Information Security Risk Assessment : Importance
Added on 2022-09-05
6 Pages1427 Words16 Views
|
|
|
INFORMATION SECURITY RISK ASSESSMENT 1
INFORMATION SECURITY RISK ASSESSMENT
Student Name
Institution
Facilitator
Course
Date
INFORMATION SECURITY RISK ASSESSMENT
Student Name
Institution
Facilitator
Course
Date
INFORMATION SECURITY RISK ASSESSMENT 2
Executive Summary
Most organizations don’t consider the importance of securing their security systems until they
are breached, resulting in heavy losses and many unanswered questions. In most cases, security
breaches occur as a result of the failure of employees to adhere to organization policy. While
some organizations claim that security risk assessment is paranoid, preventive measures have
proved to save them countless resources and heartache in the long run. Thorough security risk
assessment is the most important thing that must be put in place to improve the system’s security
as it ensures that the security systems of an organization can adequately protect it against
potential threats (Cherdantseva et al, 2016, p.23). According to the government reports on data
breaches, there are three sources of data breaches that have been identified. The main one has
been identified as the malicious or criminal attacks followed by human errors and then the
system faults. Among the three data breaches, six personal information sources have been
identified as the main targets of the breaches. The first target has been identified as the contact
information followed by financial details and the identity information. Health, TFN and any
other sensitive information have also been considered among the main targets of data breaches.
Security Risk Assessment
According to the reports, data breaches have been identified as the main cybersecurity risk.
Basically, data breaches in these reports are the security incidents in which organization data/
information is accessed by unauthorized people either internally or externally. It has been
attributed to three main sources; malicious attacks, human errors and system faults. Malicious
attacks are the attacks that are done intentionally by a third party with an aim of compromising
Executive Summary
Most organizations don’t consider the importance of securing their security systems until they
are breached, resulting in heavy losses and many unanswered questions. In most cases, security
breaches occur as a result of the failure of employees to adhere to organization policy. While
some organizations claim that security risk assessment is paranoid, preventive measures have
proved to save them countless resources and heartache in the long run. Thorough security risk
assessment is the most important thing that must be put in place to improve the system’s security
as it ensures that the security systems of an organization can adequately protect it against
potential threats (Cherdantseva et al, 2016, p.23). According to the government reports on data
breaches, there are three sources of data breaches that have been identified. The main one has
been identified as the malicious or criminal attacks followed by human errors and then the
system faults. Among the three data breaches, six personal information sources have been
identified as the main targets of the breaches. The first target has been identified as the contact
information followed by financial details and the identity information. Health, TFN and any
other sensitive information have also been considered among the main targets of data breaches.
Security Risk Assessment
According to the reports, data breaches have been identified as the main cybersecurity risk.
Basically, data breaches in these reports are the security incidents in which organization data/
information is accessed by unauthorized people either internally or externally. It has been
attributed to three main sources; malicious attacks, human errors and system faults. Malicious
attacks are the attacks that are done intentionally by a third party with an aim of compromising
INFORMATION SECURITY RISK ASSESSMENT 3
or gaining unauthorized access to an organization system while human errors are the errors
committed by the organization employees which leads to data breaches. The last source, system
faults are the weaknesses in the organization systems which leads to data breaches. The data
breach has been linked with some negative impacts on businesses and consumers. For instance,
some reports have considered their cost to be capable of damaging lives and organization
reputation that can take time to repair (Das et al, 2019, p.970). Cybercrime has been considered a
profitable industry for the attackers which have been growing. It has been attributed to the
motivation of hackers who seek to obtain identifiable information which can enable them to steal
money, sell over the dark web or compromise identities. There are a number of ways through
which human errors lead to data breaches. The main one has been identified as the inadvertent
disclosures which entail sending documents that contain personal information to incorrect
recipients. In regard to system faults, lack of robust security measures in organization systems
such as the lack of encryption when sharing information and weak authentication have been
linked with security faults (Wu, et al, 2016, p.153). In consideration of malicious attacks, a
number of approaches through which data breach is achieved have been identified in the reports.
Among the main ones include; hacking, phishing, malware, ransomware, brute force attacks,
stolen credentials and others.
Business Requirements Analysis
Based on the causes of data breach identified in the reports, business organizations must put
some measures in place in order to minimize data breaches. The initial step towards this
achievement would entail drafting an information security policy for the business organization to
act as the guideline. Information security policy would ensure that the organization technology
or gaining unauthorized access to an organization system while human errors are the errors
committed by the organization employees which leads to data breaches. The last source, system
faults are the weaknesses in the organization systems which leads to data breaches. The data
breach has been linked with some negative impacts on businesses and consumers. For instance,
some reports have considered their cost to be capable of damaging lives and organization
reputation that can take time to repair (Das et al, 2019, p.970). Cybercrime has been considered a
profitable industry for the attackers which have been growing. It has been attributed to the
motivation of hackers who seek to obtain identifiable information which can enable them to steal
money, sell over the dark web or compromise identities. There are a number of ways through
which human errors lead to data breaches. The main one has been identified as the inadvertent
disclosures which entail sending documents that contain personal information to incorrect
recipients. In regard to system faults, lack of robust security measures in organization systems
such as the lack of encryption when sharing information and weak authentication have been
linked with security faults (Wu, et al, 2016, p.153). In consideration of malicious attacks, a
number of approaches through which data breach is achieved have been identified in the reports.
Among the main ones include; hacking, phishing, malware, ransomware, brute force attacks,
stolen credentials and others.
Business Requirements Analysis
Based on the causes of data breach identified in the reports, business organizations must put
some measures in place in order to minimize data breaches. The initial step towards this
achievement would entail drafting an information security policy for the business organization to
act as the guideline. Information security policy would ensure that the organization technology
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Contingency Operations Assignmentlg...
|9
|1570
|33
ITC596 - VIC Government - Security Risks and Concernslg...
|12
|3080
|34
Data Integrity Breacheslg...
|4
|754
|330
Risk Assessment for Information Technology, Human Resource, and Network Infrastructurelg...
|3
|840
|79
BYOD Policy Design for Southern Cross Universitylg...
|8
|1829
|264
Security of Data in the Cloudlg...
|4
|950
|87