There are lots of different types of threats to systems, organisations and data. Unauthorised access is an example of a threat this is when a person gains entry to a system without the owners authorised permission.
Viruses are another threat to an organisations systems and data. Computer viruses are pieces of computer coding which creates a clone of itself that runs on the victim's computer. To gain entry to a victims computer the virus will attach itself to an essential file so that the virus is run every time the computer systems is activated. Some viruses are really malicious and can destroy files and resources to make the entire systems inoperative.
Worms are similar to viruses. Worms are also a piece of coding. To gain entry to a computer the worms are usually set in e-mails, the most malicious worms will block any anti-virus programme that attempts to recognise it. Once on a victim's computer it will create clones, maybe thousands of clones to damage files and resources of the system like a virus. If your destroy one of these, there still might be thousands left.
Get your grade
or your money back
using our Essay Writing Service!
Trojans attack in the same way as worms and viruses but unlike the previous two, Trojans do not replicate themselves, most create a "back door" as such into the victims system or send information such as passwords back to the attacker who is able to control the victims system remotely.
Natural disasters range from floods or earthquakes to power spikes or fires. Organisational security requires management of any computer system network to have a series of measures in place to cope with extreme issues.
Malicious damage to systems or data can be caused by sabotage or vandalism, but more likely to be caused electronically i.e. viruses, worms ect. In 2006 84% of all large businesses suffered incidents of malicious damage.
Human errors are somewhat inevitable. Human error can come in the form of a network manager forgetting to change the default password which will leave the door open to attackers. Or if a user is logged in to a system and forgets to sign out, which would also leave the door open to anybody.
Potential impact of the threats
Viruses can be very costly for businesses if one gains entry into their systems. The worst of viruses can gain access to the company's sensitive data which would be a disaster for organisations if the data reaches the wrong hands, if that information was about customers, the organisation would be liable to a law suit under the data protection act. Once found, a virus would also be very costly and disrupting to get rid of.
Natural disasters would be a calamity for any business big or small. A moderate too bad natural disaster would have the ability to destroy beyond repair every piece of data that a company holds, which obviously be catastrophic for a business and costs them everything. A small natural disaster wouldn't destroy everything but could still destroy valuable pieces of information and equipment like servers and databases which would hold records of everything the business has done.
Malicious damage could range from a disgruntled customer destroying one monitor which would only be a minor cost to the business, to a former employee hacking into their systems and retrieving or destroying every piece of valuable data that the company holds which as I said above, could be very, very costly to an organisation.
Human error could only be a have minimal impact on a business if for example an employee deletes a customer file; this would be easy to retrieve. But human error could have a great impact on a business if the error is great enough.
Countermeasures available to reduce the risk of damage to both information and physical systems
There are a lot of countermeasures available to reduce the risk of damage to both information and physical systems.
Lock and key security should be present in any organisation; this will protect physical assets and improve the security of physical systems.
CCTV should also be present. If there is any damage done to physical systems, there is a great chance of finding the culprit. If people do know that there is CCTV operating in that organisation via signs, posters; this might discourage people from attempting to damage systems of any piece of equipment.
Always on Time
Marked to Standard
Biometrics is a very effective way of protecting organisations from damage to physical and information systems. There are many forms of biometrics available for example fingerprint recognition, retinal scans, iris scanning, voice recognition ect. Biometrics are very costly though, so there are only used in massive organisations that have a lot to protect like banks and government buildings.
Shredding/recycling and destruction of anything with sensitive data on it, will reduce the risk of the data getting into the wrong hand s and being used or manipulated.
Having backup systems off-site will increase redundancy and reduce the risk of the organisation physically losing all equipment and data they have.
Authentication of users i.e. passwords and types of biometrics that I've have mentioned already, will protect any information systems an organisation has against damage or destruction.
Encryption is a countermeasure that can be used to protect against damage to information systems. Encryption will make anything sent to and from the organisation or anything stored in the information systems, unreadable.
Regular backups, off-site copies, contingency plans will all increase redundancy and reduce the risk of the organisation loosing important data.
Monitoring any systems inside the organisation will allow management to control anything that goes on, on there systems making it bale to prevent any damage from happening.
Sensitive data that is transmitted over a network can be protected by encryption. Encryption is the transformation of data into a form that is only readable by decryption keys. Most encryptions make decryption mathematically infeasible to understand if you do not use the decryption key. There are different algorithms to calculate encryption for e.g. DES (Data Encryption Standard) and 3DES (Triple DES). Here is an example of encryption: an internet buyer desires to purchase a product online by using their credit card. When the buyer put their credit card details and presses enter, their details will be encrypted with an encryption key which will make it unreadable to anyone, and then it is sent across a network to the company's database. The server at the receivers end decrypts the details with a decryption key which will make it readable.
Case study example
Here is a case study example to add to the help pages above.
FilmPosters.com are a company that sell movie posters to collectors via their interactive website. They have a web server which runs the website and holds details of the customers who have registered with the website and the posters that are for sale.
a) The possible security issues which exist within the FilmPoster.com system. (M1)
b) The likelihood of each of these security issues actually occurring and steps that could be taken to counter them. (D1)
Possible security issues which exist within FilmPoster.com system
Denial of service