Security is a topic that is high on everyone's list today. From home alarm systems and data encryption to biometrics, everyone is interested in security measures to protect something valuable. Most organisations have a focus on physical and information security, either due to regulatory concerns, or because they really do understand the value of their data and the risks of a security compromise.
Other People Are Reading
Also called a security breach, a security compromise is a term used to describe an event that has exposed confidential data to unauthorised persons. The release of the information is very likely to have an adverse effect on the organisation's profits, legal standing and/or reputation. Reputation is especially at risk if the organisation's business is to protect information. And it is important to remember that a compromise can be either intentional or unintentional.
An unintentional compromise occurs when information is accidentally released. This can be as seemingly innocuous as an employee's spouse blogging about the business trip their spouse is about to make to a foreign country. If a competitor becomes aware of this information, they may use it to gain a business advantage, costing the original company future revenue. Additionally, employees may dispose of confidential documents by tossing them into the trash. More than one business has been harmed by dumpster-diving information hunters.
Intentional compromises are those where a person designs to gain unauthorised access to the assets of an organisation. In the case of information assets, there are a number of ways of gaining access. Network hackers continually try to gain entry into the networks of large organisations, using tools that are readily available on the Internet. Many times countries will mount an attack on another country's cyberspace, seeking valuable military or technology secrets in order to gain an advantage. But, more insidious, and many times more successful, is the social engineer.
The social engineer works his way into an organisation by taking advantage of the natural desire to help others. For instance, he persuades a person on the inside that he is someone who works for the company, and that he needs his access restored. This can manifest itself in the form of a call to the help desk, pretending to be the CEO of the company in a meeting with a potentially large client. His password has expired and he needs it reset right now. Many help desk technicians have fallen prey to this trick, and given out information that can be used to access the company's information. This technique is used by phishers, who send an e-mail telling the recipient that their credit card has been deactivated, and the person needs to call customer service so that the card can be reactivated. Upon calling, many have given their card numbers and other information that allows the phisher to steal an identity. The victim's account has been compromised.
Whether on an individual basis, or as an employee of a company, security is important. Discretion is an important part of security, as is ensuring that the person you may be talking with is actually who they say they are. Take some common sense precautions, and you are less likely to be the victim of a security compromise.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for