Topic 1: Information Security

Why should managers make information security a prime concern?

Just do response each posted # 1 to 3 down below only.

Posted 1

Withany level of management we are talking about, from CEO to team leadersin a call center, information security should be taken very seriouslyand should be a primary focus. Many front-end managers in a call center,store, or production warehouse take information security veryseriously. Ensuring that if you walk away from your workstation, youlock your screens, or the register is logged out as examples. Thesepractices can help prevent social engineering attacks, which is “anattack in which the perpetrator uses social skills to trick ormanipulate legitimate employees into providing confidential companyinformation such as passwords” (Rainer & Prince p 91). Althoughfront-line or lower-level managers emphasize the importance ofinformation security, the high-level management should lead by example,set the tone for the corporation and take these procedures seriously(Rainer & Prince 2018).

Withthe skill sets needed to become a hacker decreasing, the world becomingmore interconnected through internet services, and internationalorganized crime becoming very prevalent in today’s society, informationsecurity is important (Rainer & Prince 2018). If management doesn’ttake information security seriously, the information that the businesshas been entrusted with keeping secure may become compromised. With theease of becoming a hacker on the rise with the little skill set,companies are at a higher risk of a deliberate attack on theinformation. There are many types of attacks, and one is not any lessimpactful from the other, system security needs to be of high importanceto ensure you can reduce the amount of vulnerability in being exposedby these threats.

Posted 2

Amanager should make information security a prime concern for severalreason. It can bring harm to the company, customer and employees. Iwork for a bank I have access to checking information, loans, and creditcards. It is important before speaking to customers to verify theirinformation before I release personal information. Sometimes the personis understanding and sometimes the call doesn’t go well. It isimportant for me to be careful with these types of calls. I have spokento ex. Girlfriend, ex. Boyfriend, ex. Wife, ex. husband, family member,and the list goes on and on. I have to say; speaking to soon to be anex. spouse is the worst, they want to ask all sorts of questions andmost of the time they are angry. I must explain to them they are notauthorized and due to security purposes, I cannot release anyinformation.

Ispoke with a customer who wanted to know if her checking account wastampered. She stated she got a strange email stating that her accountwas violated. The email had the company logo but an address that Inever seen before. The sad thing is that the customer trusted the emailand gave her social security number, mother’s maiden name, and address.She trusted the bogus fake email. I couldn’t believe she released herpersonal information than called the company to if it was from ourcompany. I explained to her that the email wasn’t from our company andshe may want to consider purchasing a protection plan that will tell herthat activity has occurred on her credit card, loan, banking accountand more. I also explain it can be difficult to get your money backwhen fraud is involved. have seen customer accounts being used withouttheir permission and now have to report fraud. It isn’t easy to getyour money back when there’s fraud involve.

Theword “Phishing” initially emerged in 1990’s. The early hackers oftenuse ‘ph’ to replace ’f’ to produce new words in the hacker’s community,since they usually hack by phones. Phishing is a new word produced from‘fishing’, it refers to the act that the attacker allure users to visita faked Website by sending them faked e-mails (or instant messages),and stealthily get victim’s personal information such as user name,password, and national security ID, etc. This information then can beused for future target advertisements or even identity theft attacks(e.g., transfer money from victim’s bank account).

Unfortunately,my customer fell for Phishing email she thought it was safe to give herpersonal information to the fake website. Due to all the trainingmanagement made it a priority for me to take. I was able to tell herthe email was fake and to get protection as soon as possible. I adviseher, there are safe programs that can put a lock on all accounts if thedetect any unusual activity.

Posted 3

Theimportance of proper information security is needed in the IT field.Security of a company’s best interest along with the customer’s data andprivate information should be the highest priority for any business;one incident regardless of size has the power to bring a company’sreputation down along with possible revenue or future returningcustomers. Rules and regulations are set into place to keep thesebusinesses doing the right thing even though sometimes it’s moreexpensive then they like. All businesses should take into account thatit is not only their customers information at stake but there companiestrait secrets and other information like contacts, buyers, sellers,account numbers, payroll number and so much more they stand to lose andpossibly that can be used to hurt the Company.

Whenused correctly a proper cost and risk mitigation plan can helpInformation Security Teams to assess the possibility of what an attackcould cost the Company along with possible ways to prevent attacks, thiscan mean going through third party companies to do planed networkintrusions to test the systems being used. The benefits to this methodeven though the Company is being attacked it is controlled, any and alldata found or accessed is secure and not removed. The third partycompany will then give a report of issues found and how far they wereable to get into the system along with a plan on how to prevent it andwhat security implementations need to occur to keep it from happeningagain. Once the Company has finished and consulted with the main Companywho hired them the important process can happen which is planning toprevent a real-world occurrence. Havingplanned solutions to multiple issues helps keep the Company securerather than waiting for an issue to arise and no plan in place tocounteract the issue.

Whena company understands an attack from the very beginning the differentaspects of networks can truly shine and perform how they were designed.Proper policies and controls on data access will only further thesecurity. “The main goal is to allow authorized users (customers andemployee-body) access to the resources made available by a company,meanwhile keeping attackers out and thwart any exploits”

Riskmanagement is sometimes thought to be aftermath of an issue, when infact it is well before the issue ever occurs. There is much more tosecurity then just the IT Team can do, the entire Company partakes inthe efforts for a secure system, many other things are implementedwithin the Company to assist the IT teams. Access controls, IPS, DLP,firewall and browser security help keep employees from either purposelyor accidentally allowing attackers in or releasing data out of anysystem. Written policy’s keep employees informed and often times can beused as a contract to notify any employee before they are given accessthat all information is company business only and they are beingmonitored should an issue arise at the employee’s fault they are subjectto being dismissed and or fined for damages caused by their actions.Most time that alone is enough to keep employees from doing wrong. Atriangle known as the CIA Triad helps with risk management,Confidentiality (C), Integrity (I) and Availability (A). Almost allissues dealing with security can be seen in the CIA Triad and are ableto categorize in one of the three choices.