Unit 3: Security Domain Affected
Security domains
In the study of cybersecurity, we always come across the term Security domains. There are 7 security domains in total. The security domains are organization, physical access, systems, software, network, data and end-user. Each of these security domains has different threats and attacks that can be done. For this lesson, we will be covering only the domains that were affected.
User Domain
The user domain is often refer to as the weakest link in the area of cybersecurity due to the human tendency to make mistakes. The user domain was affected as many twitter employees were tricked into giving up their credentials to hackers.
Organization domain
The organization domain was affected as Twitter lacked a CISO and also ignored warnings from their employees (Robertson, Mehrotra, & Wagner, 2020) on the vulnerabilities present in their tools. Twitter also gave their staff unnecessary access to their internal tools and did not had sufficient IT security policies.
A Chief Information Security Officer (CISO) is a person that is in charge of data security and information. They ensure that companies practice the right security and governance practices to ensure the security of data and information.
What is CISO?
Data Domain
The data domain was affected as the hackers managed to use the Twitter internal tools to access and download data about some twitter accounts. This affect the confidentiality of the data as these users data has now been exposed.