BTEC IT Organisational Systems Security - outline of potential threats to an online business.

Authors Avatar by jamie9481gmailcom (student)

Crimson Permanent Assurance IT Security Report

I am writing this report to outline the potential threats that your growing business may face.

Technical failure: Although computer technology has become increasing reliable, there may come a point at which a piece of hardware may fail. As you have 30 personal computers based in your business any downtime caused by one of your systems failing could cost your business dearly, especially if one of your 3 servers fails, this could result in a loss of revenue, customer service, a loss of important data may also cause you to lose revenue and may result in increased cost to get that data back, furthermore increased costs will result due to the need to replace the failed hardware.

Human errors: At some point this will arise in your business, forgetting to backup important data may not present immediate damage but when this backup data is required the impact on your organisation may be severe when it could have been needlessly avoided. Ignorance in regards to security, where for example an employee does not realise the consequence of their actions such as leaving a computer logged in while they go to lunch is a threat as this makes it easy for an unauthorised personnel to gain access to the systems or network, when again it could have been easily avoided. Also even security conscious individuals who are competent and not ignorant may succumb to the threat of phishing and identity theft by the use of social engineering. Finally, in an organisation where an employee may fear making a mistake, the employee may make matters worse by attempting to cover up or not mention the security issue that has arisen.

Theft of equipment: The theft of a physical system or piece of hardware may result in the technical failure of one of your systems, servers or entire network and so needs to be mentioned. The consequences of theft could be dire for your organisation as the result could be long-term financial damage, commercial damage, the inability to track business, increased costs due to the need to replace the stolen equipment or even loss of business due to loss or service or a loss in customer confidence. Furthermore increased costs may be incurred due to legal action if sensitive data is stolen.

Malicious damage: This is defined as the deliberate and intentional harming of property. There are several forms of malicious damage that your business systems may face which I will outline below.

Internal:

This means that the damage has come from within the organisation itself, usually from an unhappy employee. Unfortunately you cannot trust all the people using your network or systems.  It may include breaking or vandalising your systems or it may be deleting, altering or making sensitive or embarrassing business data public.

Join now!

External:

This means that damage has come from outside the organisation. This may still come from an unhappy employee but it may also be by someone looking for self-gain or satisfaction or even a competitor company. These threats may include but are not limited to, virus attacks, phishing and identity theft, forging data, hacking, theft and industrial espionage.

Access causing damage:

If someone gains unauthorised access to your systems or network, the way in which they achieve this may cause damage to data or restrict system and network resources. There are several ways in which this could be achieved.

        Viruses: ...

This is a preview of the whole essay