IT Department BTEC Essay Example for Free

IT Department BTEC Essay Describe the various types of threats to organisations, systems and data P1 * Unauthorised access This category covers internal and external threats. Internal threats are things such as: Magic Disks A recovery or backup disk that has been modded to include viruses or key loggers. Man in the middle attacks People extracting sensitive and confidential information whilst posing to be a customer, or a legitimate company. Implanting Key loggers Applications designed to record key strokes and send them back to the hacker. External threats are this such as; Viruses Rouge applications designed to damage or make a system vunerable Trojans Applications designed to infiltrate a system often by posing to be a harmless file or embedded into another file. Piggybacking A term given to people who use someone elses internet connection without authorisation. This is often undertaken by logging onto an unsecured network without permission. Phishing Attempting to fool a user into believing you are a legitimate service attempting to gain sensitive information. Â  Damage to or destruction of systems or information. Damage to systems can occur when devices fail such as hard drives failing or natural disasters occurring in the workplace that could result in damaged or destroyed places. Such as: 1. Natural Disasters: This refers to what happens when data is lost as a result of natural disasters such as earth-quakes, floods, tsunamis, terrorists, fires and such. 2. Malicious Damage: This covers data that is lost, damaged, or stolen as a result of a hacker of some sort. A hacker can implant a virus onto a system in order to damage the system or simply steal data such as credit card data. 3. Technical Failure: Technical Failure covers when devices fail abruptly such a servers going down, power supply failing, hard-drives crashing ect. 4. Human Errors: is when someone makes a mistake which results in data being lost. Incidents such as people accidentally deleting files and pulling plugs and such. 5. Theft: Theft occurs when criminals gain access to an office building or other work environment and physically steal hardware and other entities that have a significant impact on the company (such as data). Â  Information security Information security refers to keeping sensitive data safe and confidential. An organisation would need to keep data complete, precise and up-to-date. Data such as bank details, blood types, addresses and other such information needs to be kept secure and confidential. Â  Threats related to e-commerce There are various security threats related to E-commerce. As websites that sell goods online rely solely on the availability and accessibility of an online store, they need to ensure the website is secure and not vulnerable to hackers. For example; Denial of Service attacks could prevent potential customers from purchasing goods and thus forth lose sales. Another example is website defacement which would also repel potential customers from buying online. There is also a threat of hackers implementing the man in the middle technique on behalf of particular online retailers which fools customers in believing the hacker is a legitimate worker of the website, this method could result in the hacker exploiting the customer and thus gaining the website a bad reputation. Â  Counterfeit goods Counterfeit goods effect creators, directors and artists as they cause a direct loss to potential income. Downloading counterfeit software, movies and music could result In a fine or lawsuit. Counterfeit goods are becoming increasingly popular as the ease of ripping DVDs, Music and Software makes it easier to access. Counterfeit goods may cause loss of business for companies. The loss of business then results in businesses having to raise prices to make up for loss of profit. Â  Organisational impact Security threats can cause loss or alteration of essential documents that the an organisation may need to function correctly. Loss of business followed by loss of income can also occur, this ultimately could result in bad reputation from potential customers. Systems going down could result in companies being unable to contact suppliers and customers. Circumstances of 4 security related threats on organisations p2 Phishing -This is the process of gaining information from someone by pretending to be a legitimate worker for a company and retrieving information for legitimate reasons. Phishing could result in customer details being leaked, distributed, and exploited. This could badly reflect on the company and lose the company business and income. Denial of Service Denial of Service is a process that involves a hacker overloading a server which results in the server being forced to shut down. This could result in loss of potential customers and thus profit. Piggybacking Piggybacking is the process of using a company internet connection without having authorisation to use it. This can severely effect bandwidth and damage company productivity. Piggybacking could result in systems lagging and becoming slow, this would result in workers being unable to do there job efficiently and at an optimised pace. There is also a threat posed by people using a companies network to browse illegal content to which the company would have to take responsibility. Man in the middle attack This is the process of being directly involved in communicating with both parties, claming to be one another. The outcome is both parties believe they are speaking to eachother, but they are actually talking to someone else. This method results in the man in the middle acquiring sensitive information such as credit card details from either party. This could result in the middle man leaking sensitive customer information such as customer addresses and more importantly; bank details. This could then result in the company getting a bad reputation or being taken to court for breaching data protection. The man in the middle could also waste company time and as a result; money. Countermeasures Implemented to reduce risk of damage to systems p3 p4 Countermeasures Vermason could implement to protect physical systems p3: CCTV This would work as both a visual deterrent to prevent thieves and vandals breaking into a building and causing damage or stealing systems and would also enable the company to keep an eye on potentially rouge employees that may steal data or embed viruses into systems. Sheilding Network Cables and Wirless Communications Data travelling via electro-magnetic or radio transmissions can be vulnerable to being remotely monitored because the copper data cable can be analysed to discover what data is travelling along the line. Fibre optic is the safest variation of network cabling and cables can be shielded to prevent data being tapped into. This would be a great countermeasure to prevent sensitive data from being leaked or exploited. Intrusion Detection Systems Systems such as proximity alarms can prevent burglars breaking into a building and can be set-up to call the police upon break-in. This works as both a deterrent; because warning potential burglars of alarms would prevent them from breaking in. And also as a countermeasure to attempt to catch anyone with malicious intent. Countermeasures Vermason could implement to protect network security p4: Backups Backups are an essential countermeasure in offices. If there was an electrical fire or other natural disaster that could result in loss of data, this would insure that all essential data such as databases the company requires to undertake work related tasks are still there aswell as contact, supplier and customer information so that they do not need to be re-acquired. Passwords Passworded systems can be implemented to secure individual workers within the company, it firstly provides an element of data security for each individual (eg; sensitive information that may be kept on a user account) and also holds each user responsible for there own actions on the computer under there own user account. More importantly; passwords ensure that only legitimate employees have access to important company files and other such potentially confidential information. Firewalls A firewall would prevent unauthorised access from outside the network. It does this by scanning data packets coming onto the computer and ensuring that they are safe, it also is responsible for actively preventing viruss such as Trojans being downloaded from the internet and onto the network computers. Installing a firewall would prevent hackers from accessing the network and stealing data or causing damage.