Reply To: OCU ISSO Week 3 Lesson 12 Discussion
I choose a compromise from within. This kind of threat happens when users with certain privileges misuse those permissions. A compromise form within is the unauthorized disclosure, modification, substitution, or use of sensitive data, or the unauthorized modification of a security-related system, device, or process to gain unauthorized access.
I chose this kind of system threat because I feel that having unauthorized access to data can not only harm the organization it was stolen from, but other people, nations, and the ones who stole the information. Take the leaked or stolen information from the Pentagon that the young serviceman took. He had access and security clearance to that information. He was not only trusted by the Pentagon but by top military officials as well. Whatever his reasons were he decided to steal that information, take it home and copy it and then share it on the internet. I think this kind of threat can harm an organization because it comes from trusted individuals that are working for the organization. Unless that individual shows signs of strange behavior or is asking a lot of questions, an organization might never see the threat coming, let alone expect it.
As a security officer would need to have the right security measures and protocols in place and make sure that they are implemented in the best possible way. Measures such as firewalls, making it so you can’t download or print sensitive material, no personal devices while at work on the job, security cameras, and security training. I would even go as far as checking people’s backpacks, coats, briefcases, etc when leaving a particular organization or government facility.