Question

You should consider the case of a small to medium enterprise (SME) which may employ up to 200 people. There are different sections in the enterprise, such as accounting, sales, purchases, marketing, human resources, and general administration. The enterprise has a web site with general information about the company, e-commerce functions, to enable online orders to be placed and deposits to be taken, customer relationship management, including form-to-email facilities, and an online job quoting system. These applications and other enterprise software packages are available on the company’s intranet, which stores its (confidential) corporate data. All employees have a company email address, a personal login for access to the company’s intranet. There is a BYOD (Bring Your Own Device) policy implemented. The enterprise uses a cloud archiving service for all its corporate data.

Identify what you consider to be three of the most significant information security risks pertinent to Physical assets (Computer equipment, Communication equipment, Storage media, Technical equipment, Furniture and fixtures)?

and

Identify what you consider to be three of the most significant information security risks pertinent to Services (Outsourced computing services, Communications services, Environmental conditioning services)?

Answer 1

Physical Assets:

Computer equipment, Communication equipment, Storage media, Technical equipment, Furniture and fixtures

1. Carry out abusses of hardware and media, such as physical assaults on equipment and discard material.

2. Electronic interference and eavesdropping belong to this class as well, but were not commonly observed.

3. Using a computer program as an indirect aid in performing a criminal act, as in auto-dialing telephone numbers in pursuit of modem response, cracking encrypted password files from another device, or operating an illegal company.

For example, the computerization of drug operations is increasing.

Service:

Outsourced computing services, Communications services, Environmental conditioning services

1. The danger to services may be in terms of overwhelming the website with a lot of unwanted access in the form of a Denial of Service.

2. Outsourced computer facilities, connectivity and environmental conditioners facilities likewise, correspondence systems can be compromised by taping the telephone numbers for personal data to be collected and then used as extorsion and chastisement.

3. Some kind of cyber attack can jeopardize the service provided in terms of safety and quality as well.

Please don't forget to like the solution if it is useful . Thank you.