Reply To Discussions
reply to the below discussions with 250 words
1) Information Technology (IT) infrastructure is identified as a composition of software, hardware, network services and resources, and data centres (Vacca, 2013).
IT infrastructure are important when it comes to the operation, existence, and management of enterprise information technology environment. It is understood that the weakest link in the security of an IT infrastructure plays a very important role in its success.
When it comes to the security of an IT infrastructure, the human element is considered as the weakest link. Even if the security of an IT infrastructure has a strong anti-virus software, firewall, cryptography, and intrusion detection system, it is only as strong as its weakest link.
Human is to err is a common philosophical statement, and intruders that want to take advantage of an IT infrastructure are always waiting for this opportunity.
There are various strategies though that an organisation may employ to reduce the risks posed, for example, organisations may engage in employee training to raise awareness of the various vectors of attack (Vacca, 2013). In addition, management of organisations may implement incentives which will encourage employees to take an active role and attention when it comes to matters security.
Organisations may also engage in penetration testing and vulnerability assessment periodically in order to reduce the threat posture. In terms of costs, the whole process of mitigation of a data breach costs less than training and testing processes, and therefore it would be wise for any organisation to carry-out the necessary steps in strengthening the weakest link.
What is the weakest link in the security of an IT infrastructure? The weakest link in security is the Humans. The chain is the security of the organisation and its cyber defence is majorly independent and we already know the link of the weakest part in an organisation’s security.
As per the report, 78% of the security professional thinks the biggest threat to the endpoints in the security where peoples neglect among the employees’ security practices. Here the percentage also shows us 9.3% of the organisation’s threats per month.
We are all humans and we do make mistakes and among these people there are a plethora of people who are always trying to take advantage of any mistakes made by other people which costs the business in financial loss. Any technology and security practices no matter how much sophisticated there will always be the errors made by humans.
How to reduce the vulnerabilities: In-depth training should be provided to all the employees such that there will be total awareness on all the different attacks.
Any regular people risk assessments of the employees can reduce cyber risk in many ways can help the organisation. To use Hitech mechanism to the employees to keep the attention towards securities. The periodic vulnerability assessments and penetration testing reduces the threat to the organisation.
Many small businesses simply do not have the strict guidelines for creating the passwords in uniquely to all the online accounts. Employees are left to their own devices which always relying on the human’s nature that simple develop a single and easy password that they use for the accounts that they have in the organisation.
Enforcing the passwords management to combat the human errors, where many large companies IT departments force their users to create a complex password and builds their passwords not to be stolen easily and it’s easy to get a new password to create it. Benefits: Improved Security, Reduced Information Theft, Enhanced Productivity, Compliance.
2) Attackers don’t span a single way which helps them make their targets compromise. Their biggest weapon lies within the organisation but not in the newest technology available in the market.
This makes the weakest link in the information security. One such weakest is the emails and the system that manages email. Email is the source for most of threats like phishing, scams, ransomware and any such related malicious code.
Even a single email which contains the confidential data goes out of the organisation, may lead to the biggest threat and lowers the reputation of the organisation. For this, employees should be given a training on what type of emails can be shared with their co-employees and what type of emails can be sent out of the scope of the company. Management should have access to the emails of their employees and should regularly monitor them.
Some of the strategies that can be applied to reduce the effects of the emails are stated here. Users should be aware of the types of risks caused by the emails. Even if the user clicks the unsafe link unknowingly, that may lead to malware infection or that might give the attacker the access to the system.
Humans are the primary cause that leads to email related breaches. The phishing awareness and training program must replicate the various categories of methods and risks that spread over to other roles in the group so that individuals recognise accurately what to look in for. Just offering the training won’t serve the purpose, management should ensure that employees understand their security aspects and are willing to apply in their real time projects.