USB Security Threats Information Security is a vague term used to describe any aspect of a system used either intentionally or not for protection of information systems. Although security of information systems ranges from the personnel accessing the system to the hardware and software specifically designed for security, it also includes external devices such as a Universal Serial Bus (USB) drive. The practicality of such devices make them popular for users at every level within an organization but the security risks involved with users transferring data from machine to machine quickly becomes a struggle for security and management personnel.The article written by Pfleging (2008) makes many statements regarding the security issues with USB drives some of which are analyzed below. The article, The Forgotten Security Hole: USB (Pfleging, 2008) states USBs are “potentially one of the worst security holes you have. ” Although the risks associated with transferring data from one machine to another are significant, many other inadequate security practices could have at least an equal effect such as improper disposal.
Loeb (2000) reported of a legal case in which a CIA agent allegedly “sold 25 laptop computers at public auction ‘while still containing Top Secret information on their respective hard drives. ‘” Incidents such as this could be catastrophic. Pfleging (2008) also writes how compromising confidential information “can involve privacy laws at the state and federal levels, dictating large fines. An organization’s reputation, and thereby its ability to attract new investors or customers, might be damaged or even destroyed. Any corporation with an incident such as this could easily suffer great financial losses in today’s technical and struggling economy. Swartz (2006) states, “according to the 2005 “Computer Security Institute (CSI)/Federal Bureau of Investigation (FBI) Computer Crime and Security Survey,” average financial losses from unauthorized access to data skyrocketed to $303,234 in 2004–up from only $51,545 in 2003. Average losses from proprietary information theft rose to $355,552 from $168,529.
Total losses for those two categories were about $62 million. ” Apparently, Pfleging is absolutely correct when he wrote about how costly losing confidential information could be for an organization. One of the last notes from Pfleging’s (2008) article was how the USB security “problem can be a real frustration to IT departments. ” Frustration is probably the best word he could have chosen because although the tedious task of locking down USB drives or even as reported within his article, super gluing the ports closed, USB security is obtainable.
One hundred percent protection may be a bold statement but creators of USB Disk Security 5. 1. 0.
15 (CNET, 2009) have stated “USB Disk Security provides 100% protection against any malicious programs trying to attack via USB drive” which should ease some frustrations for the IT departments whom choose to use the software. Although USB drives leave a security threat lingering for any organization whom chooses to leave them accessible, I would disagree with the notion USB drives are the single worst security hole an organization has but I do agree they have the potential.References CNET. (n. d. ). USB Disk Security 5. 1.
0. 15. CNET download. Retrieved September 12, 2009, from http://download. cnet. com/USB-Disk-Security/ 3000-2239_4-10708708. html Loeb, V. (2000, November 11).
Chat room penetrates CIA net; 160 people probed for offensive e-mail. The Washington Post. Retrieved from, http://www.
washingtonpost. com/ Pfleging, B. (2008). The Forgotten Security Hole: USB. Inc. Technology.
Retrieved September 8, 2009, from http://technology. nc. com/security/articles/200807 /USB. html Swartz, N. (2006). Safeguarding corporate secrets: after three insiders are accused ofstealing its trade secrets, Coca-Cola vowed to better protect its data.
Don’t wait for a breach to ensure your company’s valuable information assets are protected. Retrieved September 10, 2009, from http://www. thefreelibrary.
com/Safeguarding +corporate+secrets%3a+after+three+insiders+are+accused+of… -a0183551075