Please enable JavaScript.
Coggle requires JavaScript to display documents.
Internal Threats To Systems And Data (Use Of Portable Storage Devices…
Internal Threats To Systems And
Data
Unintentional Disclosure Of Data
Data stored on paper, hard disks or removable media is left on trains or on cars.
Computer security or encryption is not used or sufficient to stop a data breach occurring.
Too much or confidential information is
given to an employee or customer.
Intentional Stealing Or Leaking Of Information
IT systems being compromised.
Incorrect file privileges being given to users.
Information not being destroyed before it is disposed of.
Users Overriding Security Controls
In computer security, general access control includes identification, authorization, authentication, access approval, and audit.
A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access.
Use Of Portable Storage Devices
Disabling access to USB ports or
removable media.
Preventing access to files which a user
doesn’t need.
Logging who downloads which files, when and from which terminals.
Training users of the security
risks of removable media.
Visiting Untrustworthy Websites
Websites that are untrustworthy may be harmful or
contain downloads which contain malware.
Definition Of Internal Threats
An internal threat refers to the risk of somebody from the inside of a company who could exploit a system in a way to cause damage or steal personal details and information. Employee sabotage and theft of data or physical equipment unauthorized access can only be accessed by trusted employee's.