Please enable JavaScript.
Coggle requires JavaScript to display documents.
internal threats and breaches (internal threats to systems and data…
internal threats and breaches
stealing information
stealing information can happen by
incorrect file privileges being given to users
information not being destroyed before it is disposed of
it systems being comprimised
when attackers go through bins to find data it is known as dumpster diving
what should companies do with sensitive or confidential information?
security controls
security controls prevent data security breaches.they have four categories
technical - firewall,settings,antivirus,logins,file access permissions
procedural-incident processes,training,security awareness
physical -fences,gates,locks,alarms
legal -laws,policies,regulations
internal threats to systems and data
intentionally stealing or leaking of information
use of portable storage devices
users overriding security controls
downloads from the internet
unintentional disclosure of data
visiting untrustworthy websites
unintentional disclosure of data
unintentional disclosure of data happens when
data stored on paper,hard disks or removable media is left on trains or in cars
too much or confidential data is given to an employee or customer
computer security or encryption is not used or sufficient to stop data breaching occurring
use of portable storage devices
portable storage devices allow people to steal large amounts of data very quickly
organisations may prevent this by
preventing access to files which a user doesn't need
logging who downloads which files ,when and from which terminals
training users of the security risks of removable media
disabling access to USB ports or removable media
impacts of security breaches
legal action
downtime
financial loss
damage to public image
data loss
reduction in productivity