Sunday, February 17, 2019

List of Information Security Vulnerabilities

The Big List of Information Security Vulnerabilities

        posted by , June 27, 2016

Information security vulnerabilities are weaknesses that expose an organization to risk. Understanding your vulnerabilities is the first step to managing risk.

Employees

1. Social interaction 
2. Customer interaction 
3. Discussing work in public locations 
4. Taking data out of the office (paper, mobile phones, laptops) 
5. Emailing documents and data 
6. Mailing and faxing documents 
7. Installing unauthorized software and apps 
8. Removing or disabling security tools 
9. Letting unauthorized persons into the office (tailgating) 
10. Opening spam emails 
11. Connecting personal devices to company networks 
12. Writing down passwords and sensitive data 
13. Losing security devices such as id cards 
14. Lack of information security awareness 
15. Keying data 

Former Employees

1. Former employees working for competitors 
2. Former employees retaining company data 
3. Former employees discussing company matters 

Technology

1. Social networking 
2. File sharing 
3. Rapid technological changes 
4. Legacy systems 
5. Storing data on mobile devices such as mobile phones 
6. Internet browsers 

Hardware

1. Susceptibility to dust, heat and humidity 
2. Hardware design flaws 
3. Out of date hardware 
4. Misconfiguration of hardware 

Software

1. Insufficient testing 
2. Lack of audit trail 
3. Software bugs and design faults 
4. Unchecked user input 
5. Software that fails to consider human factors 
6. Software complexity (bloatware) 
7. Software as a service (relinquishing control of data) 
8. Software vendors that go out of business or change ownership 

Network

1. Unprotected network communications 
2. Open physical connections, IPs and ports 
3. Insecure network architecture 
4. Unused user ids 
5. Excessive privileges 
6. Unnecessary jobs and scripts executing 
7. Wifi networks 

IT Management

1. Insufficient IT capacity 
2. Missed security patches 
3. Insufficient incident and problem management 
4. Configuration errors and missed security notices 
5. System operation errors 
6. Lack of regular audits 
7. Improper waste disposal 
8. Insufficient change management 
9. Business process flaws 
10. Inadequate business rules 
11. Inadequate business controls 
12. Processes that fail to consider human factors 
13. Overconfidence in security audits 
14. Lack of risk analysis 
15. Rapid business change 
16. Inadequate continuity planning 
17. Lax recruiting processes 

Partners and Suppliers

1. Disruption of telecom services 
2. Disruption of utility services such as electric, gas, water 
3. Hardware failure 
4. Software failure 
5. Lost mail and courier packages 
6. Supply disruptions 
7. Sharing confidential data with partners and suppliers 

Customers

1. Customers access to secure areas 
2. Customer access to data (ie. customer portal) 

Offices and Data Centers

1. Sites that are prone to natural disasters such as earthquakes 
2. Locations that are politically unstable 
3. Locations subject to government spying 
4. Unreliable power sources 
5. High crime areas 
6. Multiple sites in the same geographical location


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)