Internal and External Security Threats

¶ … internal and external security threats have become increasingly common. Part of the reason for this, is because the recent advancements in technology have allowed for many criminal organizations, to be able to exploit various weakness in both individual and corporate security blocks. At which point, the thieves can steal literary unlimited amounts of money and they have access to sensitive information. A good example of this can be seen with bots, where they are attached to as many as 71.5 million computers. A bot is a program that will be used to conduct constant attacks on a web site or computer system (the denial of service attack). Where, the objective is to continually keep attacking the security parameters of the program, until you are able to breach it. (Rowe, 2009) This is significant, because it shows just one of the many different threats that could face a number of computer systems. To effectively protect against these kinds of assaults requires: identifying possible privacy issues from the internal / external environments, distinguishing between the two types of threats to the physical plant and examining three sources / procedures to protect the various resources. Together, these different elements will provide the greatest insights, as to how an individual and organization can defend against various internal / external threats.

Identify the possible privacy issues for users both internal, such as malicious users, and external, like viruses or hackers, of the organization using one of the IT applications from a previous week's individual assignment.

The biggest privacy issue that could be faced from an external perspective is malware. This is when a software program will attach itself to a program inside the system. At which point, it will be used to infect the computer system. Where, the software will install a number of applications to include: viruses, Trojan horse and worms. These different programs can allow hackers, to access the personal information on the computer. Once they are successful in obtaining this data, they can use it commit identity theft and other crimes. This is challenging, because once identity theft is being committed against an individual, it can have disastrous consequences on their financial situation. (Meyers, 2007, pg. 18)

From an internal perspective, the biggest threat to privacy is malicious users. This is someone who will normally have access to sensitive information inside an organization such: employees and contractors. In general, 80% of all security breaches that occur will take place because of malicious users. Where, they will steal: sensitive financial, security, customer or personnel information. This can affect the privacy of an organization, as the information that was stolen can be sold to competitors. (Beaver, 2010, pg. 11)

Distinguish between internal and external threats to the physical plant where the resources are located and to the virtual resources accessible electronically.

The internal threats to the physical plant are those hazards from inside the organization itself. Where, a number of threats could affect the IT security system to include: electric usage, storage of various IT systems and internal security blocks / procedures that are in place. The external threat is the danger that an organization will face from the outside world (such as: a cyber attack). The various resources can be located on the premises or offsite, in a separate room away from everything else. The various virtual resources can be installed in location and then managed by the organization online. Where, they can install a device, to help improve the operation of the physical plant and monitor it virtually. For example, an organization that installs various energy savings devices; could use this tool to address the different challenges in the physical plant. To effectively monitor and manage this tool, they would utilize the internet. ("Safety, Security, and Physical Plant Systems," n.d.)

Discuss three resources or procedures "passwords, inventory, spyware, corporate procedures, and so forth" available to protect these resources.

There are a number of different tools that can be used to protect the various resources of an organization to include: the penetration testing tool, firewalls and content filters. A penetration testing tool is designed to check the site or computer system for a variety of vulnerabilities. Firewalls are effective are creating initial layers of protection against possible attacks on the network. Where, they are designed to protect against a whole host of attacks such as: DoS, probing / scanning attacks, host compromise and zero day attacks. Content filters are designed to protect against software programs, that are intend to themselves to a specific application on the computer or the network (such as: Microsoft Word). Once it is on these programs, it will seek to slowly extract sensitive information (as it will establish a digital beach head inside a network). (Gallagher, 2008, pp 45 -- 46) This is significant, because it shows how the combination of all three tools, allow administrators to evaluate various weaknesses and then address both specific as well as general threats that they are facing. At which point, they can be able to establish a multi-layer security procedure. For example, a successful organization will use the multi-layered approach, to deal with a whole host of threats that they could be facing. Where, they will use various firewalls and content filters to address various threats. If one of the security protocols fails, the second procedure that is in place will serve as a secondary block. This helps to prevent the network from being breached and it allows the company sufficient time to address the issues, lowering the odds that it will be penetrated. At the same time, you must constantly seek out various vulnerabilities. In this case, the penetration testing tool will tell you what specific weaknesses exist. As a result, the three different tools will provide an overall comprehensive solution that protects against a host of threats and identifies emerging vulnerabilities.

How might the Human Resources responsibilities help define and distinguish internal and external threats?

Human Resources (HR) would play a vital role in helping to identify possible threats. What happens is HR could serve as the go between for management and the staff. Where, they would help to inform everyone, of the possible threats that are being faced by an organization. At which point, they can work with the staff in learning how to identify and isolate the possible threat that is being faced. They would then, forward this information to the IT security administrator, who would be able to destroy the threat once it has been isolated. This is important, because using this kind of tactic will help to dramatically reduce the possibility that a security breach could occur. The reason why, is because everyone is vigilant for a number of possible threats that could affect a network. When you can identify them early, you have the possibility of being able to reduce the impact that it could have on a computer system.

At the same time, everyone must understand the changing nature of threat. In this case, HR would serve a vital role in helping to educate the staff, about new possible issues that could be taking place. As they would learn how to identify them and what steps must be taken to mitigate the underlying effects. This is important, because HR is teaching the staff to become more flexible. As they will utilize this, to adjust to the changing nature of threat and be able to help the organization prevent different attacks them as much possible.

Once this occurs, it means that an entity can be able to establish a solid security protocol that will have multiple layers, designed to protect against a number of different threats. At the same time, it will have the flexibility to adapt to the various changes that are taking place. HR plays an important role, by helping to educate everyone about the possible threats and teaching them how they can be mitigated.