Information security refers to keeping sensitive data safe and confidential.
An organisation would need to keep data complete, precise and up-to-date. Data such as bank details, blood types, addresses and other such information needs to be kept secure and confidential.
- Threats related to e-commerce
There are various security threats related to E-commerce. As websites that sell goods online rely solely on the availability and accessibility of an online store, they need to ensure the website is secure and not vulnerable to hackers. For example; Denial of Service attacks could prevent potential customers from purchasing goods and thus forth lose sales.
Another example is website defacement which would also repel potential customers from buying online.
There is also a threat of hackers implementing the ‘man in the middle’ technique on behalf of particular online retailers which fools customers in believing the hacker is a legitimate worker of the website, this method could result in the hacker exploiting the customer and thus gaining the website a bad reputation.
Counterfeit goods effect creators, directors and artists as they cause a direct loss to potential income. Downloading counterfeit software, movies and music could result In a fine or lawsuit. Counterfeit goods are becoming increasingly popular as the ease of ripping DVD’s, Music and Software makes it easier to access. Counterfeit goods may cause loss of business for companies. The loss of business then results in businesses having to raise prices to make up for loss of profit.
Security threats can cause loss or alteration of essential documents that the an organisation may need to function correctly. Loss of business followed by loss of income can also occur, this ultimately could result in bad reputation from potential customers. Systems going down could result in companies being unable to contact suppliers and customers.
Circumstances of 4 security related threats on organisations – p2
Phishing –This is the process of gaining information from someone by pretending to be a legitimate worker for a company and retrieving information for legitimate reasons. Phishing could result in customer details being leaked, distributed, and exploited. This could badly reflect on the company and lose the company business and income.
Denial of Service – Denial of Service is a process that involves a hacker overloading a server which results in the server being forced to shut down. This could result in loss of potential customers and thus profit.
Piggybacking – Piggybacking is the process of using a company internet connection without having authorisation to use it. This can severely effect bandwidth and damage company productivity. Piggybacking could result in systems lagging and becoming slow, this would result in workers being unable to do there job efficiently and at an optimised pace. There is also a threat posed by people using a companies network to browse illegal content to which the company would have to take responsibility.
Man in the middle attack – This is the process of being directly involved in communicating with both parties, claming to be one another. The outcome is both parties believe they are speaking to eachother, but they are actually talking to someone else. This method results in the ‘man in the middle’ acquiring sensitive information such as credit card details from either party. This could result in the ‘middle man’ leaking sensitive customer information such as customer addresses and more importantly; bank details. This could then result in the company getting a bad reputation or being taken to court for breaching data protection. The man in the middle could also waste company time and as a result; money.
Countermeasures Implemented to reduce risk of damage to systems – p3 & p4
Countermeasures Vermason could implement to protect physical systems – p3:
CCTV – This would work as both a visual deterrent to prevent thieves and vandals breaking into a building and causing damage or stealing systems and would also enable the company to keep an eye on potentially rouge employees that may steal data or embed viruses into systems.
Sheilding Network Cables and Wirless Communications – Data travelling via electro-magnetic or radio transmissions can be vulnerable to being remotely monitored because the copper data cable can be analysed to discover what data is travelling along the line. Fibre optic is the safest variation of network cabling and cables can be shielded to prevent data being ‘tapped into’. This would be a great countermeasure to prevent sensitive data from being leaked or exploited.
Intrusion Detection Systems – Systems such as proximity alarms can prevent burglars breaking into a building and can be set-up to call the police upon break-in. This works as both a deterrent; because warning potential burglars of alarms would prevent them from breaking in. And also as a countermeasure to attempt to catch anyone with malicious intent.
Countermeasures Vermason could implement to protect network security – p4:
Backups – Backups are an essential countermeasure in offices. If there was an electrical fire or other natural disaster that could result in loss of data, this would insure that all essential data such as databases the company requires to undertake work related tasks are still there aswell as contact, supplier and customer information so that they do not need to be re-acquired.
Passwords – Passworded systems can be implemented to secure individual workers within the company, it firstly provides an element of data security for each individual (eg; sensitive information that may be kept on a user account) and also holds each user responsible for there own actions on the computer under there own user account. More importantly; passwords ensure that only legitimate employees have access to important company files and other such potentially confidential information.
Firewalls - A firewall would prevent unauthorised access from outside the network. It does this by scanning data packets coming onto the computer and ensuring that they are safe, it also is responsible for actively preventing virus’s such as Trojans being downloaded from the internet and onto the network computers. Installing a firewall would prevent hackers from accessing the network and stealing data or causing damage.
