IT Security Threats to Users and Businesses.

Threats

Unauthorised access:

Internal & External

There are many internal and external threats when using a system, because not everyone using the system is reliable and may choose to mess around with it and change things. E.g. the types of external threats are things like virus attacks hacking and data theft. And the types of internal threats are things like magic disks and key logging to damage your operating system from use within your system.

Access causing damage to data or jamming resources e.g viruses

People can access software and cause a lot of damage if they are harmful. This is gaining unauthorised access, and by doing this they can damage the data and jam resources to stop people using them, this is ristricting the user from using the software. This may go unnoticed by the user as they wont know what has been changed, even so its still an impact on the system.

Accessing systems or data without damage;
e.g phishing, identity theft, piggybacking, hacking

Some of the threats can go unnoticed because of the way people choose to threaten your system, examples of these could be phishing were the purpose of this is to try and lure you into giving away information like contact details away. This can be done in many ways which are evolving all the time as its a recent threat that try's to get unauthorised access. A way in which phishing can be done is that an e-mail might be sent to you saying they are a friend that you knew a long time ago in school, and would like to find out where you live etc. There is also hacking where people try to access your PC and get information usually when the network traffic is corrupted, and piggybacking can usually be performed when there is a save communication but with that is a harmful virus that will try to attack. Identity theft is where another e-mail could be sent to you e.g. from your bank saying you need to update your details and you will have to click a link to type in your details. Where this is then a bogus site and your giving your details striaght to the criminal.

Damage to or destruction of systems or information:

Natural disasters

Damage can be caused to systems through natural disasters and can cause things from floods to fires and power loss. This means that the systems should be able to cope with extreme disasters, things that can be done are using remote storage of data and backing up the files everyday so that you always have a copy. You have to make sure that you have your data save and secure for if and when these disasters strike.

Malicious damage (internal and external causes)

Malicious damage is unpredictable and therfore cant really be prepaired for but means that the ...

This is a preview of the whole essay

Malicious damage (internal and external causes)

Malicious damage is unpredictable and therfore cant really be prepaired for but means that the employer will have to be careful and think about who he is employing. The damage can be caused if a disgruntled employee is getting revenge on the business afater receiving bad news from them or getting an unsatisfactory pay rise. There are security services that can be used but if the employee's are knowledgable about the system and computers they will find a way to cause damage perhaps to the business building or internally to the system.

Technical failures

Another threat is technical failures because it can be a risk even with the technology becoming more realiable. A technical failure could mean a loss for the business. Anything from an internet connection not working to servers not working can leave not only the business but also the individual worker restless as many things now get completed over the systems, so any failure would distrupt this.

Human errors

Human errors can cause many system failures such things as lack of knowledge, ignorance and forgetfulness can all play a part in the way human errors occur. Things like forgetting to back-up data or not putting data in a secure located place can all big mistakes to the business if anything was to go wrong and someone had forgetten to back-up the data. It also could be a big mistake if for example someone hadn't had the knowledge of a netowrking system and therefore hackers have found a way in to harm the system. These errors could all be stopped if people knew what to do or concentrated more.

Theft

Theft can play a big part in the system security in both the long term and the short. Reason being that if data is stolen either by cd/dvd disk, usb memory stick or even the computer being stolen and the possible risk of computer hacking, then the information on it can get out to people they wouldnt want to have. The long term damage is that any rival business/competiter could gain acess to this information, and also if word gets out, the customers wouldnt likely be too happy that their customer information is out there aswell for anyone to get hold off and most likely wont do business with them again. And the short term damages being just as bad, because if the business cant track where the data is or get the credabilty back within the business it could get shut down completely with the business not being able to function without its data and financial figures to work with if they have no back-ups.

Information security:

Confidentiality

The information will have to be kept secure so that the information doesnt get seen or put into the worng hands. The higher people in the business like managers will have to choose who see's the information and who doesnt also which of those people can update the information. Also they will have to decied how often the information is stored and reviewed. By doing this it helps make life easier for the managers because there will be only a certain handful of people that have access to that information. This means if any of that information is missing or has been corrupt then the manager will know it has to be one of those people. This means that the information is confidential between these people and therefore must not be used outside of the business by the people who have access to it, e.g. address's, phone numbers, bank balance etc.

Integrity and Completeness of Data

You must make sure you have the correct data as this can cause damage to the individual of the wrong information. Also to the business itself because they will look bad for not using and handling the data right. Not using the data right means that the indivudual could get wrongly taragetted for something that they havent done. Because the wrong information got put in on the system for them. This means the data has to be checked correctly before its inputted into the system.

Availability of data as needed

It is important to make sure you review the overall access that has been used, to check who has and who hasnt been accessing the data, just so you can keep a check on how many people have access. This should also be checked so that not too many people are getting access to the data, and only have access when they need to. For instance if someone needs access to it on a short term bases, when that person leaves the access of data for them should be taken away.

Threats related to e-commerce:

Website Defacement

This can be a big disturbence in the business as once the hackers find a way in through vulnerable places like the web server, they can start to change and edit the HTML of the business website, this means changing the script this measn they can place what ever content they want on the site, including indecent images which when customers get onto the site will find horrific and wont enter the site again losing out on customers as they wont feel safe entering the business website.

Control of access to data via third party suppliers E.g. Denial of service attacks

So called "traffic" can be made to block the firewall and not allow entry to a system. Firewalls can be used to prevent uninvited traffic. This means no work can be done and it is denial of service so when an e-commerce business's system has denial of service, it means they have no income. Third party suppliers means that its not like a shop where you walk in and pay and get the produc there and then, it means that the product gets stored somewhere else e.g. like eBay. eBay is where your buying the product but ultimatley your not buying the product from them, you are buying from another user over the eBay website. Websites like eBay and for that matter Amazon act as go-between sites.

Counterfeit goods:

Products at risk E.g. Software, DVDs, Games, Music

Counterfeit goods are a treat because with them you sometimes can't tell what is real and what is fake. This means you could be led into buying something that you assume to be real e.g. DVD's and Music, but them you find out later after the perchase that it perhaps doesnt work. With technology these days there are many programmes that can convert and copy files like movies or music. These can then be made into counterfeit DVD's or Music Albums for people to buy. Also you can access and download illegal files over the internet via a Bit Torrent. This is where you can find a link to someones elses files that they are sharing over the internet and get them for free. This is none as "Pirate" and is classed as copyright from the music and film business, also counterfeit goods can be made of software programmes and Computer/Console games. When buying products you should always check the labels and packaging to see if anything seems out of place, and if buying DVD's or music CD's you should check the disc's to see if they are any different from normal ones, pirate disc can sometimes have a different unside colour to the disc, that colour being blue. Also check where your buying you're product from, checking that it's a realiable source and it is licensed etc. You just have to be careful about what you buy and where you buy it from.

Distribution mechanisms E.g Boot sales, Peer-to-peer Networks

The distribution of media files such as music and films is seen as being pirate and sharing these files to be illegally downloaded can result in a heavy fine and can cause great damage to the user who downloads them and therefore the user's who upload the illeagal content. The files can be downloaded from sharing websites that use peer-to-peer networks, which means users make folder with the content in on there own server and then upload them to a central server for the website and for anybody to pretty much click on and download for free. The most popular type of this website was Napster until it got persude by music companies and bands, saying that it was unfair for user to download content for free. When others where going to shops and buying them like you normally would. By downloading the files music companies and artist wern't getting money so it was and is bad business, but it still goes onto with a popular sharing peer-to-peer website called Torrentz and use Bit torrentz to download them. Napster is now a legitimate service for online users.