Please enable JavaScript.
Coggle requires JavaScript to display documents.
Internal Threats and Breaches (Internal Threats (Security Controls…
Internal Threats and Breaches
Internal Threats
Unintentional Disclosure of Data
Unintentional disclosure of data can
happen when:
Too much or confidential information is
given to an employee or customer
Data stored on paper, hard disks or
removable Data stored on paper, hard disks or
removable
Computer security or encryption is not
used or sufficient to stop a data
breach occurring
Security Controls
Examples
CCTV Cameras
Security Officers
Lift Access Can Require ID Cards
Telephones to Update Concerns
CCTV Monitors
RFID ID Card Reader
Physical Gates to Prevent Access
Security controls prevent data and security
breaches. They have four categories:
Physical – fences, gates, locks
Technical – firewalls, settings, antivirus
Procedural – incident processes
Legal – laws
Intentional Stealing or Leaking of Information
Stealing information can happen by:
IT systems being compromised
Incorrect file privileges being given to users
Information not being destroyed before it is disposed of
When attackers go through bins to find data it is
known as dumpster diving
Use of Portable Devices
Portable storage devices allow people
to steal large amounts of data very quickly
Organisations may prevent this by:
Disabling access to USB ports or
removable media
Logging who downloads which files,
when and from which terminals
Preventing access to files which a user
doesn’t need
Training users of the security
risks of removable media
Downloads From the Internet
Visiting Untrustworthy
Websites that are untrustworthy may be harmful or
contain downloads which contain malware
Impact of Security Breaches
Data Loss
Damage to Public Image
Financial Loss
Reduction in Productivity
Downtime
Legal Action