The paper "Factors that Are Contributing to the Increasing Vulnerability of Organisational Information Assets" is a great example of a business assignment. Organizations are increasingly using the internet as a business tool to accomplish many functions. There exist a lot of threats to organizations assets on the internet. If the people working for the organization are not well informed and trained on internet usage, they might not be aware of threats such as spyware and malicious programs thereby making the organization vulnerable to attacks from such mentioned sources (Harrington, 2005). System complexity and Connectivity As organizations increase in size or operations, the nature of its activities is also complex.
If the organization adopts an information system, its information assets will be more vulnerable than those of a small organization (Foltz, 2004). This is because the more complex a system is, the more the possibility of there being a flaw in the system. The system can also be accessed from different points which may be an unintentional design flaw in the system which may not have been recognized. In the efforts to ensure efficiency in operations or in doing business, an organization may have a system that is way too connected such that sensitive resources can be accessed remotely from the internet or via physical connections.
The many accesses, privileges and portals increase the vulnerability of the organization’ s assets (Skoularidou & Spinellis, 2003). Password management Weak passwords and weak systems that may not be able to guard against intrusion make it possible for intruders and unauthorized people in the organization to access information assets upon which they may misuse it for their personal gain (Foltz, 2004). Question 2: Contrast unintentional and deliberate threats to an information resource.
Provide two (2) examples of both. Unintentional threats to an information resource occur when an action or inaction results in an intended breach of systems security and integrity (Huang & MacCullum, 2010). They include: Software failures: this is usually noticeable whenever software behavior is not in harmony with the intended system behavior. This is common whenever data is lost or expected performance upon issuance of command. The causative factor is poor software development or software testing. This kind of scenario may result in unintentional security lapse in the system of system failure that can affect core activities of a system. Natural factors: these are factors that maybe not in control of the management and thus cause a threat to the system unintentionally.
They include such factors as fire, humidity, water, heat and even dust. The factors may result in the system failing to perform as expected or getting totally destroyed. Deliberate threats, on the other hand, are as a result of actions committed by humans knowingly to take advantage of information systems vulnerability (Huang & MacCullum, 2010).
They include: Unauthorized disclosure whereby a person who is not authorized to access a system is able to gain access through deliberate exposure, scavenging, or taking advantage of system weakness. It may also be a deception threat action where the authorized person receives data and believes it to be true whereas it is false. It is made possible through masquerade where an unauthorized person gains access to a system and misuses it. It can also be through spoofing or malicious logic (Foltz, 2004).
Bishop, M. 2004., Computer security: art and science. Addison-Wesly Professional.
Foltz, B. 2004., Cyber-terrorism, computer crime and reality. Information Management and Computer Security Journal , 12 (2), pp.12-23.
Harrington, J. 2005., Network security: A practical approach. Academic Press.
Huang, S., & MacCullum, D., 2010. Network security. Prentice Hall.
Kaufman, C., & Speciner, M., 2002. Network security: Private communication ina public world. Prentice Hall.
Mouratidis, H., & Jahankhani, H., 2008. Management versus security specialists: an empirical study on security related perceptions. Inoformation Management & Computer Security Journal, 16 (2), pp.1-9.
O'Beirne, R., 2002. Computer network security and cyber ethics. Library Review , 51 (9), pp.12-19.
Puuronen, S., & Seleznyov, A., 2003. Using continuous user authentication to detect masquaraders. Information Management & Computer Security Journal, 11 (3), pp.7-15.
Skoularidou, V., & Spinellis, D., 2003. Security architechures for network clients. Information Management & Computer Security Journal , 22 (2), pp.23-45.
White, G., & Pearson, S., 2001. controlling corprate email, PC use and cmputer security. Information Management and Computer Security Journal , 9 (2), pp.23-32.