Information security policy is one of the most important factors for any organization. Information security is actually implemented to secure all the important documents and also the information that are most relevant for any particular organization. In order to maintain or implement the information security policy classification of the particular information and at the same time proper control is also conducted with the help of information security policy standards. Information security for any particular organization can be constructed in two manner and that are physical security and personal security. In case of IT industry it is mostly required because with the help this security policy it is possible to avoid and reduce any kind of vulnerability and thefts that can affect especially the data base of any organization.
Most of the organization deals with huge number of data and information every day. Therefore it is very important to provide proper protection for all those data that are going to be stored in the database. If the security of the data base gets compromised then it is possible for the hackers to access all those information. Hence, information security is most important. Information security generally provides the data availability, data confidentiality and at the same time data integrity. availability suggests the availability of data means the quality (Cavelty & Mauer, 2016). Confidentiality suggests the security or one kind of protection of data. The term, integrity suggests proper consistency and accuracy.
Potential Vulnerabilities of an organization
Vulnerability assessment or analysis is a process that identifies, defines and also classifies the vulnerabilities in a device, communication or network system. The vulnerability analysis includes some steps as follows:
● Identification of potential threats to every resource.
● Classification of network system.
● Definition of resources.
● Development of a strategy for dealing with potential problems.
● Implementation of new ways to reduce the consequences during attack
● Assigning some relative levels to the resources.
The vulnerability disclosure is required if there are some security holes present. So, the organization or the responsible industry can make a disclosure (Xu et al. 2014). The vendor can give a certain period of time to solve the problem if the vulnerability is not implemented at the higher level. White hat and ethical hacking are two techniques which is related to identify potential threats. The security expert can make a disclosure by using these two important techniques.
Explanation
Risk=Threats*Vulnerabilities
Risk
● Loss of confidentiality
● Loss of data
● Loss of privacy
● Business disruption
● Legal penalties
Threats
● Unauthorized users
● Hackers
● Governments
● Criminals
Vulnerabilities
● Legacy systems
● Software bugs
● Human error
● Hardware flaws
There are some types of vulnerabilities present in an organization:
● Human vulnerabilities
● Hardware or software vulnerabilities
● Emanation vulnerabilities for radiation
● Physical and natural vulnerabilities
There are some key actions that are related to vulnerabilities in an organization:
It is considered to understand the common attacks. Attacks may be on the network or within the network and the attackers do not know the person for attacking.
It is important to use the vulnerability scanning tools. These tools are used for open ports or another weakness. It is noted to establish the entire list of potential vulnerabilities. A care should be needed to identify unknown on the network.
Thefts
Major thefts for any organization or especially for any IT organization are the foreign computer hackers. All those hackers mainly target or their intention us to steal all the important information and also steal all the national security related secret. Apart from that with the help of various kind of spam they can hamper the server security. Generally those hacker increase the network traffic therefore it creates problem in the time of data transfer (Lowry et al. 2015). Therefore for any organization network server and the IP address need to be very confidential. Beside that some time unauthorized user can access all the important information of any particular organization. If unauthorized user can access all those data then security gets totally compromised.
Impacts
Major impact of this kind of activity is that it breaks the confidentiality and data accuracy. Apart from that some time hacker collect all the information of any particular organization and then share all those information with their rivals. Apart from that another major impact of the information security is the possibility of data loss or information loss. If the information is not properly protected then hackers can destroy or manipulate all the data.
Holding a PhD degree in Finance, Dr. John Adams is experienced in assisting students who are in dire need...
55 - Completed Orders
Canada, Toronto I have acquired my degree from Campion College at the University of Regina Occuption/Desi...
52 - Completed Orders
Even since I was a student in Italy I had a passion for languages, in fact I love teaching Italian, and I...
102 - Completed Orders
To work with an organization where I can optimally utilize my knowledge and skills for meeting challenges...
109 - Completed Orders
JOB OBJECTIVE Seeking entry level assignments in Marketing & Business Development with an organization...
202 - Completed Orders
Current work profile Project manager- The Researchers Hub (2nd Jan 2016 to presently working) Researc...
20 - Completed Orders
Sales Assistant, Mito Marina Assigned to the Stationery dept – assisted in merchandising, stock taking...
100 - Completed Orders
Personal Profile Dedicated and highly experienced private chauffeur. High energy, hardworking, punctua...
200 - Completed Orders
I'm Lizzy, full time education specialist in English, Essay Writing, Economics and Maths. Having Assi...
109 - Completed Orders