Case Scenario:
You are the recently appointed head of a security team responsible for protecting the information holdings of a business organisation of some 600 staff. The organisation is housed in a detached, multi-storeyed building located in the central business district of an Australian city.
The security team is responsible for overseeing the security of information from deliberate and accidental threats. A recent audit of the information security management system found it to be deficient in some key areas, notably social engineering exploitation of personnel, an apparent lack of personnel awareness of the various threats to information, and poor password security. These issues were identified as needing urgent remedy.
Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team.
Based on scenario:
1) Describe with example, on the 6 threats i have identified:
- 2 Physical Threats - Sabotage, Natural disaster
- 2 Human Threats - Social engineering, poor password
- 2 Electronic Threats - Malware, Phishing
2) Based on each of the 6 identified threats above, develop an effective counter-measure.
(Altogether 6 countermeasures)
* a paragraph for each threat / countermeasure
* Please do not provide definitions only.
* Please avoid over-quoting from sources. Minor citation allowed
* Any sources of knowledge should be credible, i.e. provide authors, title, urls
(exclude wikis, blogs, or personal opinions)