Internal Security Threats

Great Essays
We’ve all heard the warnings, “Hackers are everywhere, arm yourselves with the right security to protect your information.”, and hopefully you are not one of the millions that have had their identity stolen. Imagine being in charge of a multibillion-dollar company, and it is your responsibility to make sure that every customers transaction that passes through the system is secure against attacks. That is a pretty big feat, but in today’s world it is a necessary evil that has become one of the biggest concerns faced by corporations. Accountability, in a security sense, is a set of goals that place emphasis on how a company will handle and protect themselves from a security breach. Many companies in the past, have learned hard lessons …show more content…
Policies should be constantly updated and gone over with employees to ensure they understand them. Ensuring that employees are not taking pertinent information to outside sources whether intentional or unintentionally is of other concern for the manager. Keeping security issues a very serious matter is important for the manager to reiterate to the employees, as are the repercussion that they may face if rules are broken. Some examples of real world internal threats are 1. Employees sharing login information 2. Watch, manage, and protect access to the internal network used by employees. Often times, many employees will share their login information with other co-workers who are having a difficult time logging into the system, or they simply have forgotten their own login information. As a manager, this is a practice that needs to be stopped immediately. This is how many employees with the wrong intentions can login under another employee ID and commit fraud or steal customer information. It is also important to remember that everyone has different access to certain areas within the system, meaning one employee may not have access to payroll, but the other does. This can open the flood gates for a serious internal attack. The second example of watching, managing, and protecting access is closely related to the protection …show more content…
What this means is that the company is taking every precaution to have the right people on the job when it comes to security as well as the most up-to-date security systems available. A breach may happen, but knowing that your company has done everything to protect against an attack should allow some peace of mind. Two ways that resource allocation translates into the workplace are: 1. Adding further encryption to already secure sites. 2. Supplementing with additional security teams to monitor around the clock vulnerabilities to the site. Adding additional encryption may seem like a strange thing to do if it is already existing on your site, but it is always better to be safe than sorry. Extra layers of firewalls will aid in the fight against hackers, and save the company money in the future having to defend themselves legally (Schiff, 2016). Having and extra set of eyes in regards to security is the way to go when monitoring the day to day operations of the business. About a week ago Amazon’s security team monitored what would be considered a threat to customer accounts, and sent those customers an email requesting them to reset their passwords. The problem was that these customers were using old passwords that they had used in the past, and hackers had gotten their hands on the list, putting the customer information at risk of a breach (Spadafora, 2016).

Related Documents

  • Superior Essays

    Nt1310 Unit 8.2

    • 772 Words
    • 4 Pages

    Since access has been granted previously, the network access codes will now need to be changed, to warrant away previous access to the network. An employee should be responsible for monitoring all network access to ensure that there isn’t unauthorized access or activity. Reports should be assessed by management to make any necessary…

    • 772 Words
    • 4 Pages
    Superior Essays
  • Decent Essays

    Upon determining what should be in the intranet, what risk is the organization willing to tolerate should be tackled. An assessment of the privacy controls and security controls can be determined by using NIST Special Publication 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations, Building Effective Assessment Plans as a guide along with NIST Special Publication 800-30, Rev-1, Guide for Conducting Risk Assessments (NIST SP 30-1, 800-53A). To truly understand this publication is prohibitive to fully explain; however, this step is critical and will impact your intranet dramatically. To simplify: you cannot always have the risk metric you desired because by doing so would make your system so slow and unusable you could not accomplish much.…

    • 428 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    Nt1330 Unit 2

    • 369 Words
    • 2 Pages

    The business requirements of the access control must be established and documented. Access control rules and rights for each user or group of users should be clearly stated in a policy statement about access All employees, contractors and third party users of information systems and services should be required to record and report any allegations or findings of security weaknesses in the system or the services. This aims to ensure that information security events and weaknesses detection of information security can be dealt with in a timely and…

    • 369 Words
    • 2 Pages
    Improved Essays
  • Great Essays

    Nt1330 Unit 3 Assignment 1

    • 1044 Words
    • 5 Pages

    Along with usernames and passwords to computers is by adding usernames and passwords for individuals that need to gain access to certain files on servers. Network administrators have the task of providing each user with only the data that they need access to. If all users have access to everything on the network this serves as a security threat because if one user's credentials are compromised the whole system can become jeopardized by unauthorized…

    • 1044 Words
    • 5 Pages
    Great Essays
  • Improved Essays

    After analyzing the current situation of accounting firms, it seems that this organization understands the importance of information security but it is severely lacking. This requires to introduce a user training program to make every employee understands the importance of how they behave themselves every day in protecting the company’s network…

    • 730 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    To combat these concerns, the team focused on four different controls. Insider Attack: The setting on the firewalls was set to maximum. The setting allowed the network reject, block, or deny potentially malicious payloads that would allow access. Authentication, RBAC, IDPS, and firewalls were used in conjunction to reduce insider threat opportunities. Additionally, these systems notified network administrators of any foreign presence within the boundary.…

    • 1194 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Nt1310 Unit 9 Final Paper

    • 586 Words
    • 3 Pages

    At no time should the workstation be used for personal email use, (i.e. sending or receiving), or social networking sites. The company has a secondary Internet Service Provider (ISP), and that should be used for personal email and social networking via your personal devices, such as cell phones and tablets. Again, you are not permitted to send company information using personal devices or email/social media. Key Control Maintaining constant watch over who has access to what electronic and physical key access is imperative.…

    • 586 Words
    • 3 Pages
    Improved Essays
  • Decent Essays

    Nt2580 Unit 7

    • 395 Words
    • 2 Pages

    There is panel control where a unit/equip is available in front of their cameras and other apparels to diagnose and give disposable information about the concern. Most often, this kind of security is to ensure that sensitive areas can only be accessed by authorized persons only, they control the equipment, data, electronic information of the organization from breaching or any other violence. D.B Parker proposed three additional elements for Information Security: Firstly, we have authenticity which accounts on the veracity of the information stored by the control or the website manager. It ensure that the members registered in the organization are who they state to be. We have possession and control, this is the control of the documents and all information saved in a computer or on a chip with encrypted code or information.…

    • 395 Words
    • 2 Pages
    Decent Essays
  • Superior Essays

    Identify strategies to control and monitor each event to mitigate risk and minimize exposure Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. One type of a security event that might indicate supicious activity is an authentication failures found in audit logs. Audit logs contain a high volume of events so particular attention on which events that should be specifically tracked and managed require consideration. An audit log can identify patterns of activity that can signal a security a potential breach. Whether the attack was successfull or not the audit information should be stored in a central respository for future forensic refernce if ever needed.…

    • 1084 Words
    • 5 Pages
    Superior Essays
  • Improved Essays

    Black Ice Summary

    • 823 Words
    • 4 Pages

    The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical space and cyberspace, and governance constructs that involve multi-level authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient. All Federal department and agency heads are responsible for the identification, prioritization, assessment, remediation, and security of their respective internal critical infrastructure…

    • 823 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    For the longest of time we have been under constant watch under the government. Ever since 9/11, The NSA, the National Security Agency, increased its domestic surveillance in the United States to protect from foreign invaders and inside threats. But let’s be honest, have any of us really benefited from this increase of our invasion of privacy? I mean for all we know the government is just being nosey and is trying to find someone to blame all their problems on.…

    • 517 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Cybersecurity Policy Paper

    • 1062 Words
    • 5 Pages

    Introduction In today’s technological society it is very important that organizations maintain strong security policy documentation. The most important documentation that should be maintained is the cybersecurity policy. In this paper I will discuss the cybersecurity policy of the organization I have chosen (Apple INC). This paper will supply an analysis of the strategy that they use to protected themselves against fraud, hackers and theft.…

    • 1062 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Security Breaching

    • 1830 Words
    • 8 Pages

    Have you ever been hacked? Not in the “Haha I took a funny picture on your account hacked,” but the scary moment when you realize your passwords have been changed and you can’t access your bank account anymore? If you haven’t, count yourself lucky, because Security Researchers state that almost half of the population of the United States has been hacked, or have had their private information leaked to the web. Many times you don’t even know it’s happened. Companies don’t like sharing information about breaches with the public, as it sheds “bad” light on them.…

    • 1830 Words
    • 8 Pages
    Improved Essays
  • Improved Essays

    In today’s society, there are many legal risks that could arise within an organization. Employees could embezzle money from the company, company data may be exposed, or a hacker could enter into the secure company network. All of these situations have legal risks associated to them and the legal risks would cost the company thousands of dollars, which could make the company go out of business. In order to reduce these legal risks, the Sarbanes-Oxley Act was implemented by Congress to help corporations remain accountable in terms of protecting their investors and the public from accounting errors and fraudulent practices within the company (Wilbanks, 2016). This act ensures that a company’s financial department is secure and everyone is…

    • 1303 Words
    • 6 Pages
    Improved Essays
  • Improved Essays

    Team 3: Vadde Aditya, Bishal Bk, Fang Fang, Suraj Karki, Varshini Paladugu, Raghuveerreddy Suram Week 7 Group Assignment • Discuss what can happen if the framework you choose as a foundation does not fit your organization’s business objectives. If the framework the organization choose as a foundation does not fit the business objectives, it may face several problems as following. 1.…

    • 723 Words
    • 3 Pages
    Improved Essays