Information Technology
An asset can be defined as something that is valuable or of quality. In the IT sector, an asset comprises data, the systems that contain the data, IT infrastructure (hardware or software), or the human resources required to run them in order to achieve the business functions of an organization. Threats in the IT realm indicate expressions of intentions to cause injury or harm to IT assets, especially those aimed at data, computer networks, or other systems. There are two types of threats: internal and external. Internal threats emanate from within the organization, for example from disgruntled employees, while external ones from hackers and malicious competitors (Shimonski). In an organization, the chief security officer of the information technology department is tasked with the senior level responsibility of aligning the security initiatives with various enterprise programs, business functions, and objectives, and ensuring that the information technology assets and technology are properly and adequately protected. He or she becomes responsible for ensuring data privacy and security, supervising identity and managing access to IT infrastructure, conducting electronic discovery and digital forensics investigation, ensuring regulatory compliance, establishing various security related policies and implementing them, and working with higher level company executives to facilitate the disaster recovery and business continuity strategies ("What Is CISO (Chief Information Security Officer)?"). In assessing and identifying the threats that face the company’s information security system, two essential assets can be determined: servers and network infrastructure.
Servers are powerful computers and programs that provide services to other programs and fulfills the client requests for services from other programs in a remote computer. Web servers are examples of specialized servers that serve HTML files requested by client computer programs such as web browsers. Servers can crash easily if not properly maintained on a regular basis. Servers are delicate due to the functions that they perform in ensuring that interconnected computers are able to communicate and share information. Failure to install server security software makes the server vulnerable to hacking, for example, using brute force attacks, and denial of service techniques. In brute force attacks, the hacker uses the SSH server or mail server to guess the root access password using tools that can find combinations to crack the password. The denial of service is a method used by attackers to shut off access to the company site by increasing network traffic such that the server crashes. The biggest threat to server security is user carelessness. With easy to guess passwords, lack of antivirus, and unpatched software, it becomes easier to hack and gain access to the company server (Hampton).
Network Infrastructure
Network infrastructure refers to the software and hardware components that are used to facilitate network connectivity and communications between machines. These resources provide the communication path and services between users, applications, services, and the internet or external networks. Attackers of the organizational network infrastructure can perform a reconnaissance type of attack. This entails probing the network systems to test whether they are being monitored and to map the network for future attacks. These types of attacks may be physical or virtual. Physical network attacks may involve theft of networking equipment, for example, routers, switches, or networking cables such as fiber optics or Ethernet cables used to setup LAN or WAN networks within and outside the organization. Virtual attacks, on the other hand, may be implemented by trying to find a Linux system on a DMZ (demilitarized zone) and trying to gain root access (Shimonski).
Works Cited
Hampton, Tavis. "9 Server Security Threats You Should Definitely Know - Webmaster View".Webmasterview.com. N.p., 2016. Web. 23 June 2016.
Shimonski, Robert. "Threats And Your Assets – What Is Really At Risk?” WindowSecurity.com. N.p., 2004. Web. 23 June 2016.
"What Is CISO (Chief Information Security Officer)?” WhatIs.com. Web. 23 June 2016.