SECURITY from undergoing any major or minor issues

 

 

 

 

 

 

 

 

 

 

 

 

 

SECURITY
ISSUES IN IT ORGANIZATIONS & SOLUTIONS

 

 

 

 

 

Aashish kanna
Mamidala

 

548558

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

 

In the growing age of
technology and IT field there are many advancements across multiple platforms
are being developed. Over two decades there are numerous technological
advancements were successfully implemented than ever before. These technological
advancements made life much easier and more efficient in ways no one could ever
imagined. There were technological advancements made in medical field, IT
field, banking field, entertainment field and so on, in uncountable number of fields.

These advancements made all the fields products to run more efficiently and
provide more quality end product o the consumer, thus making life easier and
efficient. These advancements are playing crucial part in our day to day life,
so having a secure and high functioning organization working on these
advancements is a very important aspect of today’s developments. In this paper,
I would like to present with few of the common security issues/threats faced by
any kind of organization, how they affect the organization and their current products
development. I would also present with techniques and steps any organization
can take to prevent and avoid these kind of security issues/threats and keep the
company’s product in safer environment. Improved knowledge of
the critical issues underlying information security can help practitioners,
researchers, and government employees alike to understand and solve the biggest
problems Knapp. By having a first-hand knowledge of
different kind of security threats one can be prepared for any kind of security
breach scenario and protect their organization from undergoing any major or
minor issues with their product development.

 

 

Security Threats

 

 

In the current
technologically advanced world there are more than few ways an organization can
undergo any kind of security breach or attack. A security threat/issue can be
defined as an unauthorized form of entry either from within or from outside of
the organizations environment which leads towards a leak of sensitive company
information to the wrong hands or a negative effective on the company’s product
development or effect the running product service which in turn effect the consumer’s
usage. These kind of affects are not acceptable for any kind of organizations
growth and decreases the companies value and cost a huge amount in shares and
product value. With the growth of technological field there are many kinds of
security threats any organization should have higher security measures in place
to avoid and/or deal with situations like these. Types of security threats any
organization can face are Hackers, lack of awareness by employees, Malware, vulnerable
infrastructure, security protocols etc. These days an organization has more
than one kind of security threats to be aware about, by having a knowledge of different
type of security threats the organization can be well prepared for all kind of situations.

By being so they can avoid any kind of threats to their products development or
usage and have a efficient running product.  The mentioned are some of the few security
effects organizations might face in the present day. With growing advancements
there are chances for new kind of security threats which might affect the company’s
product. As it’s said, It’s better to be safe
than sorry, so having an updated security protocols and having an idea of
current types of threats and being adaptable, one can avoid these kind of
security threats.

 

 

Awareness among employees

 

With organizations having numerous
employees there is a high chance of having a security threat from within the organization.

The employee might not know that the action he is performing might affect the company’s
security. This unknowing action might lead to a huge security threat for any
organization. Attacker target organizations employee with spam emails and
various other kind of lures, which granted look like they are from within the
company or a known source. If any employee clicks of these spam mails or traps,
then the attacker can have access to the company server or other sensitive
information. Having a weak password or the same password for more than certain
amount of time is not not advisable as attackers can get in to the
organizations server through employee’s passwords. The other way an employee
can play a role in the security threat is not having an updated anti-virus or
security protocols in place. Having an outdated system is a means for an attacker
to break in to the server. To prevent these kind threats all organizations
should have a security awareness program for all their employees regularly.

Keep all the employee updated on different kinds of security threats and what
actions should they take to avoid any kind of attacks is crucial. Having these
kind of knowledge an employee will be more careful around phishing attacks,
spam emails etc. Also keeping the anti-virus software updated regularly and
also updating security protocols will help in the successfully avoiding any
kind of security threats. Having a Awareness Program for employees in a regular
period basis keeps their security protocols refreshed, they should also be
changing their passwords on frequent intervals. Having access based on the
level of clearance to any kind of sensitive information also helps a lot on
these kind of security threats. A good way
to reinforce what has been learned is to offer rewards and positive feedback to
employees for improving their security behavior Luis 2007. By providing
rewards to the employees for updating their security and announcing it in mass
emails it will help keep other employees to make more than usual effort in keep
their security measures updated. An employee should always be an asset to any
organizations but not a opening for security threats. So keeping employee
updated with awareness program can play a crucial role is avoiding security
threats.

 

 

Malware

 

Malware, short term for malicious
software, is a term referred for any kind of viruses, spyware, hacking
software, fake security updates etc. In any organizations infrastructure there are
multiple devices which are used for product development and maintenance.

Keeping these devices malware free is one of the crucial job for any organizations
security protocols. Malware can be in any kind of form they can be seen as a unidentified
spyware automatically installed on a certain device or they can also be seen in
a form of a security update from a unknown source, which look like the
original. These malwares are present on the world wide web, by accessing any
kind of unauthorized site these malwares can automatically be installed on to
the device. Malware programs are known for accessing
not only personal information but also the company’s private information and broadcasting
it to public and other third parties. These kinds of sensitive information leak
are a high security threat in any organization. Many types of malware contain
files usually identified as Trojan viruses, they install on to the deive with
out content and sit at the root of the device. Any viruses on the device, the malware
is the root for it.

For instance, AOL Instant Messenger comes with
WildTangent, a documented malware program. Some peer-to-peer (P2P)
applications, such as KaZaA, Gnutella, and LimeWire also bundle spyware and
adware. While End User License Agreements (EULA) usually include information
about additional programs, some malware is automatically installed, without
notification or user consent. Malware
are very difficult to remove or uninstall from a device. They store in unconventional
places and are being hidden y regular uninstaller. Thus removing malware will
be a hard task. Even one figure out a way to uninstall a malware, it leaves a
copy of itself on the device. Prevention
is better than cure, this can be applied in this scenario.  Having security measures against these kind
malwares and avoiding them in the first place is the best and first action any
kind of organization should participate in. Also having a restricted access of
the world wide web is a good step towards avoiding malware. Keeping updated security
protocols on these kind of malware and blocking them entering into the devices
is a good measure to take. Having a restricted access to web and monitoring the
traffic on the browsers helps avoiding malware to be installed on the devices.

 

 

 

 

 

 

 

 

 

 

 

Vulnerability Management

 

As the name
suggests, Vulnerability Management,
is a part of an organizations which deals with any and all kind of information
leak and security threats. Including vulnerable infrastructure and more. This
management in any organizations helps to resolve any kind od threats and keep
the company updated on the current and latest security protocols. By having
this Vulnerability management
in place the organization can be sure of keeping the updated anti-virus and security
protocols in place. The job of this Vulnerability management can be divided in to four
steps which are Discovery, Reporting,
Prioritization and Response. The management follows these
four steps in a continuous cycle keeping the sensitive information safe and
secure.

 

Discovery, in this step the management
takes all the information and infrastructure in to account and makes a though
read on them and divides them in to their respectable categories. Such as
confidential, public, accessed vis clearance and so on. By having these kind of
information discovered and made in to group it’s easy to keep track of what
kind of information is been published, whether is should be or not. Every single
device in the organization should go through the discovery step to get all the
information in the company. Thus keeping the company’s information documented
and having security measures placed according to categories. Reporting, in the
step the management reports all the data in has gathered in the discovery step
in to tasks of security clearance and can be used in future security purposes.

Priorities, this is a main step in the management, this creates the priorities
of the data in the company and tags them accordingly. Thus the management team
can know which of the information has what kind of priority. Having this information
is crucial to provide security level to that information.

Response, in this step the
team responds to any kind of security threat facing by the organization. It
takes all the data it gathered from the previous steps and gives security levels
to the information and keeps them locked away from any more damage. By doing
so, the attacker cannot have access to high level information and the team
takes action to shut down the attacker completely. This response is one the
crucial steps of vulnerability management.

Every company should have a vulnerability
management team working these steps in a contionus action to keep any kind of
security threats at bay. Vulnerability
management is only one piece of a security program, an organization should also
invest in high security infrastructure which is hard to get into without authorized
access. By having all these in place an organization will achieve a high secure
environment.

Conclusion

 

 

In this paper I
went through different kinds of security threat any kind of organization might
face and explained to my best how to avoid and overcome these situations.

Having a good secure infrastructure and environment is crucial for any
organizations development, which in turn effects on the growth of the
advancements the company is working towards to. Even with having the best
security protocols and updated software, there still might be a minor security
issue which can cause damage to the organizations, in these scenarios the company
should be pro-active and deal with the situation on the spot. By dealing and
resolving these kind of security threats the company should keep getting
updating on the current threats, also they should update their security
protocols to the new threats, so they can avoid that in the future. By being on
the contant watch over the information traffic, providing awareness to the
employees, keeping high security protocols and updating then frequently an
organization can achieve a safe and secure work environment where one can focus
on advancements of the future.

 

 

 

 

 

 

 

 

References

Knapp, K.

(n.d.). The Top Information Security Issues Facing Organizations. Retrieved

            December 10, 2017, from http://www.infosectoday.com/Articles/topissues.pdf

 

Navarro, L.

(2007, February 21). Train employees – your best defense – for security
awareness.   Retrieved December 10, 2017,
from https://www.scmagazine.com/train-employees–   your-best-defense–for-security-awareness/article/552839/

 

Malware:
Viruses, Spyware, Adware & Other Malicious Software. (n.d.). Retrieved
December

            10, 2017, from https://www.umass.edu/it/security/malware-viruses-spyware-adware- other-

            malicious-software

 

What is
Vulnerability Management Anyway? (2013, May 8). Retrieved December 10, 2017,
from           https://www.tripwire.com/state-of-security/vulnerability-management/what-is-           vulnerability-

            management-anyway/

 

Darmanin , J.

(2009, August 03). 10 Security Threats to an Organization. Retrieved December
10,           2017, from

10 Security Threats to an Organization – Part 1