Information Security Threats

Improved Essays
Creating and maintaining an effective information security apparatus has always been a challenging task for security experts. This is particularly true within organizations that process sensitive customer data such as financial and health related information. With IT (Information Technology) security strategy in mind, organizations have to devise strategies that would enable them to operate in a safe environment and protect customer data. Bill Stackpole & Eric Oksendahl in their book "Security Strategy: From Requirements to Reality", lists the nine principles that security strategists must take into account before finalizing the security strategies for their organizations. This paper will explain the following three principles.
Observation
…show more content…
However, mere detection does not provide the comprehensive analysis of the threats. Additional information such the origin and the intention of the threat are equally important. Moreover, a bigger attack could be preceded by small sniffing attacks to gauge the weakness in the security. Effective monitoring tools should be capable of detecting these forms of attacks, analyzing their intent and determine the scope of damage that could be caused in case of a security breach. Attacks such as DDoS (Distributed Denial of Service) target servers by sending large numbers of connection requests within a short span of time, which renders the server unresponsive. IT strategists should not only take into account the response in such events but how such attacks could be identified early on so that other backup systems could be made operational to service genuine requests. The observation principle also lays special emphasis on the identification of threats and the training of security analysts to detect suspicious behavior in the least possible time. Hackers typically do not repeat a particular style of attack again once it is used against an organization. Security analysts should be trained to detect newer and smarter forms of attacks as …show more content…
To thwart any attack, the security apparatus must be ready to deal with security challenges as they arise. Organizations usually miss this important point and lack effective coordination when there is a security breach. To mitigate any security breaches or attacks from within the organization, organizations could implement procedures such as maintaining an effective access control mechanism, encrypting sensitive information and implementing an authorized-only-device policy in the organization. Organizations could also carry out disaster recovery drills to understand the weaknesses in the security apparatus and identify the best course of actions in case of emergencies. The plans should be detailed enough to provide a comprehensive defense against an attack. Incident managers should be well versed with the emergency protocols such as coordination, information sharing and backup procedures that are necessary under such circumstances.
These principles provide security strategists the necessary guidelines to implement an effective security apparatus. With data security becoming one of the top concerns for organizations that handle sensitive customer information, it is important that security analysts look at the holistic picture of the security landscape rather than having a narrow scoped approach to protect and improvise their security

Related Documents

  • Great Essays

    Security Countermeasures

    • 1615 Words
    • 7 Pages

    Countermeasures are unequivocally essential to maintain control of the power systems. Several security protocol methods are required to combat the imminent threats that loom. Encryption mechanisms afford further security to communication channels making access difficult. Limited access within the infrastructure staff will reduce system compromise liability besides forcing password renewal on rotating frequencies. Technological advances in the biometrics field incorporated into the security access protocol will undoubtedly offer robust system…

    • 1615 Words
    • 7 Pages
    Great Essays
  • Great Essays

    Internal Security Threats

    • 1296 Words
    • 6 Pages

    What this means is that the company is taking every precaution to have the right people on the job when it comes to security as well as the most up-to-date security systems available. A breach may happen, but knowing that your company has done everything to protect against an attack should allow some peace of mind. Two ways that resource allocation translates into the workplace are: 1. Adding further encryption to already secure sites. 2.…

    • 1296 Words
    • 6 Pages
    Great Essays
  • Great Essays

    Risk Analysis Assignment

    • 1273 Words
    • 6 Pages

    (d) threats A threat can be determined as a result of a risk analysis. In computer security, a threat refers to anything that contains the potential to cause extreme harm to a computer system. If a threat exists it does not mean that something will happen, it simply means that something has the potential to cause serious damage. (e) vulnerabilities A vulnerability is a weakness to the security of a system that allows for serious harm when an attacker has the skills and tools to exploit that weakness. Part 2 Exercises - Risk Analysis Write a brief but complete answer for each of these.…

    • 1273 Words
    • 6 Pages
    Great Essays
  • Great Essays

    The foregoing means that the software prevents hackers and crackers from accessing password prompts from the company. Such a condition means that it will be difficult for them to access any leads that might result to corruption of data. In addition, the PureVPN protects the firewall that protects the company’s network from malicious access and programs. Notably, rival companies might hire hackers to direct malicious programs to the Advanced Research Company’s network in order to corrupt the data held there within (Pure VPN Review, n.d). However, with the presence of this software, malicious programs will be detected and eliminated before doing any harm to the data.…

    • 1226 Words
    • 5 Pages
    Great Essays
  • Superior Essays

    Cyber Attack Case Study

    • 956 Words
    • 4 Pages

    Once the critical business information is identified, a planned response needs to be identified as to how to protect that information. The protection plan may begin with the Information Technology (IT) Department with software but essentially it is individual responsibility of how the information is kept safe. Information is always vulnerable and people are looking to find ways to gain access. By having checks in place, if a hack does occur, the violation can be detected sooner and planning continues to prevent future attacks from happening again by devising a deflect plan, and how to go about defending in the future. Firewalls are put in place to keep individuals from hacking into the database at the place of my employment.…

    • 956 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    Thisanonymous hacker does its best toremove all the evidences of the system thats being hack, defy the intrusion detection alarms and thus avoid any form of legal actions against him. This was the third phase of hacking.In the last phase, they are ready to clear all the tracks and logs which get stored in the server log due to their activity. This is a must…

    • 1032 Words
    • 5 Pages
    Improved Essays
  • Superior Essays

    It will also analyze the change control process and identification needed for security for the specific business fields. Process to identify security needs and how it effects the foundation of the policy How can you possibly protect your IT infrastructure if you have no idea what you are protecting it against? That’s why it is important to identify the security needs and/or vulnerabilities thoroughly with a basic risk assessment. So a risk assessment is the process that should be completed first and it will help to identify the security needs. During this process you will be faced with some basic questions that will help to identify your security needs.…

    • 1045 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    and how to protect from it ?. More susceptible to this malware who browser suspicious sites which mean some sites are already get hacked from hackers and the hackers have hidden ransomware. To be more safe , users and employments should not visit a susceptible sites and if they need to visit make sure that browser is updated and do not download any execution file. As I mentioned the common attack method of ransomware. So we can always have seen that attack come in after the victim accept which mean the attacker convince the victim to open the link or the execution file.…

    • 1452 Words
    • 6 Pages
    Improved Essays
  • Superior Essays

    Without it, how else will an organization know what their weaknesses are and what they can do to improve their defenses? As mentioned previously, Deerman (2012) found that there are three main phases of the malware lifecycle. Through the good intentions of implementing white hat hacking, an organization will be able to clearly see the vulnerabilities in their system and where attackers will most likely hit first. Understanding the offensive and defensive perspectives of the malware lifecycle will equip the organization with the adequate skills and tools to disable the first phase from developing so the malware never reaches the second or third phases. The best method of security is to always take preventative…

    • 1603 Words
    • 7 Pages
    Superior Essays
  • Great Essays

    The policy is for safeguarding the firewall as it is detrimental to the efficiency of an organization’s operations. Peltier argued security elements of the policy are protocols as well as software and hardware components (2016). The information technology is important as it prevents the penetration of the company systems thereby preventing the manipulation of data. All individuals are responsible for preventing system threats by not sharing passwords. Information technology experts should install antivirus software that will detect threats to the system.…

    • 1257 Words
    • 6 Pages
    Great Essays