|
|
 |
Security
Threats
|
|
Organizations in different sectors are facing different security threats. We selected several
sectors and described their challenges in information security.
|
|
 |
|
 Manufacturing
| |
ODM & OBM
manufacturers |
OEM manufacturers |
| Challenges |
For ODM & OBM
manufacturers, they invest a lot of money in product research & development
(R&D). If product information is leaked to competitors, it will cause
inestimable results. |
In general, buyers will
provide product specs and designs to OEM manufacturers for production. The
buyers must request OEM manufacturers to use that information properly. Some
buyers even assess manufacturers?procedures and IT security system to make
sure that information is used securely.
|
| Challenges come from |
Internal
authorized users. Since they have to access sensitive information during
daily operations, they can easily copy the information to external sources,
such as USB storage devices and Internet mail. From management point of
view, these users should still access the information, but they should not
copy information out of the company if they are not authorized.
|
Examples of internal
threats
|
Engineers,
designers, salespersons, and people who have rights to read those documents. |
Examples of
sensitive documents
|
Product Specifications,
Design Drawings, ISO Documents |
Product Specifications,
Design Drawings, ISO Documents |
| Business Impacts |
- Losing company valuable
Intellectual Properties
- Losing company competitive
advantage
- Losing money
- Damage to company image
|
- Damage to company image
- Losing contracts
|
|
|
|
|
Banking & Finance
| Challenges |
For banking & finance
industry, they handle a lot of sensitive information, such as customer
information and credit card statement. That kind of information is valuable
to some industries. Unethical companies may even pay money for that
information. If that kind of information was leaked out of the company, it
could be a disaster.
|
| Challenges come from |
Internal authorized
users. Since they have to access sensitive information during daily
operations, they can easily copy the information to external sources, such
as USB storage devices and Internet mail. From management point of view,
these users should still access the information, but they should not copy
information out of the company if they are not authorized.
|
Examples of internal
threats
|
Call Center: When staff
answer enquires, they may need to access customer information. |
Examples of
sensitive documents
|
Customer information,
account profiles, transaction details |
| Business Impacts |
- Damage to company image
- Fail regulation compliance
- May cause litigation
|
|
|
|
 |
|
|
