Information Security

Organization in todays world are usually saturated with data bases that contain information and various people (employees , customers other businesses etc) and they are very much exposed to the various threats available in the technology world.
 Every Business of such situation shall defend information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction "Information Security".

What Makes an organisation vulnerable to these threats is ?
Organization are very connected through the internet nowadays thus if one got infected then other also get it too.

Hacking systems with very little knowledge in programing enabled individuals to practice such acts easily.

 Group of people who commit crime over the internet "organized crime" are widely common on the internet , "cyber crime" individuals who do crime over the internet are also been taken over by organized crime.

Organizations and individuals are now exposed to many untrusted networks.

Human Mistakes or whats called "Unintentional Threats "
Cost companies significant losses of information and money.

The most dangerous employees are those in human resources and MIS.  HR employees have access to sensitive personal data on all employees. MIS employees not only have access to sensitive personal data, but also control the means to create, store, transmit, and modify these data.
Any bad employee intentions or a simple mistake such as performing careless internet surfing while operating on a PC which contain this information will easily cause information losses.
 Tailgating is also a big threat to those staff who operate on valuable things such as safe boxes.
Social engineering a common threat to organization employees. The link here demonstrates it

Moving on to the other category of threats which are intentional attacks to companies.

The following are some types of these attacks : 

1- Espionage or trespass this is when an unauthorized individual attempts to gain illegal access to organizational information.
  2-Identity theft the intentional assumption of another persons identity , usually to gain access to his/her financial information or to frame a person to crime
3- Sabotage or vandalism it the act of defacing an organizations website possibly causing the organization to lose its image or confidence by its customers.
  4-Software attacks sending malicious software to an organization computer system. Eg: viruses , trojan horse etc.

Organisations protect them self from these threats

By implementing mitigation strategies or risk management.  Speaking of the the mitigation strategies the general guidelines for applying risk mitigation handling options are shown in the picture at the right .
These options are based on the assessed combination of the probability of occurrence and severity of the consequence for an identified risk. These guidelines are appropriate for many, but not all, projects and programs.

Informations Security Control types are 

Physical controls. Physical protection of computer facilities and resources.

Access controls. Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.

Communications (network) controls.  To protect the movement of data across networks and include border security controls, authentication and authorization.


 In conclusion since the networks we are connected through are filled with such kinds of threats , businesses should take a lot of precautions and give attentions to protect them selfs from these risks.