Assets and Threats What Is at Risk Term Paper

Pages: 12 (3224 words)  ·  Bibliography Sources: ≈ 12  ·  File: .docx  ·  Level: College Senior  ·  Topic: Business

Assets Threats

Assets and Threats-What is at risk?

Assets and Threats Defined

Origins of Business Threats/Types of Threats

Reconnaissance Threats

Denial of Service

Data Manipulation

Other Threats

Internal Vs. External Threats

Techniques For Preventing Attacks

How Do Natural Threats Pose A Risk

Best Measures to Protect Assets

Assets and Threats-What is at risk?

Studies suggest that threat assessment is increasingly important within the organizational context (Grassie, 2000; Schwartz, 2003). More and more organizations are faced with low probability yet high consequence threats that often result from technological advances enabling internal and external forces to attack information systems (Grassie, 2000). While all threats do not necessarily pose a risk to an organization, organizations must work to at minimum recognize potential threats and take measures to protect themselves from threats.

Download full Download Microsoft Word File
paper NOW!
The purpose of this paper is an examination of typical business threats and risks and identify what steps an organization must take to identify and protect themselves from threats when considering a security risk management program. To accomplish this the researcher will examine (1) what types of business threats exist (2) what steps organizations can take to successfully mitigate risks and (3) what changes are needed in organizational structure or daily activities to prevent future risks.

Term Paper on Assets and Threats What Is at Risk Assignment

In examining these issues it is important to differentiate threats from risks. Threats are potential negative forces that may impact an organizations bottom line or productivity; risks are more "probably oriented" and "business oriented" and involve the level of threat that actually exists within an organization (Grassie, 2000). Analysis of the two go hand in hand when examining an organizations risk in the short- and long-term.

Background to the Problem

Studies suggest that the cost of confidential information stolen from businesses including Fortune 1000 companies in recent years has exceeded 100 billion dollars every year (Schwartz, 2003; Sozio & Drab, 2001). Rapid technological advances have enabled ordinary hackers to acquire inexpensive surveillance and data manipulation equipment that has resulted in countless attacks on corporate and private computer systems (Schwartz, 2003; Sozio & Drab, 2001).

Fortunately organizations can adopt multiple strategies to minimize their risk. The primary step an organization must take to protect its assets is risk analysis (Grassie, 2000). Risk analysis enables an organization to determine what internal and external threats may exist within the organizational context. Risk analysis should be conducted comprehensively to include valuing assets within the organization, measuring past threats, measuring relative exposure to current threats and identifying opportunities for future threats to the organization (Grassie, 2000).

Significance of Problem

There are multiple threats that exist in society today capable of incapacitating an organization (Grassie, 2000; Schwartz, 2003). These threats if not identified early on lead to continuing business risk and the potential for catastrophic destruction of an organizations assets, including information systems, organization systems and even people within the organization.

Both internal and external threats are increasing in number as rapid technological advances provide opportunists with more ways to access organizational systems. It is important more than ever that organization work to identify with threats are plausible and develop security programs that will minimize the likelihood that a threat or catastrophe will occur in the near future.

Literature Review

Assets and Threats Defined

Shimonski (2005) defines a threat as "an expression of an intention to inflict pain, injury, evil or punishment" or "an indication of impending danger or harm" (1). An asset is anything an organization considers as "useful or valuable," whether a resource or an advantage (Shimonski, 2005). An asset is something an organization works to protect. Assets within an organization may include the systems used within an organization, the people that work within an organization and the data that systems within an organization contain (Shimonski, 2005). It is not enough for an organization to consider one vs. another; rather an organization must consider all three an essential aspect of business practice.

Origins of Business Threats/Types of Threats

Business threats can occur internally and externally. It is anything that might threaten an organizations computer networks, systems or people (Shimonski, 2005). There are unique threats that go hand in hand with each of the primary assets an organization holds dear. Shimonski (2005) outlines several categories of threat that present within an organization. These include (1) recon or reconnaissance threats, (2) DoS or Denial of Service threats and (3) data manipulation threats (Shimonski, 2005). Each of these threats are unique and deserve careful examination.

Reconnaissance Threats

"recon" attack occurs when an individual attempts to ascertain whether your network or system exists and subsequently tries to map your system possibly for planning future attacks (Shimonski, 2005). Often referred to as a probing, this form of attack involves searching for vulnerabilities within the system, which is usually accomplished via scanning systems in open ports, using ping commands or performing ping sweeps (Shimonski, 2005). Tools used to sweep systems are freely available on the web thus anyone can access them and use them to hack your computer of system (Shimonski, 2005).

Denial of Service

This is a serious attack that is easy to carry out. It is an attack against a system that will prevent the system from carrying out common functions (Shimonski, 2005). Microsoft systems generally offer multiple windows of opportunity for DoS attacks. DoS attacks can target an Internet access router or your PC with Trojans, utilizing a computers CPU and preventing proper functioning (Shimonski, 2005; Grassie, 2000).

Data Manipulation

This is an even larger threat today particularly for organizations that rely on data to perform day-to-day business (Garcia, 2000). Data manipulation can be attacked internally (via a disgruntled employee) or externally (Shimonski, 2005; Grassie, 2000). An attacker can also intercept traffic between two PC's and manipulate or exploit, change and modify records in this way (Shimonski, 2005). Failure to protect this data can result in extreme legal measures, thus it makes more sense to protect data rather than subject oneself to the consequences of a hack attack on data (Grassie, 2000. Organization should work to identify whether design-based threats are real and probably or highly likely as part of business security risk analysis measures (Grassie, 2000).

Other Threats

Every organization has a responsibility to protect data, which includes organizational records. Organizations rely on data to "analyze, reduce and eliminate business risks including new ventures, losses or loss of business (Sampson, 1992). There are multiple steps an organization can take to help protect data within the organization.

Specific types of threats that are technology oriented and may enable data manipulation, recon or denial of service include the following:

Key logger systems or other technologies that allow individuals to gather encrypted computer data and use them at their disposal (Schwartz, 2003).

Carnivore, a communications traffic analyzer type software that can allow someone to scan email messages within streams of information, and uses a filter to capture desired text or email addresses, whether encrypted or not (Schwartz, 2003). This program is actually developed by the FBI who claims access is guarded, but similar programs exist that allow individuals to scan emails and collect desired information.

Password retrieving software that hackers can use to gain access to passwords necessary to break encryption systems (Schwartz, 2005). One example is KLS, which requires a hacker have physical access to the computer, suggesting an internal threat. This program specifically exploits "some of the same weaknesses in popular commercial software that allow hackers to break into computers" (Schwartz, 163).

Text collectors that collect information including online conversations that travel from computer to computer (Schwartz, 2003).

Many systems mentioned above are actually hacking systems developed by government agencies for surveillance operations; the fact that the technology exists in some form or another however suggests tat it is open to exploitation (Schwartz, 2003). Even 'fair use' of such systems may cause excessive anxiety and accusations of espionage or spying (Schwartz, 2003).

Internal Vs. External Threats

Internal threats are not the same as external threats. Each may be equally as damaging. Internal threats come from internal sources, including disgruntled employees that may delete data not backed up or manipulate data they have access to using corporation PC's (Shimonski, 2005). External attacks come from unknown sources that tend to scan edge routers and hence originate outside an internal network (Shimonski, 2005).

Schwartz (2003) identifies internal and external threats to technology infrastructures vulnerable to attack, suggesting that trade secret theft is another security threat that may result in billions of dollars in damage, yet is one that organizations often overlook or are not prepared to manage (p. 163). Preventing such threats may be as simple as utilizing organizational surveillance tools and extending legal prosecution for violators of trade secret agreements (Schwartz, 2003).

Techniques For Preventing Attacks

There are many steps a company can take to help minimize the security risk threats pose. These include:

Conducting an annual risk assessment that allows technical and security analysts and engineers to evaluate a systems security and identify what threats may exist (Shimonski, 2005; Grassie, 2000; Garcia, 2000).

Performing an infrastructure analysis, which allows a company to test its… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Download full paper (12 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Risk Assessment Report Assessment

Risk Management Tools Term Paper

Risk Management Explain the Difference Essay

Risk Aversion White Paper

Risk Assessment Document Term Paper

View 200+ other related papers  >>

How to Cite "Assets and Threats What Is at Risk" Term Paper in a Bibliography:

APA Style

Assets and Threats What Is at Risk.  (2005, October 1).  Retrieved June 14, 2021, from

MLA Format

"Assets and Threats What Is at Risk."  1 October 2005.  Web.  14 June 2021. <>.

Chicago Style

"Assets and Threats What Is at Risk."  October 1, 2005.  Accessed June 14, 2021.