Entifying Information Assets, Threats, and Vulnerabilities in Top Assignment

Entifying Information Assets, Threats, and Vulnerabilities in Top Information Security Breaches of the Decade - Assignment Example If is not resolved, it can lead to very serious information security. The electronic or the physical security systems are not the organization’s weakest security link; human are the one with the weakest links. It is always assumed that the insider threats originate from rogue workers or planted ‘moles’, IT administrators and managers who are privileged to the access of sensitive information, controls and resources poses the greatest risk. They can start and stop a system, make changes that are critical such as giving the rights to access and untraceably deleting security logs. This threat is devoted to describing the mechanisms used for compromising organizational intellectual property from within (Gupta, et al. 2012). A lot of security incidents are caused by insider misuse i.e. accidental or malicious. A lot of misuse occurs within the boundaries of trust necessary to perform duties. Preventing the misuse is difficult as the only way to stay secure is to grant a ccess rights only to those with business need and to keep an eye on their activities. The problem is that the majority of organizations have very limited capabilities to trace specific IT events to specific users, with any certainty. A small fraction of IT teams are aware of what is going on in their infrastructure in a particular time and some organizations look manually through files so as to get answers. Unauthorized access by insiders; by accessing the organization’s secured areas physically, or materials that have data which is sensitive make it very easy for a crime to be committed by malicious insiders. The physical security measures of an organization are as important as the technical security controls. This threat is emerging as a great risk to corporate data. The vulnerability that led to this attacks are; unauthorized access even when credentials are missing, lack of managing the threat of shared password, failing to ensure