Any organization can face wide variety of threats. A threat is some action or event that can lead to a loss. Threats and risk are usually used synonymously. Threats and risk always exist and cannot be avoided, but they managed to minimize the risk. Organization should be able to manage and minimize the losses in order to maximize the returns. It is very important for any organization to identify these threats and steps should be taken to control threats. Regular monitoring is necessary to control the threats as well.
Types of Threat:
Physical Threat: Physical threats are damaged caused to the physical infrastructure of the information system. Some of the examples are fire, water, energy variations, structural damage, pollution, intrusion.
Local Threat: Logical threats are damage caused to the software and data without physical presence. Some examples include viruses and worms, logical intrusion etc.
There are two approaches to threat identification.
Consider Common Threat:
In order to asses’ threat, consider the common threats like people, software and natural disaster. There can be number of ways threat can occur. For e.g. A employee could disclose the data. Or a software program could destroy data.
Review Properties:
In order to assess assets consider their properties like availability, integrity and confidentiality. Classify threats that may affect these properties: destruction, interruption, removal or loss, disclosure and corruption (toolbox.com).
It is important for organization to understand the various threats and their potential effects on an information asset. Organization should be able to identify which threats presents a danger and which threats represents the gravest danger to their information assets.
Reference:
Anonymous (n.d.). Threat Identification. Retrieved from URL: http://www.zeepedia.com/read.
Borysowich, C (Jul, 2009). Identifying security Threats. Retrieved from URL: http://it.toolbox.com/blogs/
No comments:
Post a Comment