The document outlines the critical importance of information security and the various threats organizations face, such as cyber attacks from hackers and viruses. It emphasizes the necessity for robust security policies, employee training, and proper security practices to mitigate risks and protect sensitive information. The document also highlights the implications of data breaches, including reputational damage and financial loss, stressing the need for organizations to have insurance and a proper response protocol in place.

1. Running Head: INFORMATION SECURITY VULNERABILITY
2
Information Security Vulnerability
Introduction
The most important part of any business or organization
information is the security infrastructure. All information big
or small, sensitive or insensitive must be protected by some
degree of information security. "Navigating the multitude of
existing security standards, including dedicated standards for
information security and frameworks for controlling the
implementation of IT, presents a challenge to organizations.
Adding to the challenge is the increase in activities of terrorist
groups and organized criminal syndicates” (Sipior & Ward,
2008).
Threats and Vulnerabilities
Threats and vulnerabilities are a common occurrence in regards
to computer security. Computer networks that are flawed and
weak are vulnerable to be exploited. The exploitation of
computer networks can be done by terrorist, hackers, and an
organizations or business on employee. "Inexperience,
improper training, and the making of incorrect assumptions are
just a few things that can cause these misadventures" (Whitman
& Mattord, 2009, p. 42).
Problem Statement:
What is the protocol if an organization or business most critical
information is leaked or hacked that can cause grave damage to

2. an organization, business, or customers account information?
What would be the financial situation to recover from such
attack with the network? The following questions are a few
questions that top management must have in information
security policies.
It is most likely that any organization or business profits would
decrease and the reputation of each would change. With that
comes the legality responsibility of the organization or
business. Owning up to a security breach within an
organization or business can be detrimental to the overall health
of finances throughout the organization or business as well as
notifying all parties involved in the breach. Having coverage
such as insurance to protect the organization or business is a
must and also a great deal to protect the reputation, assets, and
continue functioning overall. "Although every state breach
notification law covers businesses, there are differences
regarding coverage of other entities such as government
agencies and third-party storage providers, as well as
differences regarding the information each law defines as
'personal'" (Shaw, 2010).
Relevance and Significance:
There will always be some type of glitch with in a computer
network that may deter the system from being fully secured
unless the computer is not being used. Information security
program goals is to deliver a level of security platforms that
supports the organization or business security infrastructure at
its best by meeting all requirements set forth through the policy
and controls and keeping the bad guys out.
Key Concepts
Confidentiality, integrity, and availability are the largest threats
of sensitive information. The need to know must be used
throughout the organization or business. Having the proper
employees with authorized access to confidential information is
a major key player in an organization or business information
security programs and policies. Those employees must be held
to a higher standard of integrity as well. Without integrity from

3. employees with the need to know access threats and
vulnerabilities may happen on a daily occurrence. "Through
simplistic password guideline changes and employee password
security training on the use of mnemonic devices in password
development, organizations can better guard against human
error while maintaining safe practices for user authentication
that guard against external threats." (Carstens, McCauley-Bell,
Malone, & DeMara, 2004).
Common Information Security Threats
According to the National Institute of Standards Technology
(2009), a survey conducted by the Computer Security Institute
revealed that, "50% of small businesses surveyed reported
computer viruses as the cause of the breach" (National Institute
of Standards and Technology, 2009). Viruses through computer
networks come in all types of forms and are becoming a serious
problem for organizations and business that have not taken the
proper procedures or financial assets for placing security
measures throughout their computer networks to protect them.
Most common denominator for the cause of viruses is through
daily email attachments. Having some type of firewall in place
is a must. It must be properly installed and configured to
protect the network.
Recommendations
One tool that maybe used to combat viruses through the
computer network is anti-virus software products. That is one
of the most cost friendly tools to be used and acquire especially
for a small organization or business just coming up. A simple
definition update through an anti-virus software product can
protect your computer network. It may seem irrelevant but it is
a great tool that can help protect the network. A security
awareness survey by Johnson & Kock (2006) found that most of
the viruses came from the viruses’ scanner software. Ninety-
two percent of users have antiviruses in their computer’s but
only 50% of them keep their software’s updated. A huge ratio
doesn’t give priority to such software’s and a negative result
goes towards computer security (vol. 6, pp.130b).

4. References
Carstens, D. S., McCauley-Bell, P. R., Malone, L. C., &
DeMara, R. F. (2004). Evaluation of the Human Impact of
Password Authentication Practices on Information Security.
Informing Science: The International Journal of an Emerging
Transdiscipline, 7, 67+. Retrieved from http://www.questia.com
Johnson, D.W., & Kock, H. (2006). Computer Security Risks in
the Internet Era: Are Small Business Owners Aware and
Proactive? Proceedings of the 39th Annual Hawaii International
Conference on System Sciences (vol. 6, pp.130b).
National Institute of Standards and Technology (Creator).
(2014, May 18). Information technology security for small
businesses [Video]. Retrieved from
http://www.youtube.com/watch?v=ajwX-7jVLo0.
Shaw, A. (2010). Data Breach: From Notification to Prevention
Using PCI DSS. Columbia Journal of Law and Social Problems,
43(4), 517+. Retrieved from http://www.questia.com
Sipior, J. C., & Ward, B. T. (2008). A Framework for
Information Security Management Based on Guiding Standards:
A United States Perspective. Issues in Informing Science &
Information Technology, 5, 51+. Retrieved from
http://www.questia.com
Whitman, M.E., & Mattord, H. J. (2009). Principles of
information security (3rd ed). Boston, MA Course Technology.