StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Emerging Information Security Threat Advisory White - Term Paper Example

Cite this document
Summary
 This paper "Emerging Information Security Threat Advisory White Paper" focuses on the challenge that financial institutions face while securing their private data from hackers. The paper focuses on social engineering and how the institutions can secure their employees and data analysts…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.8% of users find it useful
Emerging Information Security Threat Advisory White Paper
Read Text Preview

Extract of sample "Emerging Information Security Threat Advisory White"

Emerging Information Security Threat Advisory White Paper Now more than ever, business organizations have to be concerned of the security of the information that they story within their network systems. There has been unprecedented advancement in information and technology that has made most businesses vulnerable to data privacy violations and attacks. Accordingly, businesses have to be prepared on how to address the ever-changing and sophisticated malware and cyber-attacks. Notably, there has been significant advancement in the nature of computer and network security attacks owing to increased literacy on computer systems and networks (Webster, 2006). I have already identified the following four issues as among the emerging information security threats that businesses involved in the financial sector should be ready to address in order to secure their data from unauthorized access. 1. Social Media: Unarguably, the access and use of the social media platforms, such as Twitter and Facebook websites have been on the increase. Some employees access their social media accounts using computer devices provided by the company. Stakeholders in the financial sector have to be careful and ensure that organization’s devices are not used to access social networking sites. The use of the organization’s computer devices and networks can expose the financial institution to cyber-attackers and spammers, which can jeopardize the security of private and confidential data. 2. Social Engineering: Stakeholders in the financial sector should also be aware of individuals who can manipulate legitimate employees after securing their trust to access vital information about the institution, and its clients. The attackers are capable of accessing passwords, IP addresses and other vital information that can be used to access into the institution’s computer networks and thereby fleece the company of its resources. 3. Inadequate backup and data recovery options: It is notable that financial institutions normally gather and store voluminous data about their clients. However, at times, the computer networks may suffer power outage or mechanical problems which may lead to loss of vital data. Financial institutions have to devise appropriate means of backing up any stored information and recovering such in case of any unexpected data loss. 4. Improper destruction of data: Financial institutions must be worry of any information, catalogues, papers and files that are to be discarded or destroyed. Such documents may contain sensitive and vital information that may be a security threat in case they are assessed by unauthorized individuals (Gutwirth, Poullet, & Leenes, 2011). These documents need to be destroyed appropriately in a way that they cannot be retrieved and misused by other parties. Similarly, obsolete electronic devices that may contain important information should be discarded in a manner that permanently erases their contents. Social Engineering and its Threat to the Financial Sector With the new information security threats, organizations must be able to devise appropriate strategies of securing their vital data from unauthorized individuals (Webster, 2006). The financial sector heavily relies on sensitive data which includes personal information on its clients, their credit history, financial reports and transactions, and information on the institution’s employees. Even the account details, passwords and other log in details are stored within the institution’s computer networks (Clark, 2008). Thus, the company has role to secure its computer networks from hackers and malware that may collect such information and use them to compromise the financial institution (Webster, 2006). Thus, it is a matter of fact that no company would want to expose its vital data to unauthorized parties. Investment in data protection strategies, consequently, becomes the option that financial institutions have within their ambit to respond to threats to their data privacy. The Objective of the White Paper This white paper focuses on the challenge that financial institutions face while securing their private data from hackers. This document will particularly focus on social engineering and how the institutions can secure their employees and data analysts from being victims of social engineering. The document observes that there is a severe risk of data loss and misuse by individuals who have been charged with the responsibility to handle the financial institution’s data. If appropriate actions are not taken, some of the employees might, intentionally or without intention, reveal vital information to other unauthorized individuals. This document can be used by the management of financial institutions, such as banks and insurance companies, to reduce any threat of data loss through cyber-attacks due to the collaboration between its employees and the hackers. As firms become increasingly concerned about the privacy of their vital data, the cyber-attackers are also getting wiser on how best they could retrieve vital information from their targets. Most companies have invested in the traditional data protection strategies (Clark, 2008). However, with the advancement in information technology, access to another computer networks has become easier to the extent that the traditional data security approaches may somewhat become ineffective. This is due to the fact that traditional data security approaches, such as the use of antivirus, firewall, data encryption, and the use of password, mainly involve protecting the applications on the computer (Gutwirth, et al., 2011). However, the emerging risk has been on how financial institutions can address the current sophisticated approaches to data invasion. Social Engineering as a Tool to accessing vital company Information Social engineering involves manipulating or conniving with an individual to provide classified or confidential information. This art involves trickery, either for financial or other personal gain, with the intention of gaining access to another person’s password or financial installation. After access to the required information, the hacker may secretly install a malware that gives him or her access to other personal data or even control the computer system altogether. Without a doubt, this is a threat to the financial institutions as in most cases the criminal acts are carried out by people who are respected within the institution (Webster, 2006). Therefore, it can be difficult to identify that an organization’s computer systems are secretly under control by an unauthorized individual or that the data has been compromised (Clark, 2008). As opposed to other threats to data privacy, social engineering appears to be very sophisticated and difficult to identify and address within the financial sector. Strategies adopted in Social Engineering As noted, social engineering schemes normally involve building trust with an employee of a target institution. According to Hadnagy (2010), the employee may receive a message or email with a downloadable link from his or her social networking sites, such as Twitter or Facebook, or even through the email. In case the employee is tempted to open the links, then malware software can be installed in the financial institution’s computer device. The installation of the software may send private and confidential information that is stored in the device, such as clients’ accounts, email accounts and passwords, and other private data targeted by the cyber-attacker (Hadnagy, 2010). Any employee who is victim to the bait of social engineering while using the company’s computer devices can expose the financial institution to severe and unfathomable data security risk. Solution to Social Engineering Importantly, the activities of social engineers do not necessarily require any technical action on the company’s computer networks. Instead, it involves trickery of a legitimate employee to reveal private information by redirecting them to suspicious or fraudulent sites with malware that are capable of revealing passwords and IP addresses (Hadnagy, 2010). As we come to term with this latest form of threat to data privacy, financial institutions have to place a lot of emphasis on the nature of employees that they recruit to manage their information and computer networks. In particular, the financial institutions should discourage their employees from assessing their social networking sites using the company’s computer devices. In addition, they should be sensitized on how to avoid being duped or manipulated online by scammers (Hill, 2009). For instance, the employees should be instructed not to reveal any vital information related to the company or their own account information to any third party or unauthorized individuals. Conclusion I have identified some of the threats to data security in the financial sector owing to the advancement in information technology. It has been noted that the financial sector relies on data to make vital financial investments and decisions. Accordingly, the cyber-attackers have realized that the potentials in the sector. Even as the institutions try to secure any loss of information in the computer devices, the possibility of classified information being accessed by other parties without interfering with the company’s network system is a reality. In that way, social engineering becomes an easier route through which the hackers can access the institution’s data with little effort. After looking at the issue of social engineering and how it operates in the financial institutions, it has been noted that the institutions have to create awareness in their employees. Through awareness creation, the employees will be able to avoid falling victims to the hackers’ trickeries. References Clark, T. (2008). Strategies for Data Protection. New York: Brocade Communications Systems. Gutwirth, S., Poullet, Y., Hert, P. & Leenes, R. (2011). Computers, privacy and data protection: an Element of Choice. New York: Springer Science & Business Media. Hadnagy, C. (2010). Social engineering: The art of human hacking. New York: John Wiley & Sons. Hill, D. (2009). Data protection: Governance, risk management, and compliance. New York: CRC Press. Webster, M. (2006). Data protection in the Financial Services Industry. New York: Gower Publishing. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Emerging Information Security Threat Advisory White Paper Term, n.d.)
Emerging Information Security Threat Advisory White Paper Term. Retrieved from https://studentshare.org/information-technology/1871013-information-security-threat-advisory-white-paper
(Emerging Information Security Threat Advisory White Paper Term)
Emerging Information Security Threat Advisory White Paper Term. https://studentshare.org/information-technology/1871013-information-security-threat-advisory-white-paper.
“Emerging Information Security Threat Advisory White Paper Term”, n.d. https://studentshare.org/information-technology/1871013-information-security-threat-advisory-white-paper.
  • Cited: 0 times

CHECK THESE SAMPLES OF Emerging Information Security Threat Advisory White Paper

Determine the Optimal Investment Performance Appraisal Systems

The paper demonstrates that evaluating performance presenting it fairly is vital to the energy of an investment firm.... Portfolio managers and security analysts create decisions under circumstances of uncertainty concerning the relative attractiveness of individual investments and market sectors; the function of performance analysts is to explain the result of those decisions....
26 Pages (6500 words) Research Paper

Criminal justice today

In the paper “Criminal justice today” the author analyzes the issue of crime, which has been a contentious one in many societies for a long time.... nbsp;  … This research paper will focus on traditional and contemporary criminological theories in the USA, which explains the nature and trend of various crimes....
14 Pages (3500 words) Research Paper

Information Managment Challenges for Ford Motor Company

This paper, Information Managment Challenges for Ford Motor Company, will examine the challenges Ford faces by striving to create greener products, utilizing technology to create a better product and prove to consumers that the company promotes the ideals of a cleaner, healthier world.... nbsp; From this paper it is clear that there are new challenges in the IT department of Ford Motor Company every year.... Thus, this paper will examine the challenges Ford faces by striving to create greener products, utilizing technology to create a better product and prove to consumers that the company promotes the ideals of a cleaner, healthier world....
41 Pages (10250 words) Research Paper

Technology: A Blessing

This paper ''Technology: A Blessing '' discusses that technology being weighed against its cons, is still considerably a blessing to human society.... Even then, this paper will discuss that technology being weighed against its cons, is still considerably a blessing to human society.... hellip; Aside from the convenience and easy access, the power of computers and internet have opened up access to invincible quantity of information as never before....
10 Pages (2500 words) Term Paper

Corporate Social Responsibility and Corporate Governance

The purpose of this research paper "Corporate Social Responsibility and Corporate Governance" is to analyze why international firms are showing increasing interests in CRS and corporate governance and the strategic issues involved in addressing CRS issues.... In this paper, three international companies namely Monsanto Company, Microsoft Corporation, and Coca-Cola Company will be used to illustrate the various arguments....
13 Pages (3250 words) Research Paper

Guiding Principle of National Security Strategy

This paper gives a detailed account of the current international order and trends in the global affairs that have either a direct or indirect impact on United States.... In addition, the paper provides an analysis of the emerging threats from terrorist and the proliferation of nuclear weapons.... OUTLINE OF NATIONAL security STRATEGY Name Institution of Affiliation Course Date AN OUTLINE OF NATIONAL security STRATEGY Introduction and Guiding Principle The United States will take the fore-front role to the international order as a nation first among equals to promote stability, to encourage democracy, to discourage the proliferation of nuclear weapons, and to encourage the pursuant of peaceful negotiations as a way of fostering global peace1....
9 Pages (2250 words) Research Paper

Homeland Security Advisory System

(2011), is a color-coded terrorism threat advisory scale.... This present research paper mainly seeks to explore and discuss the creation, evolution, and the current state of the Homeland Security Advisory System.... However, Alperen (2011) stated that exactly after nine months since the system was created it was merged with the white House Homeland Security Council and the Department of Homeland Security, which were both created after the enactment of the Homeland Security Act of 2002....
3 Pages (750 words) Research Paper

Security Threats in Louisiana

In order to be prepared to address risks of a potential terrorist attack, shopping malls, like the Mall of Louisiana, should implement the following security measures: (1) conduct vulnerability assessments and develop emergency response plans; (2) guarding public access to ventilation systems and employee areas; (3) undertake surveillance techniques inside malls and in parking lots that can make security guards and CCTV cameras more visible to shoppers; (4) large or multiple-floor malls designate a floor captain on each level or wing of a complex where ach designee can serve as a point-of-contact during emergency situations; (5) front-line security officers be informed about any terror alerts; and (6) appropriate security threat training encompassing terrorist attacks must be regularly done and update [Rob11]As the private security professional, one should respond to a terrorist attack with focus on the safety of the organizations' resources and with appropriate knowledge of preparedness, You should also include how you would respond to a terrorist attack as the private security professional....
1 Pages (250 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us