The Threats and Vulnerabilities of Information Systems

A threat is the possibility to happen, in other words, harm while vulnerability is the weakness in the organization’s information systems. Examples of threats include fire, malfunction of the hard disk, the death of a key person, authority inspecting a file. Examples of vulnerabilities include weak encryption, weak passwords, a backdoor in the system and no backup power supply. There are three security threats in the organization. Hackers are one of the threats every organization faces. There are three types of hackers; white hackers who analyze the system expose a fault or hole but do not use it for maliciously. Black hackers analyze the system find a fault and use it for their own good while grey hackers are a combination of both white and black hackers where they manipulate the system to find faults both ethically and maliciously (Soomro, 2016). Hacking is good when done ethically but can be harmful to the organization if it is for the hackers own good. If an organization is hacked important and private information, can be exposed which may destroy an organization reputation. A hacker can also expose trade secrets or sensitive data destroying the company. When a hacker manipulates the system’s network he/she is able to eve operate the network making changes and even channeling information to his computer or selling it to a competitor organization.

            Another threat to an organization information system is the malware. There are various types of malware and each affects the computer differently. A virus is a type of malware, which is a malicious program that secretly iterates itself into a data file or program and spreads by integrating itself into more files each time the host program runs. A rootkit is a malware capable of accessing privilege a computer and hiding from common antivirus scans and allowing remote users secretly gain access to the computer. This type of malware can affect the organization especially if the remote user gains access to the administration computer. Ransomware is also another type of malware where hackers gain access to the system, encrypt the data and ask for money in exchange for the data.

            The last threat to the information system is the users. The users cause 90 % of attacks. Use of weak passwords, sharing of passwords, using one password for a period and leaving a session running without locking the computer are some of the mistakes users do putting an organization’s security at risk (Fenz, 2014). There are two types of user’s erroneous and malicious users. Erroneous do it by mistake, while malicious are aware of what they are doing. When one leaves the session running, a stranger can access certain information using the user’s identity. Weak passwords are easy to guess putting the information at risk. One should not share his/her password with anyone in the organization.

            To prevent threats and vulnerabilities in the organization, the information technology department should ensure that there every user has a strong password that is eight digits or more and a combination of alphabets and numeric changed monthly and no repetition of passwords. Activate the lock screen, which locks the computer automatically if the screen has been inactive for five minutes or so. Every computer should have anti-malware software enabled. Regular software updates preventing vulnerabilities in the older software. Ensure that each user uses a browser that does not accept pop-ups and should ever allow it to save passwords. Data back should be done daily encrypting data in all states that is data in transit and at rest. Any computer connecting to the network or internet should be through a firewall.       

References

Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information

security risk management. Information Management & Computer Security, 22 (5), 410-430.

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more

holistic approach: A literature review. International Journal of Information Management, 36 (2), 215-225