Security issues caused by personnel

Security issues caused by personnel

Personnel in an organization are all people who have an active role in the organization to help in achieve the overall mission. These are in other words employees. Different employees have different roles and responsibilities in an organization, none of which are inferior or superior to others.

However, on the same line of organization of personnel, those at higher levels of management have more potential to cause harm to the organization. This is attributed to the fact that they have access to more sensitive information that can cause substantial harm to the organization.

This said, all personnel have a potential to cause security issues, regardless of their status in an organization. Higher status only means that less effort is required to cause more harm, while lower status will imply more effort is needed to cause significant harm. Some of the security issues that personnel can cause are;

1. Insider Threats – This is a security issue that involves personnel in the organization disclosing information on weaknesses of the organization infrastructure, technologies and systems, against organization policy, often for personal or financial gain. Insider information can be used by adversaries, including competitors, to cripple an organization or gain an advantageous position.

2. System Misconfigurations – These are specific to personnel involved in the development and/or maintenance of systems, who are mostly Information Systems experts and System Developers. Simple misconfigurations including unintentional omissions can become potential sources of vulnerabilities depending on the access levels and sensitivity of the systems.

3. Data Entry errors – Simple unintentional data entry errors can cause a whole system’s availability to be compromised. This is especially true if the system receiving the data does not validate data during entry or does not include robust standard rules or policies for data handling. This types of security issue can be generated even from personnel at the very bottom of the organization chart, but who have access to certain resources in the system.

4. General Misconduct – Every organization has its dos and donts. Misconduct is defined by the laid out policies and seriousness of the offense varies with the context and threat posed. For instance, failure to meet password policy requirements is an offense, but not as serious as walking in the public with a custom made access control badge of the organization. The latter is more serious in terms of the threat posed, but both are security risks.

 

Security issues caused by personnel
Wiki | thetqweb