Reference List: ABC, 2013. Russian-Ukrainian syndicate hit major companies targeted in biggest credit card fraud in US history. [Online] Available at: http://www.abc.net.au/news/2013-07-26/6-charged-over-largest-ever-credit-card-fraud-in-us-history/4844814 [Accessed 14 August 2013]. Beal, V., 2013. The Difference Between a Computer Virus, Worm and Trojan Horse. [Online] Available at: http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp [Accessed 15 August 2013]. E.Whitman, M., 2004. In defense of the realm: understanding the threats to information security. International Journal of Information Management, 24(2004), pp.43-57. Federal Highway Administration, 2013. 5. Risk Mitigation and Planning. [Online] Available at: http://international.fhwa.dot.gov/riskassess/risk_hcm06_05.cfm [Accessed 18 August 2013]. Kay, R., 2004. QuickStudy: Phishing. [Online] Available at: http://www.computerworld.com/s/article/89096/Phishing [Accessed 13 August 2013]. KingCounty, 2009. lnformation Technology Governance Policies, Standards and Guidelines. Vulnerability Assessment and Management Policy. Off?ce of Informat?on Resource Management. Melissa, 2013. Four Types of Risk Mitigation. [Online] Available at: http://mha-it.com/2013/05/four-types-of-risk-mitigation/ [Accessed 19 August 2013]. Microsoft, 2013. How to recognize phishing email messages, links, or phone calls. [Online] Available at: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx [Accessed 12 August 2013]. NeoKobo, 2012. 2.1.6 Risk-avoidance, transference, acceptance, mitigation, deterrence. [Online] Available at: http://neokobo.blogspot.com/2012/01/216-risk-avoidance-transference.html [Accessed 20 August 2013]. PC Tools, 2010. What are Spear Phishing Attacks? [Online] Available at: http://www.pctools.com/security-news/spear-phishing-attacks/ [Accessed 10 August 2013]. Prentice Hall, 2010. Management Information Systems. [Online] Available at: http://iauec.net/MDF/ch10/chpt10-1main.htm [Accessed 20 August 2013]. Rainer, R.K., 2009. An Overview of Threats to Information Security. [Online] Available at: http://www.irma-international.org/viewtitle/14016/ [Accessed 16 August 2013]. Safari Books Online, 2013. 7.2 | Unintentional Threats to Information Systems. [Online] Available at: http://my.safaribooksonline.com/book/-/9780470889190/7-information-security/navpoint-46 [Accessed 20 August 2013]. Shelly, Cashman & Vermaat, 2005. Discovering Computers 2005. Boston: Thomson Course Technology. TechTerms, 2013. Phishing. [Online] Available at: http://www.techterms.com/definition/phishing [Accessed 13 August 2013]. Turban, E., Leidner, D., McLean, E. & Wetherbe, J., 2005. Information Technology for Management: Transforming Organizations in the Digital Economy. New York: Wiley. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Business information system Essay Example | Topics and Well Written Essays - 1500 words - 2”, n.d.)
Business information system Essay Example | Topics and Well Written Essays - 1500 words - 2. Retrieved from https://studentshare.org/information-technology/1484546-business-information-system
(Business Information System Essay Example | Topics and Well Written Essays - 1500 Words - 2)
Business Information System Essay Example | Topics and Well Written Essays - 1500 Words - 2. https://studentshare.org/information-technology/1484546-business-information-system.
“Business Information System Essay Example | Topics and Well Written Essays - 1500 Words - 2”, n.d. https://studentshare.org/information-technology/1484546-business-information-system.
  • Cited: 0 times

CHECK THESE SAMPLES OF Increasing Vulnerability of Organizational Information Assets

Minimizing the Impact of a Natural Disaster - The Risk Mitigation Phase

From the paper "Minimizing the Impact of a Natural Disaster - The Risk Mitigation Phase" it is clear that the emergency manager can greatly reduce the threat of risk from a natural disaster by effectively planning and intervening into the community process.... hellip; In addition to saving lives, protecting buildings, and saving a community's critical infrastructure, the emergency manager needs to mitigate the risk that a natural disaster poses to the culture of an area....
10 Pages (2500 words) Research Paper

Information System Security

The purpose of this study is to identify the role of risk management as part of the security model of modern information systems.... For the identification of the risks faced by modern information systems, the researcher identified and presented the most common risks and threats a modern information system faces today and how they have developed over time.... The researcher proceeds with a detailed analysis of the available technologies for risk reduction in information systems....
56 Pages (14000 words) Essay

Strategic Business Analysis

This increasing interest in security management, however, has not focused on the process of managing in its entirety.... The first study that looked at non-public policing sector was perhaps that undertaken during the 1980s by Stephen and Shannon, which investigated the increasing significance of the private security industry in Canada (Stephen and Shannon 1981, 1982, 1995)....
32 Pages (8000 words) Essay

Information Security Policies for Organizations

he ISO 27001 information security standard offers companies a risk-based approach to securing information assets.... Executives should seek to protect their information resources as they would any other valuable assets (Guttman and Roback, 1995).... The aim of the following paper is to evaluate several particular information security policies that might be considered in organizations that seek to protect its data, outlining its scopes, purposes, and internal structure (roles, responsibilities, sanctions, and violations)....
15 Pages (3750 words) Research Paper

Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets

The paper "Factors That Are Contributing to the Increasing Vulnerability of Organizational Information Assets" describes that risk avoidance is the process of recognizing a risk as well as formulating a decision to no longer involving in the activities linked with that risk.... These threats can cause massive destruction to organizations' resources in the forms of theft of organizational information, personal data theft and a huge danger to corporate and personal information....
7 Pages (1750 words) Assignment

Vulnerability in Chemical Sectors in the US

Governments use the term critical infrastructure to describe assets and systems that are necessary for society and economy functioning and growth.... Other sectors affect these sectors; they include Critical Manufacturing, Water and Wastewater Systems, Emergency Services, Communications, Food and Agriculture, Energy, Transportation Systems, Healthcare, and Public Health and information Technology (Ec.... The paper "vulnerability in Chemical Sectors in the US" will discuss the chemical sector and chemical facilities....
11 Pages (2750 words) Research Paper

Information Security Concept Map

It will strive to highlight the information security and also look into the need to plan for possible threats, define security policies in order to limit vulnerabilities existing in the organizational information and computer systems.... … The paper "information Security Concept Map" is a great example of a term paper on information technology.... information security ensures the integrity, availability, and privacy of data is protected....
7 Pages (1750 words) Term Paper

Comparing and Contrasting Security Threat Assessment and Security Risk Assessment

Although the threats to all assets may be developed as well as mapped individually, the most effective approach is by developing a list of different types of threats as well as identifying how they could be utilized for attacking a business or nation.... Basically, one threat could take advantage of the vulnerability and consequently damage different forms of assets.... Owing to the different associations between assets and threats, it is imperative to conduct a security threat assessment so as to group threat agents and threat types....
6 Pages (1500 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us