There are many potential threats to the integrity of an information system. Within your information system, you can find databases, servers, networks and client machines. Any one of these can be ground zero for infiltration, sabotage or theft. By learning about these general risks, you can prepare yourself to defend your information system and safeguard your data.
Mismanaged Privilege Levels
An information system is only as secure as those with access to it have proper oversight. If you give employees privileges beyond what they need to do their jobs, they may cause any manner of problems. For instance, an employee whose job it is to troubleshoot your databases can steal or rearrange information if you give them administrator privileges. Another problem that can arise from not managing privilege levels is known as "accidental disclosure." This can occur when an employee stumbles on confidential information and then sends the information to someone else. The employee may or may not know the information in question is confidential.
Software Configuration
Information systems can become compromised when the software running it is altered. Databases, servers and clients all have software telling them operate, and each piece of software has configuration settings. For example, someone in your organization could tweak a server so it will allow non-company computers to join your network. If this occurs, you will notice a sharp decrease in Internet speed as any number of computers steal your bandwidth. Operating systems are also vulnerable to this type of tampering, and any number of configuration changes can leave your system vulnerable. Additionally, if an employee fails to update an operating system or if misconfigured software interferes with this process, it will miss important security patches and upgrades.
Malware
You can inadvertently leave your information system open to malware such as Trojans, rootkits and trapdoors if you do not ensure its various data access points. For example, DHCP servers do not have strong security by default. They will assign any computer an IP address that requests it. You should use authenticated DHCP servers to ensure only your company's computers gain access. In addition, you can use antivirus programs to scan the information that is flowing in and out of your server. This will help you keep your network secure, and also to identify and quarantine infected computers.
Poor Planning
Another thing that information systems can be at risk from is poor organizational planning. You must have clear contingency plans set up in case the system is compromised. Once you have created a clear, concise contingency plan, you should test it under different conditions to ensure it will work. In the event of a catastrophe, you should have clear backups ready to kick in at a moment's notice. Poor planning may be the biggest threat of all to information systems, because it can compound any other problem that might arise.
Tags: information system, your information, your information system, DHCP servers, have clear