Threats to Information Security

Verified

Added on 2022/11/23

AI Summary

This report focuses on the major threats to information security and the various ways by which an incident response plan can be developed in order to respond to the immediate threats. It covers human error and mistakes, malicious human activity, natural events and disaster, ethical issues, and real-world case studies.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: THREATS TO INFORMATION SECURITY
Threats to Information Security
Name of the student:
Name of the university:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1THREATS TO INFORMATION SECURITY
Table of Contents
Introduction:....................................................................................................................................2
Threats to information Security.......................................................................................................2
Human error and mistakes:..........................................................................................................2
Malicious Human Activity:.........................................................................................................3
Natural Events and Disaster:.......................................................................................................3
Respond to Security Incidents.........................................................................................................4
Disaster-Recovery backup sites:..................................................................................................4
Incident Response Plan:...............................................................................................................4
Ethical Issues...................................................................................................................................5
Major ethical issues:....................................................................................................................5
Real world case and action:.........................................................................................................6
Conclusion:......................................................................................................................................6

2THREATS TO INFORMATION SECURITY
Introduction:
In the context of computer security, information threat is referred to as the potential to
cause any harm to the information stored within a computer system (Johnson et al., 2016). These
threats are vulnerable to the potential attacks in computer systems resulting in damage of the
entire computer system (Tosh et al., 2015). As many current issues are gradually emerging in the
context of information security threats, this report is prepared so as to focus on the major threats
to information security and the various ways by which an incident response plan can be
developed in order to respond to the immediate threats.
Threats to information Security
Human error and mistakes:
According several reports that are published, it is evident that most of the cyber threat
that are caused in today’s world are mainly because of the employee negligence and are often
termed as human errors and mistakes (Evans et al., 2016). This type of human error and mistakes
often lead to disruption of the entire business network allowing hackers to get hold of credential
information.
The most common types of human error and mistakes are as follows:
1. Clicking on unknown links: Clicking on unknown link by individuals can lead to attack of
malware in the system while causing disruption of the entire system.

3THREATS TO INFORMATION SECURITY
2. Opening unknown attachments: Often employees within company are known to have been
opening attachments from unknown mails or links. This is one kind of human error that can lead
to severe malware attack.
3. Entering confidential information into a seemingly familiar account: Accessing
information of individuals within the company is a type of human error that is often carried out
leader to intruder attack.
Most of these errors are driven by social engineering allowing hackers to take advantage
of the careless human behavior in order to successfully conduct a scam.
Malicious Human Activity:
1. Pharming: Pharming is a type of online fraud activity and is a part of malicious human
activity leading to stealing of confidential information of individuals or organizations (Adewole,
Durosinmi & Polyetchnic, 2015).
2. Phishing: Phishing is the most well-known malicious activity leading to information threat
while accessing accounts of individuals and stealing credentials (Nirmal, Janet & Kumar, 2015).
3. Spoofing: Spoofing is a type of technique often carried out in combination with phishing
while attempting to get hold of confidential information (Lichtman et al., 2016).
Natural Events and Disaster:
Natural disaster and events are known to have been one of the causes of large amount of
cyber-attacks and mass incidents of data theft. 3 samples of natural disasters are hence listed as
follows:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4THREATS TO INFORMATION SECURITY
1. Floods: Flooding is one of the most frequently faced natural disaster that can lead to
disruption of critical infrastructure worldwide while hampering the economic condition of
business failing to protect the information systems during the disaster.
2. Earthquakes: Occurrence of earthquakes can lead to the misbalance of the information
structure causing damaging consequences.
3. Cyclone: Another noteworthy disaster needs to be mentioned of is the occurrence of cyclone.
Occurrence of cyclone can lead to breakdown of the entire physical foundation of information
system leading to failure of digital networks and enabling threats to information system.
Respond to Security Incidents
Disaster-Recovery backup sites:
Cyber security should be the top most priority for all business types and in order to
mitigate the issues related to information threat proper incident response plan need to be
developed. 3 of the major disaster preparedness tasks that organizations need to adopt are as
follows:
1. Mitigation: The first and foremost preparedness task of disaster recovery is the step of
mitigation. It involves reducing the vulnerability of the disaster while adopting mitigating
measures.
2. Response: Response is the immediate preparedness task falling under disaster recovery
management plan. It includes saving of lives while meeting the all types of needs in order to
assess the damage caused due to information security threats.

5THREATS TO INFORMATION SECURITY
3. Recovery: The third most preparedness task of disaster recovery plan is known as recovery.
This task is known to be the restoration of all the impacts of the disaster while achieving a degree
of physical, economic, environmental and social stability of the incident.
Incident Response Plan:
Three major factors that are involved in the incident response plan are-
An optimal management of incident response plan consists of the following factors:
1. A comprehensive plan: An incident response plan should represent comprehensive view of
the proposed plan so as to prepare the team members to dela with the threats while identifying
severity of the information threat.
2. Right people in place: A proper incident response plan should have the right people in place
that will follow the role for carrying out the incident response plan while managing, analyzing
and researching the threats to information security.
3. Tools: Selecting the appropriate tools is an important factor in incident response plan as they
work alongside as the security measures for the prevailing problems related to information
security (Tirumala, Sathu & Naidu, 2015).
Ethical Issues
Major ethical issues:
The three major ethical issues that are faced by IT professionals are as follows:

6THREATS TO INFORMATION SECURITY
1. Privacy: Maintaining the privacy of the different kinds of information assets is the most
important ethical issue that is faced by IT professionals. Many of the organizations do not store
their information assets properly and hence are vulnerable to various cybercrimes.
2. Accessibility: Another main important issue faced by IT professional is maintaining the
accessibility of data by different individuals. In many organizations neutrality is not maintained
and thus intruders can also access files that are confidential.
3. Security: Securing the information is one of the due responsibility of IT professional where
they often fails and thus leaving the information assets vulnerable to malicious attacks.
Real world case and action:
The ethical issue faced by Volkswagen is one of the noteworthy one in case of real world
case study (Tirumala, Sathu & Naidu, 2015). The company programmed their engine in such a
way so that while testing the pollution test, the engines were engaged in such a way so that it
emits omission at an allowable level. But soon after test, the programs in the computers were
disabled placing the engine back to the operational state.
This is one kind of unethical behavior as they programmed their systems in such a way
misleading the customers and forcing them to buy the brand.
Soon after this ethical issue is discovered, the company offered cash to those who had
been affected by their misdeed and also offered free emergency roadside assistance to the
customers.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7THREATS TO INFORMATION SECURITY
Conclusion:
Thus from the above report it can be concluded that maintain information assets is one of
the vital thing that every organization need to take care of while implementing proper incident
response plan so as to mitigate the future cyber security threats by identifying them efficiently.

8THREATS TO INFORMATION SECURITY
References:
Adewole, A., Durosinmi, A., & Polyetchnic, M. A. (2015). Social engineering threats and
applicable countermeasures. African Journal of Computing & ICT, 8(2).
Cavico, F. J., & Mujtaba, B. G. (2016). Volkswagen emissions scandal: a global case study of
legal, ethical, and practical consequences and recommendations for sustainable
management. Global Journal of Research in Business & Management, 4(2), 303-311.
Evans, M., Maglaras, L. A., He, Y., & Janicke, H. (2016). Human behaviour as an aspect of
cybersecurity assurance. Security and Communication Networks, 9(17), 4667-4679.
Johnson, C., Badger, M., Waltermire, D., Snyder, J., & Skorupka, C. (2016). Guide to cyber
threat information sharing(No. NIST Special Publication (SP) 800-150 (Draft)). National
Institute of Standards and Technology.
Lichtman, M., Jover, R. P., Labib, M., Rao, R., Marojevic, V., & Reed, J. H. (2016). LTE/LTE-
A jamming, spoofing, and sniffing: threat assessment and mitigation. IEEE
Communications Magazine, 54(4), 54-61.
Nirmal, K., Janet, B., & Kumar, R. (2015, February). Phishing-the threat that still exists. In 2015
International Conference on Computing and Communications Technologies
(ICCCT) (pp. 139-143). IEEE.
Tirumala, S. S., Sathu, H., & Naidu, V. (2015, December). Analysis and prevention of account
hijacking based incidents in cloud environment. In 2015 international Conference on
Information Technolo

9THREATS TO INFORMATION SECURITY
Tosh, D., Sengupta, S., Kamhoua, C., Kwiat, K., & Martin, A. (2015, June). An evolutionary
game-theoretic framework for cyber-threat information sharing. In 2015 IEEE
International Conference on Communications (ICC) (pp. 7341-7346). IEEE.