InfoSec: What are the threats?

Whenever risk assessments are done in regards to information security (InfoSec) there must be thorough research or intelligence gathering of both existing and current threats as well as projected or possible future threats. There are three threats that are looked at; intentional threats, natural threats, and inadvertent threats.

Intentional threats: Identifying adversaries and evaluating their capabilities and intention to target specific information and data assets is a must in mitigating current or future threats. Hollywood puts a spy twist on these adversaries for dramatic viewing but don't overlook rival corporations or former or current employees that have a vendetta.

Natural threats: Is there a back-up plan if the company is caught in an eathquake, tornado, or other natural disaster? Many companies don't go under because they lost their facilities but because they lost their data that keeps their facility in business. There must be an effective emergency preparedness plan as part of a business continuity plan. Be prepared for natural disasters that can severely affect your business operation.

Inadvertent threats: An often overlooked threat is the inadvertent threat. Human error cannot be overlooked. People make mistakes and those mistakes can be costly. Many companies have "phishing" tests for this reason. Social engineering, when the inadvertent threat and the intentional threat meet. Data that becomes open-source that should be restricted.

The point really is how secure is your data and how robust is your back-up plan if your data appears to be lost. Safety and vigilance should be adhered towhen it pertains to data as well.