Tag Archives: risk

Basics of Security Awareness: Users are the Weakest Link

Basic Principles of Security Awareness. Security experts consider system users the weakest link in information security. User skill levels and experience can greatly vary, and unlike automated controls, human users can be subject to fatigue, or be distracted, which can lead to mistakes resulting in vulnerabilities. Security awareness training is often a user’s first experience with information security.… Read More »

Bring Your Own Device (BYOD) Policies and Practices

Bring Your Own Device (BYOD): Organizations allowing employees to use their own personal devices such as smart phone and tablets to conduct organization business. The SANS Reading Room article, SANS Survey on Mobility/BYOD Security Policies and Practices found that 61% of organizations allowed personal devices to connect to protected company systems, but only 9% of organizations were truly… Read More »

Mitigating Insider Security Threats

Threats from within an organization. Insider security threats are the most significant threat to today’s information systems. Insiders often have elevated access within an organizations information systems which often gives them a level of authorized access that can cause a lot of damage if misused intentionally, or unintentionally. In the SANS Reading Room article; Insider Threat Mitigation Guidance,… Read More »

The Governance of Cloud-Based Systems

The Governance of Cloud-Based Systems The Dot Com crash of 2000 and corporate scandals such as Enron highlighted the need for better laws to oversee financial organizations, and also highlighted the need for better corporate governance. IT Governance is the part of corporate governance that includes policies, procedures, and controls that relate to information systems use, performance, Return… Read More »

Security Threats to Cloud–Based Systems

Security Threats to Cloud–Based Systems Threats to both cloud-based and on-site solutions should be evaluated with an additional focus directed towards security issues specific to cloud services. Cloud security threats can come from internal or external sources, and can originate as human or software based attacks. Threat agents are as follows; anonymous attackers, malicious service agents, trusted attackers,… Read More »

Risk management is essential to the success of every company

Risk management is essential to the success of every company In business, risk is the likelihood that a loss will occur if a threat exposes a vulnerability. An organization must take risks to thrive, but must also recognize that risk cannot be ignored. The key is to understand threats and vulnerabilities, and then mitigate the threat to vulnerabilities… Read More »