Home
Business Guide
 
simplicable technology guide   »  security   »  security vulnerabilities   »  list of security vulnerabilities

The Big List of Information Security Vulnerabilities

        posted by , June 27, 2016

Information security vulnerabilities are weaknesses that expose an organization to risk. Understanding your vulnerabilities is the first step to managing risk.

security vulnerabilities

Employees

1. Social interaction
2. Customer interaction
3. Discussing work in public locations
4. Taking data out of the office (paper, mobile phones, laptops)
5. Emailing documents and data
6. Mailing and faxing documents
7. Installing unauthorized software and apps
8. Removing or disabling security tools
9. Letting unauthorized persons into the office (tailgating)
10. Opening spam emails
11. Connecting personal devices to company networks
12. Writing down passwords and sensitive data
13. Losing security devices such as id cards
14. Lack of information security awareness
15. Keying data

Former Employees

1. Former employees working for competitors
2. Former employees retaining company data
3. Former employees discussing company matters

Technology

1. Social networking
2. File sharing
3. Rapid technological changes
4. Legacy systems
5. Storing data on mobile devices such as mobile phones
6. Internet browsers

Hardware

1. Susceptibility to dust, heat and humidity
2. Hardware design flaws
3. Out of date hardware
4. Misconfiguration of hardware

Software

1. Insufficient testing
2. Lack of audit trail
3. Software bugs and design faults
4. Unchecked user input
5. Software that fails to consider human factors
6. Software complexity (bloatware)
7. Software as a service (relinquishing control of data)
8. Software vendors that go out of business or change ownership

Network

1. Unprotected network communications
2. Open physical connections, IPs and ports
3. Insecure network architecture
4. Unused user ids
5. Excessive privileges
6. Unnecessary jobs and scripts executing
7. Wifi networks

IT Management

1. Insufficient IT capacity
2. Missed security patches
3. Insufficient incident and problem management
4. Configuration errors and missed security notices
5. System operation errors
6. Lack of regular audits
7. Improper waste disposal
8. Insufficient change management
9. Business process flaws
10. Inadequate business rules
11. Inadequate business controls
12. Processes that fail to consider human factors
13. Overconfidence in security audits
14. Lack of risk analysis
15. Rapid business change
16. Inadequate continuity planning
17. Lax recruiting processes

Partners and Suppliers

1. Disruption of telecom services
2. Disruption of utility services such as electric, gas, water
3. Hardware failure
4. Software failure
5. Lost mail and courier packages
6. Supply disruptions
7. Sharing confidential data with partners and suppliers

Customers

1. Customers access to secure areas
2. Customer access to data (ie. customer portal)

Offices and Data Centers

1. Sites that are prone to natural disasters such as earthquakes
2. Locations that are politically unstable
3. Locations subject to government spying
4. Unreliable power sources
5. High crime areas
6. Multiple sites in the same geographical location

3 Shares Google Twitter Facebook



Related Articles



Enterprise Architecture
How to architect an organization.




Take a few minutes to learn about the Zachman Framework — a framework for Enterprise Architecture.

Enterprise Architects must choose their words very carefully.

Our guide to the ITIL framework.

Learn about common root causes of security risks.


Recently on Simplicable


Zombie Armies of The Digital Frontier

posted by Anna Mar
An quick explanation of botnets.

IT Security Guide

posted by John Spacey
A guide to information security including cheat sheets, best practices and checklists.

Principle of Least Privilege

posted by Anna Mar
A look at least privilege and need to know.

Authentication vs Authorization

posted by Anna Mar
It is easy enough to confuse authentication and authorization.

Sitemap













about     contact     sitemap     privacy     terms of service     copyright