access control

profilealokreddy
gowtham.docx
Home>Information Systems homework help>access control

51 minutes ago

Gowtham Sagi 

Discussion 2: Threat and Vulnerability

COLLAPSE

Top of Form

A vulnerability is a weakness in the system and a threat is a possible danger that can cause harm to the system. Threats exploit a vulnerability in the system. Threats can result in data breaches thus damaging any organizations reputation. Threats can be classified into natural, intentional and unintentional threats. A Tsunami can be a natural threat to an organization’s data center. Employees of the organization can cause intentional or unintentional threats to any businesses. For example, an organization’s security team did not revoke the accesses of an employee who is fired from the company. This is a vulnerability in the organizations' system as the fired employee can now be a threat to the company. Vulnerability in information systems can be due to improper system design, lack of governance and poor access control mechanisms etc. Even though, sometimes threats and vulnerabilities are outside of business control, organizations should continuously evaluate their systems to monitor for vulnerabilities in their systems.

Businesses should assess what are the threats and vulnerabilities in their current system. Either qualitative or quantitative analysis can be performed to analyze the risk that a threat can cause because of a vulnerability in the system. After quantifying and prioritizing the risks, a business can implement solutions to mitigate the risks. Threats or vulnerabilities can be minimized by setting up multiple levels of access control so that an attacker needs to crack all the levels of access control to stole data. Also, continuous monitoring of the system is important. Businesses can set up alerts whenever a suspicious network activity is detected. Also, a business can control risk by training the employees on the importance of minimizing vulnerabilities in the system. For example, through social engineering, many people steal passwords from other employees. So, proper training programs can be created to make sure that employees are aware of threats.

 References:

1. https://www.bmc.com/blogs/security-vulnerability-vs-threat-vs-risk-whats-difference/

2. Chapple, M., Ballad, B., Ballad, T., & Banks, E. (2014). Access control, authentication, and public key infrastructure. Burlington, MA: Jones and Bartlett

Bottom of Form