Identify and discuss the factors that are contributing to the increasing vulnerability of organizational information assets. (250 Words) There are many factors that are contributing to the increasing vulnerability of the organizational information assets, it includes both internal and external, can be made by human (intentional or unintentional) or technical, and don’t overlook the environment (Whitman 2003, p. 92). Nowadays, as the information system growing, the factor that has the most impact on the increasing of vulnerability is compromises to intellectual property.
We will write a custom essay sample
on Organisational Information Assets or any similar
topic specifically for you
This act can be done within the organization or outside. From inside the organization, disgruntled employees who are angry about lay-offs, transfers, and also other who hold grudge against the organization (Shaw, Ruby and Post 2010, p. 3) can commit it. In other cases, employees who take advantage of their position of trust for financial gain. From the outside, there are hackers who employed by other organization or act as individual, those are also will try to collect as much as information from the targeted organization to get benefit from selling those information.
The next important factor is from the technical or unintentional made by he employees. The information system from an organization is all about technology, so the technical error can happen anytime depend on how good the organization cans maintenance the system, also the unintentional act from the employees can be the cause of the technical failure that lead to the vulnerability of the organizational information assets. Question 2: Contrast unintentional and deliberate threats to an information resource.
Provide two (2) examples of both. (250 Words) The unintentional and deliberate threats are two major categories of threats that represent as serious threat to the information system. The unintentional threats can be made by human mistakes such as carelessness while using laptops or computer devices, also while surfing Internet outside the organizations or through conversation. These are all unintentional act that will invite attacker to take actions against the organization.
For example, while outside the organization, individual can bring their laptop to internet cafe© to continue their work, however the internet cafe© is an environment that can
Page 2 Organisational Information Assets Essay
make all your information expose to the different organization, because the people passing through can see what you doing and can take advantage of that situation. On the other hand, deliberate threat is the intentional illegal acquisition of the information from the organization, with the intent to blackmail the organization with the threat of publication, dissemination, or use.
For example, from the fashion industry, the new design is always top secret of the company, so if one can stole or collects that information which is the design, that can be dangerous to the company, and also benefit the others in the industry, so this act usually happen in the fashion industry. Question 3: Explain each of the following types of remote attacks: virus, worm, pushing, and spear pushing. What approach could you use to mitigate these information security risks within an organization? Describe a scenario. 250 Words) -Virus: Designed to keep replicate, it can infect your programs and files, alter the way the computer operates or stop it from working travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread. (1) -Pushing: is the act of others attempted to steal your personal information. It usually comes under email invitation. (1) -Spear Pushing: is a more specialized pushing scheme, it targeting specific employee in order to gain access to a company’s information. 1) Virus and worm can attack your computer during web surfing, email, advertisement on the internet. Pushing and Spear pushing usually from licking on link from Junk mail, random invitation on the internet. The approach that I will use to mitigate these information Security risks within the organization are listed as follow, I will setup password inside the organization, password always is the basic for IS security, then setup virus protection software and also media backup in case technical failure.
A firewall is also necessary, the stronger it is the better the security. I will also conduct employee education and ethic training class within the organization. Finally make a better control over the workstation. Question 4: Define and contrast – risk acceptance, risk limitation, and risk transference. (250 Words) Risk acceptance: Every enterprise has to have a level of risk that it will accept otherwise it is impossible to do business. Risk represents both an opportunity to make profit and the potential to make losses.
What is important to the organization is to manage its risks so as to balance the opportunities against the potential losses for the overall good of the business. Risk limitation: this is another different approach that organizations could use, different from risk acceptance, risk limitation tries to limit the risk as much as possible rather than accepting the risk. Risk transference: is the approach neither accepting nor limit the risk; it refers to shift the burden of loss to another party through legislation, contract, and insurance or by different methods.
These three different approach have different advantage and disadvantage, such as risk acceptance, by accepting the risk the organization can gain a larger benefit from that action, however from the risk imitation, it can secure that the organization can be safe at all time. The risk transference can be one of the best approach, but it quite a hard task, to transfer the risk to another organization, it require the use of law or contract to do so.
Assignment – Part B A case study critical thinking analysis using Dilution’s Model of Argument (600 WORDS) Use the Table provided for your answers. Claim I Sensitive FBI data is not secure from attack I Tall * Hacker groups frequently attack and test the security of such institutions and their security defenses are under constant review Federal officials also warned that computer users should be careful when clicking on such links because they sometimes may contain mallard that can infect computers. * The data is the basis of real persuasion and it is made up from data and facts.
From the sentence above, there is the fact that hacker groups nowadays frequently attack and test the security of many organization and institutions, so it can make people believe that the sensitive FBI data is not secure by the attack from hacker groups. Also this sentence gives the reader a sense of information from reading, that usually a very powerful element of persuasion. I Warrant I * Data breaches will individuals. * A warrant links data and other grounds to a claim, it can legitimate the claim by showing the data to be relevant.
From the article, the warrant is implicit, the sentence above assure that data breaches will always occur, which can support for the data above and also strengthen the claim, that the sensitive FBI data is absolute not secure from the attack. This warrant maybe simple but it gives space for other person to question and expose the weakness of its. I Backing I Protecting data from every possible avenue of attack is not possible. Backing is another support for those argument above, it gives additional support to the warrant by ensuring that protecting data is also vulnerable that the data can still be breach by others such as hackers.
I Rebuttal I * Knowing the number doesn’t enable the FBI to track or eavesdrop on people. * Rebuttal is the counter-argument that can be use to reduce the persuasive of those arguments above. From the sentence, it shows that knowing the number, which is the information, that hacker took from the attack, it doesn’t give the hacker the ability to track or eavesdrop on people. So it reduces the sensitive of the data that being stole by the attacker, and makes people feel relief, then decrease the important of the arguments.
I Qualifier I * If linked with other information such as a name or address, the numbers could be used as a way to get at other more sensitive data. * Qualifier indicates the strength of the leap from the data to the warrant. From the sentence, it shows another variants, which can reduce the seriousness of the situation, or strengthen the arguments. If linked with other information, it can be dangerous and lead to more sensitive data, that’s Just another possible outcome. It also can be the information that stole by the attacker is nothing more than numbers, and it’s not sensitive data.See More on Computer