{"id":851,"date":"2019-09-23T20:10:30","date_gmt":"2019-09-23T19:10:30","guid":{"rendered":"http:\/\/hjinterim.org\/?p=851"},"modified":"2019-09-23T20:10:30","modified_gmt":"2019-09-23T19:10:30","slug":"the-big-list-of-information-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/hjinterim.tech\/index.php\/2019\/09\/23\/the-big-list-of-information-security-vulnerabilities\/","title":{"rendered":"The Big List of Information Security Vulnerabilities"},"content":{"rendered":"

Information security vulnerabilities are weaknesses that expose an organization to risk. Understanding your vulnerabilities is the first step to managing risk.<\/p>\n

\"Picture1\"
\nEmployees
\n1. Social interaction
\n2. Customer interaction
\n3. Discussing work in public locations
\n4. Taking data out of the office (paper, mobile phones, laptops)
\n5. Emailing documents and data
\n6. Mailing and faxing documents
\n7. Installing unauthorized software and apps
\n8. Removing or disabling security tools
\n9. Letting unauthorized persons into the office (tailgating)
\n10. Opening spam emails
\n11. Connecting personal devices to company networks
\n12. Writing down passwords and sensitive data
\n13. Losing security devices such as id cards
\n14. Lack of information security awareness
\n15. Keying data<\/p>\n

Former Employees
\n1. Former employees working for competitors
\n2. Former employees retaining company data
\n3. Former employees discussing company matters<\/p>\n

Technology
\n1. Social networking
\n2. File sharing
\n3. Rapid technological changes
\n4. Legacy systems
\n5. Storing data on mobile devices such as mobile phones
\n6. Internet browsers<\/p>\n

Hardware
\n1. Susceptibility to dust, heat and humidity
\n2. Hardware design flaws
\n3. Out of date hardware
\n4. Misconfiguration of hardware<\/p>\n

Software
\n1. Insufficient testing
\n2. Lack of audit trail
\n3. Software bugs and design faults
\n4. Unchecked user input
\n5. Software that fails to consider human factors
\n6. Software complexity (bloatware)
\n7. Software as a service (relinquishing control of data)
\n8. Software vendors that go out of business or change ownership<\/p>\n

Network
\n1. Unprotected network communications
\n2. Open physical connections, IPs and ports
\n3. Insecure network architecture
\n4. Unused user ids
\n5. Excessive privileges
\n6. Unnecessary jobs and scripts executing
\n7. Wifi networks<\/p>\n

IT Management
\n1. Insufficient IT capacity
\n2. Missed security patches
\n3. Insufficient incident and problem management
\n4. Configuration errors and missed security notices
\n5. System operation errors
\n6. Lack of regular audits
\n7. Improper waste disposal
\n8. Insufficient change management
\n9. Business process flaws
\n10. Inadequate business rules
\n11. Inadequate business controls
\n12. Processes that fail to consider human factors
\n13. Overconfidence in security audits
\n14. Lack of risk analysis
\n15. Rapid business change
\n16. Inadequate continuity planning
\n17. Lax recruiting processes<\/p>\n

Partners and Suppliers
\n1. Disruption of telecom services
\n2. Disruption of utility services such as electric, gas, water
\n3. Hardware failure
\n4. Software failure
\n5. Lost mail and courier packages
\n6. Supply disruptions
\n7. Sharing confidential data with partners and suppliers<\/p>\n

Customers
\n1. Customers access to secure areas
\n2. Customer access to data (ie. customer portal)<\/p>\n

Offices and Data Centers
\n1. Sites that are prone to natural disasters such as earthquakes
\n2. Locations that are politically unstable
\n3. Locations subject to government spying
\n4. Unreliable power sources
\n5. High crime areas
\n6. Multiple sites in the same geographical location<\/p>\n","protected":false},"excerpt":{"rendered":"

Information security vulnerabilities are weaknesses that expose an organization to risk. Understanding your vulnerabilities is the first step to managing risk. Employees 1. Social interaction 2. Customer interaction 3. Discussing work in public locations 4. Taking data out of the office (paper, mobile phones, laptops) 5. Emailing documents and data 6. Mailing and faxing documents … Read moreThe Big List of Information Security Vulnerabilities<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":858,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"quote","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[25],"tags":[],"class_list":["post-851","post","type-post","status-publish","format-quote","has-post-thumbnail","hentry","category-security","post_format-post-format-quote"],"_links":{"self":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/comments?post=851"}],"version-history":[{"count":0,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/851\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/858"}],"wp:attachment":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/media?parent=851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/categories?post=851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/tags?post=851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}