Organisational Information Assets

Topics: Security, Risk, Computer security Pages: 5 (1691 words) Published: August 27, 2013
Assignment – Part A
Question 1: Identify and discuss the factors that are contributing to the increasing vulnerability of organisational information assets. (~250 Words)
There are many factors that are contributing to the increasing vulnerability of the organisational information assets, it includes both internal and external, can be made by human (intentional or unintentional) or technical, and don’t overlook the environment (Whitman 2003, p.92). Nowadays, as the information system growing, the factor that has the most impact on the increasing of vulnerability is compromises to intellectual property. This act can be done within the organisation or outside. From inside the organisation, disgruntled employees who are angry about lay-offs, transfers, and also other who hold grudge against the organisation (Shaw, Ruby and Post 2010, p.3) can commit it. In other cases, employees who take advantage of their position of trust for financial gain. From the outside, there are hackers who employed by other organisation or act as individual, those are also will try to collect as much as information from the targeted organisation to get benefit from selling those information. The next important factor is from the technical or unintentional made by the employees. The information system from an organisation is all about technology, so the technical error can happen anytime depend on how good the organisation cans maintenance the system, also the unintentional act from the employees can be the cause of the technical failure that lead to the vulnerability of the organisational information assets. Question 2: Contrast unintentional and deliberate threats to an information resource. Provide two (2) examples of both. (~250 Words)

The unintentional and deliberate threats are two major categories of threats that represent as serious threat to the information system. The unintentional threats can be made by human mistakes such as carelessness while using laptops or computer devices, also while surfing Internet outside the organisations or through conversation. These are all unintentional act that will invite attacker to take actions against the organisation. For example, while outside the organisation, individual can bring their laptop to internet café to continue their work, however the internet café is an environment that can make all your information expose to the different organisation, because the people passing through can see what you doing and can take advantage of that situation. On the other hand, deliberate threat is the intentional illegal acquisition of the information from the organisation, with the intent to blackmail the organisation with the threat of publication, dissemination, or use. For example, from the fashion industry, the new design is always top secret of the company, so if one can stole or collects that information which is the design, that can be dangerous to the company, and also benefit the others in the industry, so this act usually happen in the fashion industry. Question 3: Explain each of the following types of remote attacks: virus, worm, phishing, and spear phishing. What approach could you use to mitigate these information security risks within an organisation? Describe a scenario. (~250 Words) -Virus: Designed to keep replicate, it can infect your programs and files, alter the way the computer operates or stop it from working altogether. (1) -Worm: they are reproducing programs that run independently and travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread. (1) -Phishing: is the act of others attempted to steal your personal information. It usually comes under email invitation. (1) -Spear Phishing: is a more specialized phishing scheme, it targeting specific employee in order to gain access to a company’s information. (1) Virus and worm can attack your computer during web surfing, email, advertisement on the internet....

Bibliography: Reference List:
Abrams, MD 1998, NIMS Information Security Threat Methdology, MITRE, 15 August 2013,
<http://www.mitre.org/work/tech_papers/tech_papers_98/nims_information/nims_info.pdf>
Acker, R 2013, Keeping information Assets secure, Enhance your IT strategy, 17 August 2013, <http://www.bcs.org/upload/pdf/keeping-information-assets-secure.pdf>
Gantz, S 2008, Risk Management, Security Architecture, 20 August 2013, <http://securityarchitecture.com/docs/Risk_Management_Overview.pdf>
Get Cyber Safe 2013, Common Threats to be aware of, 17 August 2013, <http://www.getcybersafe.gc.ca/cnt/rsks/cmmn-thrts-eng.aspx> (1)
Griffin, JS 2008, Insider threats to Information Systems, Griffin and Grimaila, 21 August 2013, <http://sais.aisnet.org/2008/4cGriffinGrimaila.pdf>
Information Security 2011, Risk Management, 15 August 2013, <http://www.csus.edu/irt/is/riskmanagement/riskmanagement.html>
Shaw, ED, Ruby, KG, Post, JM 2010, The insider Threat to information System, Political Psychology Associates, 15 August 2013, <http://www.dm.usda.gov/ocpm/Security%20Guide/Treason/Infosys.htm>
Whitman, ME 2003, Enemy At Gate: Threats To Information Security, Communication of the ACM, 20 August 2013, <http://classes.soe.ucsc.edu/cmps122/Spring04/Papers/whitman-cacm03.pdf>
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Information System Essay
  • Organisational Theory Essay
  • Organisational Information System Essay
  • Asymmetric Information. Essay
  • Essay about Information
  • Essay on Information Technology
  • Information Processing Essay
  • INFORMATION Essay

Become a StudyMode Member

Sign Up - It's Free