Information Security

Introduction

Information security policy is one of the most important factors for any organization. Information security is actually implemented to secure all the important documents and also the information that are most relevant for any particular organization. In order to maintain or implement the information security policy classification of the particular information and at the same time proper control is also conducted with the help of information security policy standards. Information security for any particular organization can be constructed in two manner and that are physical security and personal security. In case of IT  industry  it  is  mostly required because with the help this security policy it is possible to avoid and reduce any kind of  vulnerability and  thefts  that  can affect   especially  the data  base of  any organization.

Discussion of the topics

Most of the organization deals with   huge   number of data and information every day.  Therefore it  is very  important  to  provide  proper protection for all those  data  that  are going  to  be stored in the database. If the  security of  the data  base  gets  compromised then it  is  possible  for the hackers  to access all  those  information. Hence, information security is most important. Information security generally provides the data availability, data confidentiality and at the same time data integrity. availability suggests the availability of data means the quality (Cavelty & Mauer, 2016). Confidentiality suggests the security or one kind of protection of data. The term, integrity suggests proper consistency and accuracy.

Identify and explain all the potential vulnerabilities

Potential Vulnerabilities of an organization

Vulnerability assessment or analysis is a process that identifies, defines and also classifies the vulnerabilities in a device, communication or network system. The vulnerability analysis includes some steps as follows:

●         Identification of potential threats to every resource.

●        Classification of network system.

●        Definition of resources.

●         Development of a strategy for dealing with potential problems.

●        Implementation of new ways to reduce the consequences during attack

●            Assigning some relative levels to the resources.

The vulnerability disclosure is required if there are some security holes present. So, the organization or the responsible industry can make a disclosure (Xu et al. 2014). The vendor can give a certain period of time to solve the problem if the vulnerability is not implemented at the higher level. White hat and ethical hacking are two techniques which is related to identify potential threats. The security expert can make a disclosure by using these two important techniques.

Explanation

Risk=Threats*Vulnerabilities

Risk

●        Loss of confidentiality

●        Loss of data

●        Loss of privacy

●        Business disruption

●        Legal penalties

Threats

●        Unauthorized  users

●        Hackers

●        Governments

●       Criminals

Vulnerabilities

●        Legacy systems

●        Software bugs

●       Human error

●       Hardware flaws

There are some types of vulnerabilities present in an organization:

●           Human vulnerabilities

●           Hardware or software vulnerabilities

●       Emanation vulnerabilities for radiation

●         Physical and natural vulnerabilities

There are some key actions that are related to vulnerabilities in an organization:

It is considered to understand the common attacks. Attacks may be on the network or within the network and the attackers do not know the person for attacking.

It is important to use the vulnerability scanning tools. These tools are used for open ports or another weakness. It is noted to establish the entire list of potential vulnerabilities. A care should be needed to identify unknown on the network.

Appropriate threats, impacts, risks (likelihood) and countermeasures demonstrated

Thefts

Major thefts for any organization or especially for any IT organization are the foreign computer hackers. All those hackers   mainly target or their intention us to steal all the important information and also steal all the national security related secret. Apart from that with the help of various kind of spam they can hamper the server security. Generally those hacker increase the network traffic therefore it creates problem in the time of data transfer (Lowry et al. 2015). Therefore for any organization network server and the IP address need to be very confidential. Beside that some time unauthorized user can access all the important information of any particular organization. If unauthorized user can access all those data then security gets totally compromised.   

Impacts

Major impact of this kind of activity is that it breaks the confidentiality and data accuracy. Apart from that  some time hacker  collect  all the    information  of  any  particular organization and  then share all those  information with  their   rivals. Apart from that another major impact of the information security is the possibility of data loss or information loss. If the information is not properly protected then hackers can destroy or manipulate all the data.