USB Security Threats
Information Security is a vague term used to describe any aspect of a system used either intentionally or not for protection of information systems. Although security of information systems ranges from the personnel accessing the system to the hardware and software specifically designed for security, it also includes external devices such as a Universal Serial Bus (USB) drive. The practicality of such devices make them popular for users at every level within an organization but the security risks involved with users transferring data from machine to machine quickly becomes a struggle for security and management personnel. The article written by Pfleging (2008) makes many statements regarding the security issues with USB drives some of which are analyzed below.
The article, The Forgotten Security Hole: USB (Pfleging, 2008) states USBs are “potentially one of the worst security holes you have.” Although the risks associated with transferring data from one machine to another are significant, many other inadequate security practices could have at least an equal effect such as improper disposal. Loeb (2000) reported of a legal case in which a CIA agent allegedly “sold 25 laptop computers at public auction 'while still containing Top Secret information on their respective hard drives.'" Incidents such as this could be catastrophic.
Pfleging (2008) also writes how compromising confidential information “can involve privacy laws at the state and federal levels, dictating large fines. An organization's reputation, and thereby its ability to attract new investors or customers, might be damaged or even destroyed.” Any corporation with an incident such as this could easily suffer great financial losses in today’s technical and struggling economy. Swartz (2006) states, “according to the 2005 “Computer Security Institute (CSI)/Federal Bureau of Investigation (FBI) Computer Crime and Security Survey," average financial losses from unauthorized access to...
Please join StudyMode to read the full document