The 10 Root Causes Of Security Vulnerabilites
posted by John Spacey, March 05, 2013There are 10 root causes of security vulnerabilities:
1. Complexity
Security vulnerabilities rise proportionally with complexity. Complex software, hardware, information, businesses and processes can all introduce security vulnerabilities.Example: Bloatware is software that has too many features. Bloatware can introduce vulnerabilities because it may have millions of lines of computer code.
2. Connectivity
Each open connection is a potential avenue for exploitation.Examples: wired internet, mobile devices, WiFi, open ports etc..
3. Passwords
Passwords are used to secure virtually everything: mobile devices, software, websites, company VPNs and enterprise software. Despite education about the dangers — many people still write passwords down, share them or give them out to websites.4. Design flaws
Design flaws and bugs in software and hardware. Example: Bugs in widely used operating systems and browsers can expose millions of businesses to significant risks. It may take weeks for vendors to develop and release security patches.
5. User input
Accepting user input by internet, phone or in person can introduce security vulnerabilities. Firstly, the data can be incorrect or even fraudulent. Second, electronically received data can be designed to attack the receiving system.Example: Buffer overflows, SQL injection
6. Management
Security is not a technical problem: it is a management problem. Organizations need to be managed with security in mind — built into processes, training and IT.7. Training
Insufficient training can introduce human errors and other vulnerabilities.Example: Management are too quick to blame human error on employees. In fact, human error can be prevented by training. Industries such as Aviation have made significant progress reducing human error through training.
8. Communication
Communication channels such as internet and telephone can open up security vulnerabilities.Example: A hacker calls a service desk to get information used to attack the company.
9. Social
Social factors are a common source of security threats.Example:
- co-workers chatting at a restaurant disclose sensitive information
- a bank teller gives information to a customer who seems trustworthy
- co-workers chatting at a restaurant disclose sensitive information
- a bank teller gives information to a customer who seems trustworthy
10. Human error
Human error is a significant source of security vulnerabilities.Examples:
- improper disposal of documents
- code deployment errors
- giving out passwords to phishing sites
- coding errors
- improper disposal of documents
- code deployment errors
- giving out passwords to phishing sites
- coding errors
Summary
|
Current state blueprints capture business, data and implementation architecture at the conceptual, logical and physical levels. |
|
What is the value of your EA project in 9 words or less? |
|
Your architecture toolkit |
|
Enterprise Architects must choose their words very carefully. |
Recently on Simplicable
| The Big List of Information Security Threatsposted by John SpaceyUnderstand the threats to your organization. |
| 8 Enterprise Architecture Risksposted by Anna MarEnterprise Architecture (EA) is supposed to help manage IT risks — but is it possible that EA itself introduces new risks? |
| Security Through Obscurityposted by Anna MarSecurity through obscurity is generally considered a bad idea ... |
|
