Information Systems Security Vulnerability Assessment – An Organizational Analysis
A vulnerability assessment is one of the significant steps in information systems security. It involves categorizing and rating risks relevant to the security of data and systems in an organization’s information technology network to eliminate threats.
Within an organization, the potential harm that the registered users can cause in accessing the organizational data is quite huge. Any person allowed entry to information assets may leak the information by either mistake or deliberately, which would call for financial losses, lead to a negative reputation, and even attract the law. Also, in this case, data risk may be realized through intellectual property theft, which occurs when people legally allowed access to the holding facility misuse or sell trade secrets, patents, or even copyrighted property. This is a disadvantage since it reduces the company’s competitive edge and market position.
However, it is fateful if an unauthorized party gets a hold of electronic company information. This may lead to insecure exposure of data to other people, hence leading to loss of money, tarnishing the image of an organization, or leading to legal suits. Of equal importance to the potential consequences of unauthorized access is the loss of confidentiality, as customer information, secret formulas, financial reports, or statements fall under threat and consequently jeopardize the firm’s image and the credibility of its customers. Other threats include loss of intellectual properties such that personal, unauthorized people can take, alter, or use the firm’s proprietary software, designs, or research data, which erode the firm’s competitiveness and ability to innovate. Moreover, unauthorized access causes the cessation or slowdown of business operations and, consequently, financial losses that prevent a company from efficiently meeting customers’ demands and fulfilling its goals.
To protect information, organizations must follow different regulations and guidelines. For instance, The General Data Protection Regulation (GDPR) of the European Union protects the privatization and safeguarding of information (Van Alsenoy, 2019). The Payment Card Industry Data Security Standard (PCI DSS) lays down the requirements for securing credit card data. HIPAA also stands for Health Insurance Portability and Accountability Act, and it sets requirements regarding the privacy of individual health information. The ISO/IEC 27001 is an International Organization for Standardization that addresses the minimum requirements for Information Security Management Systems for use by organizations.
According to the shared information, two points that the organization has to enhance information security are access control and employee training and awareness. Some steps can be taken to ensure that sensitive information is only accessed by the right personnel; they include increasing physical security by adopting strict forms of access control, reviewing user rights periodically, and observing users’ activities. Addressing employee understanding and securing them against possible threats that may endanger the organization’s information requires offering comprehensive training and awareness programs. This can go a long way in nurturing security awareness and diminish cases of insiders being a threat.
References
Van Alsenoy, B. (2019). General Data Protection Regulation. In Data Protection Law in the EU: Roles, Responsibilities and Liability (pp. 279–324). https://doi.org/10.1017/9781780688459.021
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Your assignment for this journal is to use what you learned throughout this course to prepare a vulnerability assessment related to information systems security. You can use the company where you work (do not use names) or a place where you worked in the past. If you work at a large corporation, simply prepare an assessment for your department. Cover the following topics in your vulnerability assessment.
Information Systems Security Vulnerability Assessment – An Organizational Analysis
• Discuss the potential harm that can result from authorized individuals accessing company information.
• Explain the impact if an unauthorized person gains access to the electronic company information.
• Identify any regulations or guidelines the company must follow to help protect information.
• Identify two areas where you think the company needs to improve information security.
Your journal entry must be at least 400 words in length. No references or citations are necessary.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.