reply to the below discussions with 250 words
1)
- Information Technology (IT) infrastructure is identified as a composition of software, hardware, network services and resources, and data centers (Vacca, 2013). IT infrastructure are important when it comes to the operation, existance, and management of enterprise information technology environment. It is understood that the weakest link in the security of an IT infrastruture plays a very important role in its success. When it comes to the secutiry of an IT infrastructure, the human element is considered as the weakest link. Even if the security of an IT infrastruture has a strong anti-virus software, firewall, cryptography, and intrusion detection system, it is only as strong as its weakest link. Human is to err is a common philosophical statement, and intrudors that want to take advanatge of an IT infrastructure are always waiting for this opportunity. There are various strategies though that an organization may employ to reduce the risks possed, for exampe, organizations may engage in employee training to raise awareness of the various vectors of attack (Vacca, 2013). In addition, management of organizations may implement incentives which will encourage employees to take an active role and attention when it comes to matters security. Organizations may also engage in penetration testing and vulnerability assessment periodically in order to reduce the threat posture. In terms of costs, the whole process of mitigation of a data breach costs less than training and testing processes, and therefore it would be wise for any organization to carry-out the necessary steps in strengthening the weakest link.
01:25 - What is the weakest link in the security of an IT infrastructure? The weakest link in security is the Humans. The chain is the security of the organization and its cyber defense is majorly independent and we already know the link of the weakest part in an organization’s security. As per the report, 78% of the security professional thinks the biggest threat to the endpoints in the security where peoples neglect among the employees’ security practices. Here the percentage also shows us 9.3% of the organization’s threats per month. We are all humans and we do make mistakes and among these people there are a plethora of people who are always trying to take advantage of any mistakes made by other people which costs the business in financial loss. Any technology and security practices no matter how much sophisticated there will always be the errors made by humans. How to reduce the vulnerabilities: In-depth training should be provided to all the employees such that there will be total awareness on all the different attacks. Any regular people risk assessments of the employees can reduce cyber risk in many ways can help the organization. To use Hitech mechanism to the employees to keep the attention towards securities. The periodic vulnerability assessments and penetration testing reduces the threat to the organization. Many small businesses simply do not have the strict guidelines for creating the passwords in uniquely to all the online accounts. Employees are left to their own devices which always relying on the humans nature that simple develop a single and easy passwords that they use for the accounts that they have in the organization. Enforcing the passwords management to combat the human errors, where many large companies IT departments force their users to create a complex passwords and builds their passwords not to be stolen easily and its easy to get a new password to create it. Benefits: Improved Security, Reduced Information Theft, Enhanced Productivity, Compliance.
2)
Attackers dont span a single way which helps them make their targets compromise. Their biggest weapon lies within the organization but not in the newest technology available in the market. This makes the weakest link in the information security. One such weakest is the emails and the system that manages email. Email is the source for most of threats like phishing, scams, ransomware and any such related malicious code. Even a single email which contains the confidential data goes out of the organization, may lead to the biggest threat and lowers the reputation of the organization. For this, employees should be given a training on what type of emails can be shared with their co-employees and what type of emails can be sent out of the scope of the company. Management should have access to the emails of their employees and should regularly monitor them.
Some of the strategies that can be applied to reduce the effects of the emails are stated here. Users should be aware of the types of risks caused by the emails. Even if the user clicks the unsafe link unknowingly, that may lead to malware infection or that might give the attacker the access to the system. Humans are the primary cause that leads to email related breaches. The phishing awareness and training program must replicate the various categories of methods and risks that spread over to other roles in the group so that individuals recognize accurately what to look in for. Just offering the training wont serve the purpose, management should ensure that employees understand their security aspects and are willing to apply in their real time projects.