Documente Academic
Documente Profesional
Documente Cultură
345
Roland Giovanni H.
0000-000-8260
7. What are the 2 types of threats to information security ? What
are examples of each type of thread ?
1. Human Threats
Accidental misuses, loss, or destruction by employees, consultants,
vendors or suppliers or actions by disgruntled employees, insider
theft, sabotage, terrorism, hackers, spam.
2. Environmental Threats
Caused by natural actions. Examples fire, floods, earthquakes,
hurricanes, industrial accidents, war, power failures, arson.
8. What are information security vulnerabilities? How do
organizations assess vulnerability ?
Information security vulnerabilities are weaknesses that expose an
organization to risk. An organizations risk assessment must examine its
vulnerabilities to determine how effective its existing security measures
are. Once vulnerabilities have been analyzed, the organization can
evaluate controls that fill in security gaps and protect against specific
threats. Vulnerability depends partly on how likely any particular event
may be . For example a major earthquake in Mexico City rates as highly
likely, but hurricanes in that region are very rare. Even very unlikely
events might pose serious risks, however when their impact would be
immense if they occured. Risks also differ depending on the threat. A
major information leak would compromise confidentiality for example
while a power outage would affect availability by bringing down the
systems.
9. What are examples of administrative
organizations implement to improve security ?
controls
that
11. Why is human behavior often the weakest link for information
ethics, information privacy, and information security? What are
examples of strategies that organizations can implement to
counteract the weaknesses in human behavior and decision
making that have a negative impact on information security and
privacy?
One weak spot is simply the human desire to help others. People routinely
pass virus-laden hoaxes along to friends and neighbors, trying to be
helpful. An employee who swipes his/her ID badge to open a secure door
and then courteously holds it open for the person behind maybe falling for
a common social engineering trick to bypass physical security. The
pressure to be helpful is even greater if the followers holding packages or
using crutches. Respect for authority is another common human tendency
that intruders exploit, relying on uniforms, titles or just verbal hints that
the cimpany president wants something done. Human also are certainly
not immune to greed and scammers tap this human frailty routinely to
persuade people to turn over confidential information/money. Ironically
another highly effective bit of social engineering relies on the human
desire to avoid malware for example fake anti-virus. How to counter it ?
Organizations should have robust security awareness programs to help
educate and continually remind people aout risks that lax security
presents. The program should cover the organizations own policies and