A company’s physical security team analyzed physical security threats and vulnerabilities for its systems. What types of vulnerabilities did the company focus on?
The types of vulnerabilities that the company will focus on are access control and environmental, and human vulnerabilities. Access control is weaknesses in the system that allow entry into restricted and confidential areas. Cybercriminals could try to break into systems and a strong password would help keep them out. Also, from the video in class, we saw that an individual broke into 3 branches of a bank. The man simply had an ID with the brand Oracle on it and was able to use a USB on many devices. The employees allowed the man to go through. Environmental vulnerabilities are risks from natural disasters like floods or earthquakes. The location of data services is important as well. It is vital to avoid areas that face more hurricanes and earthquakes. Human vulnerabilities are weaknesses related to employees like poor security awareness and social engineering risks. In class, we viewed a video about how someone was able to get into someone’s account by having fake baby noises playing in the background.
Hi Neel
I agree with your insights, i like how you linked the vulnerabilities to the video clips we watched. I will also add some technical threats in my watchlist. Thanks.
The first vulnerability a company should focus on is unauthorize physical access. Those who are not employees should not be in the building unless accompanied by an authorized individual. Other restricted areas such as server rooms should only be accessed by a certain number of employees who are authorized, unauthorized access can lead to other threats like theft, and vandalism. Having the equipment to dictate environmental threats such as inappropriate temperature and humidity, fire and smoke, water damage, biological, and radiological threats is a vital area to focus on. The organization should be able to assess the high risk of natural disaster in choosing the location of data centers. Technical threats such as uninterrupted power supply (UPS), battery backup unit, emergency power supply like generators in the case of longer blackouts. Lastly an organization should focus on internal vulnerability that can be exploited by threat actor such as insider threats by employees, the best way to mitigate it is; providing adequate security education, awareness training to the employees.
Neel Patel says
The types of vulnerabilities that the company will focus on are access control and environmental, and human vulnerabilities. Access control is weaknesses in the system that allow entry into restricted and confidential areas. Cybercriminals could try to break into systems and a strong password would help keep them out. Also, from the video in class, we saw that an individual broke into 3 branches of a bank. The man simply had an ID with the brand Oracle on it and was able to use a USB on many devices. The employees allowed the man to go through. Environmental vulnerabilities are risks from natural disasters like floods or earthquakes. The location of data services is important as well. It is vital to avoid areas that face more hurricanes and earthquakes. Human vulnerabilities are weaknesses related to employees like poor security awareness and social engineering risks. In class, we viewed a video about how someone was able to get into someone’s account by having fake baby noises playing in the background.
Nelson Ezeatuegwu says
Hi Neel
I agree with your insights, i like how you linked the vulnerabilities to the video clips we watched. I will also add some technical threats in my watchlist. Thanks.
Nelson Ezeatuegwu says
The first vulnerability a company should focus on is unauthorize physical access. Those who are not employees should not be in the building unless accompanied by an authorized individual. Other restricted areas such as server rooms should only be accessed by a certain number of employees who are authorized, unauthorized access can lead to other threats like theft, and vandalism. Having the equipment to dictate environmental threats such as inappropriate temperature and humidity, fire and smoke, water damage, biological, and radiological threats is a vital area to focus on. The organization should be able to assess the high risk of natural disaster in choosing the location of data centers. Technical threats such as uninterrupted power supply (UPS), battery backup unit, emergency power supply like generators in the case of longer blackouts. Lastly an organization should focus on internal vulnerability that can be exploited by threat actor such as insider threats by employees, the best way to mitigate it is; providing adequate security education, awareness training to the employees.