week 6

profilealokreddy
sai.docx

Effects of Human Nature on Access Controls

 

            Human nature deals with the human qualities and characteristics shared by all Human beings. Human nature affects with events in the organization on how we analyze events and react to others and the type of decisions we make every day. Generally human nature explained the need to avoid punishment by following certain norms which was not the case all the time in the organizations. In fact, sometimes human nature is the greatest vulnerability in access controls to the organizations. Major problem to access controls comes with human beings making mistakes unintentionally without knowing they are exposing the company’s sensitive data. There would be cases where employee in the organization deleted the data by mistake when they are accessing the sensitive documents. Sometimes there would be the cases where employees share the sensitive data of the organization unintentionally to other person putting organization at risk of their data being accessed by the hacker. Also, majority of the employees doesn’t understand the effects of harmful virus and spam emails. There would be the cases where employees click on harmful emails and share them with other employees spreading the virus in the organization by increasing the vulnerability in the systems. Also, there would be a major concern with USB drivers used by the employees to transfer files from the office computer. Employees transfer files from the office laptop to their personal computer causing transfer of virus from their personal computer to the office laptops. Also, there are major chances of employee laptops and their devices being stolen when left unattended in the public places. The most important thing here is the confidential information present in the laptop which can be accesses by the hacker.

 

Training programs needs to be implemented by the company in dealing the access controls to the risk of threat due to their unintentional human behavior. Hackers can gain access in to the vulnerable systems for various reasons like stealing financial information and sensitive data of the organization. Organizations can install strong antivirus software’s to get their systems protected from hackers during the events of attack. There are various social engineering attacks including claiming false identity. There are cases where employees receive calls from customer support asking for sensitive details and stealing information damaging the company resources. Employees needs to be given awareness on the mobile numbers which will be received from the organizations to prevent these kinds of false calls from unknown identities. Piggybacking in one of the common forms of social engineering tactic where intruder can enter in to the company building without any proper identifications to steal company’s resources. There would be cases where intruder makes some other employee believe by mentioning names of other employees to enter in to the building thereby causing damage to the resources.

 

Company needs to provide strict authentication systems by proving badge ids and biometric systems wherever possible in accessing sensitive applications and server rooms. Also, company needs to protect their sensitive documents assets by installing cameras where necessary to track for any suspicious activities for protecting the sensitive documents. Company needs to background checks on the employees they were hiring in to the organization. This is very much essential in protecting company’s sensitive documents and to ensure the hiring candidate does not have any history of criminal record. Company should ensure the person they were hiring can be trusted and doesn’t harm any company resources. Also, candidate needs to be verified for any drug history as well as any sex offender listings. Also, for any financial institutions before hiring any candidate they need to verify credit reports and as well as bankruptcies on their history.

 

 

References

Chapple, M., Ballad, B., Ballad, T., & Banks, E. K. (2014). Access control, authentication, and public key infrastructure. Burlington, MA: Jones & Bartlett Learning.

Capone, J. (2018, May). The impact of human behavior on security. Retrieved from https://www.csoonline.com/article/3275930/data-protection/the-impact-of-human-behavior-on-security.html