Discuss the security implications From the perspective of your department and management level, discuss the implications of a security breach in the company's infrastructure (all forms - human, technology etc.) 1.      Suggest TWO reasons why such breaches could occur and state how they can be avoided.   Based on the above requirements above, critique the below discussion: A security breach is the loss of management, compromising, illicit public disclosure, unapproved acquiring, or acquisition, or any similar event in which sensitive data is accessed or potentially obtained by someone other than an authorized user, or in which a verified user accesses privately apparent data with a purpose other than that for which it is approved. A cyberattack and data breach at Trading could have a negative effect on the company's bottom line. It might harm your company's reputation and cause customers to lose faith in you. And both large and small businesses may be impacted by this. Furthermore, a data breach might have long-lasting effects. Share prices decline after a breach, and businesses eventually perform worse than other corporations. Trading companies lose considerably more than other businesses because they handle a lot of sensitive data. 1.      Suggest TWO reasons why such breaches could occur and state how they can be avoided. Social Engineering  As an operational manager in the office administrative department, an external attacker's attempt to deceive people into disclosing confidential information or taking actions against security guidelines is known as social engineering. Social engineering is used in most cyberattacks since users are usually the weakest link in an organization's cybersecurity defenses. Techniques used in social engineering include baiting, phishing, pretexting, and scareware.  Some ways to prevent social engineering hacks are: Any unsolicited calls, visits, or emails requesting information about personnel or other internal details should raise suspicions. Try to get in touch with the company directly to confirm the identity of an individual you don't know if they say they are from a reputable corporation. Unless you are positive that the person has the right to know, do not give away personal information or details about your organization, including its networks or structure. Never respond to emails requesting personal or financial information, and never divulge such information in emails. This includes clicking on email links. Malicious Insiders In the office administrative department, sensitive information is accessible to many employees, and there's always a chance that one of them will attempt to abuse it. Malevolent insiders may be motivated by a variety of factors, such as retaliation, emotional difficulties, or monetary gain. Because malevolent insiders have authorized access to company networks, insider threats are challenging to identify using conventional security measures.  Some ways to prevent malicious insider security risks are: Establishing strict procedures and guidelines for password and account management Every person using your systems should log in with credentials that are specific to them; each user should have their own login ID and password. To successfully implement these policies, adhere to established practices for account management and passwords. All endpoints, including mobile devices, can be used to monitor and manage remote access. Install and set up a mobile data interception system and wireless intrusion detection and prevention systems correctly. Examine on a regular basis if staff members still need a mobile device or remote access. Make sure that when an employee departs the company, all remote access is stopped.

icon
Related questions
Question

Discuss the security implications
From the perspective of your department and management level, discuss the implications of a security breach in the company's infrastructure (all forms - human, technology etc.)

1.      Suggest TWO reasons why such breaches could occur and state how they can be avoided.

 

Based on the above requirements above, critique the below discussion:

A security breach is the loss of management, compromising, illicit public disclosure, unapproved acquiring, or acquisition, or any similar event in which sensitive data is accessed or potentially obtained by someone other than an authorized user, or in which a verified user accesses privately apparent data with a purpose other than that for which it is approved.

A cyberattack and data breach at Trading could have a negative effect on the company's bottom line. It might harm your company's reputation and cause customers to lose faith in you. And both large and small businesses may be impacted by this. Furthermore, a data breach might have long-lasting effects. Share prices decline after a breach, and businesses eventually perform worse than other corporations. Trading companies lose considerably more than other businesses because they handle a lot of sensitive data.

1.      Suggest TWO reasons why such breaches could occur and state how they can be avoided.

Social Engineering 

As an operational manager in the office administrative department, an external attacker's attempt to deceive people into disclosing confidential information or taking actions against security guidelines is known as social engineering. Social engineering is used in most cyberattacks since users are usually the weakest link in an organization's cybersecurity defenses. Techniques used in social engineering include baiting, phishing, pretexting, and scareware. 

Some ways to prevent social engineering hacks are:

  • Any unsolicited calls, visits, or emails requesting information about personnel or other internal details should raise suspicions. Try to get in touch with the company directly to confirm the identity of an individual you don't know if they say they are from a reputable corporation.

  • Unless you are positive that the person has the right to know, do not give away personal information or details about your organization, including its networks or structure.

  • Never respond to emails requesting personal or financial information, and never divulge such information in emails. This includes clicking on email links.

Malicious Insiders

In the office administrative department, sensitive information is accessible to many employees, and there's always a chance that one of them will attempt to abuse it. Malevolent insiders may be motivated by a variety of factors, such as retaliation, emotional difficulties, or monetary gain. Because malevolent insiders have authorized access to company networks, insider threats are challenging to identify using conventional security measures. 

Some ways to prevent malicious insider security risks are:

  • Establishing strict procedures and guidelines for password and account management Every person using your systems should log in with credentials that are specific to them; each user should have their own login ID and password. To successfully implement these policies, adhere to established practices for account management and passwords.

  • All endpoints, including mobile devices, can be used to monitor and manage remote access. Install and set up a mobile data interception system and wireless intrusion detection and prevention systems correctly. Examine on a regular basis if staff members still need a mobile device or remote access. Make sure that when an employee departs the company, all remote access is stopped.

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 4 steps

Blurred answer