Information technology improvements have brought about issues on the data linked to poor security in IT compromising network services. Inefficient security in IT may result in compromised integrity of data because of illegal access. The paper will provide an analysis of risk-management policies including the use of routers revealing mitigations network security breaches like illegal data access and their mitigations.
Risk management policies
Protection of computers using network routers is a defensive strategy that can be employed as a risk management policy. A network router permits several computers to use the same connection of the internet and secures the access ports of these computers. It also sieves communication and hinders illegal access. Default passwords should also be changed regularly in the wireless routers. Private information can also be secured by ensuring that all operating systems are always updated, and an effective antivirus and spyware run frequently. Information should be stored in external hard drives which should be put away when not in use (Conclin et al, 2012).
Preparation and vigilance is also another important risk management policy. It needs to be supported by a complicated structure of information technology with realistic guidelines that people can use. After protecting the computers, liability insurance should be purchased to shield the computers from lawsuits that claim negligence in case there is a breach.
Mitigation of risks
Technical security breaches are brought about by various technical issues. Many a times, computers operate on various software applications which may be abused by malicious people. Keeping software up-to date helps reduce these vulnerabilities. This can be mitigated by putting in place a program on patch management which seeks applications that are vulnerable, and frequently updates them. Weak configurations make computers vulnerable to security attacks especially those connected to the internet (Lockhart, 2007). This can be mitigated by establishing a policy of configuration management that joins all hardware to the internet. Using mobile devices like laptops and smart phones is on the increase yet they have not been secured. These devices are employed to carry out work outside the office where there is no security. When these devices are lost, attackers may invade the applications by use of malicious codes. These can be mitigated by improving the security of these devices in case of theft.
Insider threats can be very dangerous and are mainly caused by carelessness or evil attempts. Mitigation of this threat entails the establishment of a good management system, forbidding insiders access to private information and permitting them to only carry out particular functions (Halper, 2003). Auditing should also be carried out to monitor unwanted activities. Regular training is recommended to give users knowledge on insider threats.
Poor passwords also contribute to insider threats. Strong passwords are very important especially in the protection of crucial information. Most passwords usually follow a link to something or someone’s life making them more vulnerable to programs of password cracking. This problem can be mitigated by using password- generating systems. Users should also be educated on the importance of keeping their passwords secure. Physical security is also crucial in protecting important information. These measures may include prohibiting access to areas and computers that have sensitive information like the server rooms and routers. This can be mitigated by putting in place physical security systems like surveillance systems, procedures of system recovery and alarms.
Understanding the cause of threats is essential in ascertaining that there is total protection of important data. Any network is prone to attacks, therefore, a program on data security is important in the mitigation of such threats. The risks should first of all be identified then assessed. Security policies should then be defined and implemented. Regular implementation of these policies proves the readiness of organizations to counter security threats and improve security.
Conclin, A., White, G., Williams, D., Davis, C, Cothren, C. & Schou, C. (2012). Principles of Computer Security CompTIA Security+ and Betond (Exam SYO-301). New York: McGraw Hill Prof Med/Tech.
Halper, A. (2003). Quantifying the financial impact of IT security breaches. Information Management & Computer Security. Vol. 11 (2)74-83.
Lockhart, A. (2007). Network security hacks. Beijing: O’Reilly.