Information security threats in the company

Problem type

r

Whether this is mainly a creative or analytical problem

Insiders (Employees)

What do you know?

r

Factual data about the problem

Attacks are the result of employees intentionally misusing their user credentials.

Employees selling information to Media or outsiders.

Former employees who have demoted to fired within the organisation.

Former employees who thinks that accumulated data belongs to them not the organisation.

Visiting malware-laden websites

Bringing compromised USB drives or other personal devices to work

What don't you know?

r

What other information might help, but is not available today?* How would it help?* How could you obtain it?* Can you work without it?* What are the risks or consequences of not knowing?* Who else might have further information and insight?

Cybercriminals

Brokers

Cyberterrorists

Hactivists

What assumptions are you making?

r

In identifying the problem and the probability of a solution, what assumptions are you making?Assumptions can sometimes be hard to see or accept. For example, if the "problem" is that sales of a certain product are too low, you may naturally aim to increase sales. You are ''assuming'' that the market demand for this product will continue. But if the demand disappeared overnight in a storm of negative publicity, then the original problem and solution also change. So the problem and logical solution are partly based on an assumption.

Assumption

Solution criteria

r

How will you know when you have solved the problem?* What will a successful resolution look like?* How will you filter and assess potential solutions?* How will you verify that the issue has been solved?You might want to return to the solution criteria several times as you develop the definition of the problem.

By limiting each employee’s access to only the specific resources they need to do their job, organizations can minimize the impact of a breach that occurs when an employee account is misused.

Educating employees about the risk of malware can do a lot to prevent them from accidentally downloading ransomware.

Bring-your-own-device (BYOD) policies help set the ground rules and how employees can use personal devices at work. These rules can help protect a business from being compromised by unprotected personal devices.

Malware scanning software can identify potentially dangerous malware programs in email attachments and block users from downloading them in the first place.

Root cause analysis

r

For analytical problems, root cause analysis can help to unravel indirect causes of problems, leading to more effective solutions. One way to do this is to keep asking "Why?" down to five levels, to understand the reasons behind the reasons.

Cause

Cause

Cause

Cause

Cause

Impact analysis

r

Impact analysis looks at who is affected by the problem - what the consequences are, rather than the causes.

Person

Impact

Six serving men

r

"Six Serving Men" is based on Rudyard Kipling's poem, which begins:''I keep six honest serving men(They taught me all I knew);Their names are What and Why and WhenAnd How and Where and Who.''We can profile a problem and perhaps discover more about it by asking structured questions.

What?

What?

What not?

What not?

Why?

Why?

Why not?

Why not?

When?

When?

When not?

When not?

How?

How?

How not?

How not?

Where?

Where?

Where not?

Where not?

Who?

Who?

Who not?

Who not?

Analogies

r

Can you find analogies for this problem?The underlying characteristics of a problem can sometimes be clearer when it is taken out of context.

What is it like?

Be the problem

r

Be the problem is a popular technique for understanding problems. It means developing a character for the problem and describing its nature as if it were a person.

Insight

Welcome

r

Researching and describing a problem clearly is the foundation for solving it. Solutions based on incomplete research or poor descriptions can often fail to reach the root causes.This Smart Map helps you to research and describe a problem from a number of different angles. It contains a mix of factual information-gathering tools and lateral thinking techniques, to develop perspectives that can point towards solutions.You can use this map individually and in collaboration with others. It is vital to get consensus on the actual problem you are facing, otherwise there may be no consensus on the solution. Putting the descriptions together in one place helps you to explain and agree upon the basis for finding and evaluating solutions.You can delete this topic from the saved map.

Where next?

r

You can continue to develop this map without the Smart Map wizard by saving it as a normal Mindomo map.When have a comprehensive description of the problem, you can move towards finding solutions. Consider a brainstorm as a next step, using the Brainstorming Toolbox Smart Map.You can delete this topic from the saved map.