Threats to Organisations and Systems. Describe the countermeasures available to an organisation that will reduce the risk of damage to information.

Section A - Task 1 and 2

Three types of threats to organisations

Loss of revenue

Natural disasters are a threat which most businesses face. This can happen at the spur of the moment, anywhere and anytime. Floods, earthquakes

Loss of reputation
Loss of reputation is one major threat that faces every company. A good business reputation is essential if a company or organisation is to do well and become a success.
If a company losses reputation this may detract people such as users and business clients.

Industrial Espionage
This is when another company tries to look and steal at what other companies are doing , this is also know as competitive intelligence. This is usually done by someone applying for a rival company and then using their position there to give their company information about their rivals. This information can then be used for other companies gain such as stealing ideas.

Task 2 - Impact on Teign & Tow because of industrial Espionage
Other companies may want to get access to Teign & Tows data for things like future products they are planning on. Since Teign & Tow create and produce their own products which some of them are patented or patent pending. If rival companies were to get a hold of data from Teign & Tow about future products they may go about to make a similar product to rival theirs, this could cause a loss in revenue for Teign & Tow Ltd.

Task 2 - Impact on Teign & Tow because of loss of reputation

Loss of reputation could be disastrous for a company like Teign & tow; it could mean the loss of customers and business clients which could cause their business to fail. To ensure Teign & Tow keep a good reputation within their consumers they can take extra steps to ensure their data and customer’s data they keep on their systems is kept safe.

Three types of threats to data

Corruption

Data corruption refers to errors in computer data that occur during transmission, retrieval, or processing, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. When data is placed on a portable format like a USB (Universal Serial Bus) you would expect it to keep safe and make certain that the data on there will not at any harm but in some cases you would be wrong. Many USBs can corrupt themselves; certain USB styles are more in danger of braking down. USBs such as the thin mini/micro range of USBs and from my past experience these are very useless for harboring data because of the size and unreliability of it.

Many bugs and viruses can ruin whatever you have on the hard drive or any sort of storage media; this can lead to data loss.

Data loss during storage has two broad causes: hardware and software failure. Head crashes and general wear and tear of media fall into the former category, while software failure typically occurs due to bugs in the code.

Lost

like I said before with data corruption, data on a USB could be lost or misplaced very easily. The USBs and other sources of storage hold the information of every customer; including their bank details, addresses and phone numbers which all is very vital to a potential confidence trickster or a fraudster.

Deleted

Deletion of the file is one of the most common mistakes that can affect a business like PaperPlane all depending on the magnitude of the importance of the file deleted.

Many of the staff in the past for other commerce has in fact made such mistakes leading to trouble and money being spent on trying to retrieve the data back.

The top reasons for deleting:

Data is Freeing the disk space
Removing duplicate or unnecessary data to avoid confusion
Making sensitive information unavailable to others

Three types of threats to system

Software failure

Common software failure is one of the most critical events to happen to the systems. A software bug is the common term used to describe an error, flaw, mistake, ...

This is a preview of the whole essay

Many of the staff in the past for other commerce has in fact made such mistakes leading to trouble and money being spent on trying to retrieve the data back.

The top reasons for deleting:

Data is Freeing the disk space
Removing duplicate or unnecessary data to avoid confusion
Making sensitive information unavailable to others

Three types of threats to system

Software failure

Common software failure is one of the most critical events to happen to the systems. A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways.

A software failure for Teign and Tow would jeopardize the system, such as the website. If the website starts to fail, this would hinder the customers’ into thinking that the website isn’t working therefore taking their custom somewhere else. Teign and Tow then lose brand loyalty.

To ensure that these events do not occur, Teign and Tow need to make sure that all the software is fully updated and in working order so it doesn’t need to jeopardize the system.

Hardware failure

Hardware is a physical fixation with the computer which con-insides with software. Hardware will eventually fail overtime which means that it might need to be replaced quite a bit. Pieces such as Disk drives, hard drives and even the fan can break ultimately.

The effect this causes on the company is a negative one, in the sense that Teign and Tow will lose money trying to replace the hardware instead of moving forward and spending money on something which would be more profiting to the company.

Network failure

Now for a large organisation such as Teign and Tow, a network failure could have catastrophic consequences. If this was to occur then the systems wouldn’t allow workers to log on or to file share.

Networks are such useful tools, in which you are allowed to use the internet, intranet and e-mail, video conferencing and accessing online reports.

If the network was to fail, this would then mean that no work could get done at all. The amount of traffic would overpower anything trying to get through.

Task 3

Hacking

This is one of the worst threats to ever happen to a business. It is such a risk that the government have introduced and kept a lot of acts involving IT. The Data Protection Act of 1998 is a great example of data trying to be protected.

Hacking would allow access to very vital information for hackers who pride themselves on stealing data for their benefit; the data could range from names, D.O.B to bank account details. Hackers can find many different ways to strike, externally they can use a physical approach for instance they would use tools to hack into the an external piece of software such as an external hard drive in extract the valuable data chips inside which then can be inputted in many different processers and other hard drives. This would be another devastating occurrence to Teign and Tow, as this would bring this business in disrepute.

The aftermath would be spent trying to comeback from this. Money would driven into combating hacking in the future which means that Teign and Tow would be spending the money somewhere else rather than using it to profit the business. This then could potentially lead to a lack of interest from the customer.

Industrial Espionage

This is a very thoughtful process used by many companies and businesses in the past to extract information. This is a where a competing business would tell their own staff to get a job at the opposing company to extract information and try to gain access to the priceless data.

This is a massive threat as this secret data could be used against the original creators, not only but the data would then be hoisted back to the opposing company via so many ways.

An external device such as a simple USB flash drive could be used, a network drive could be used if the hacker if advanced enough, a simple version would be an e-mail being sent over.

Teign and Tow can simply reduce the risk of this kind of disaster by stepping up on their security policy. Facial recognition machines and finger print scanners would be a great way to detect a fake employee, most obviously Teign and Tow would need to do a full security check on all current employees and all potential employees every so often to make sure nothing devious is taking place.

Cryptography techniques could be used as a way of tightening up on valuable data.

Section B – Implementing Security

Describe the countermeasures available to an organisation that will reduce the risk of damage to information – P3 – Task 1

Teign and Tow could take up many measures in reducing the risk of damage to data.

Data loss is a massive threat to this company; usually human error could be at fault of this. Backups are a fundamental step, there would need to be many backups to ensure that if the worst case scenario happens and the data is lost then the company have the choice of an external device to use, most common device would possibly be an external HDD.

Special steps need to be taken out on the internet as the Teign and Tow employees would use the internet on a frequent basis, internet security would also be a top priority as the companies IP address is now out in the open etc. transmitting data over the internet is an enormous risk.

Data encryption could be used as a cure for sending priceless data over the internet; this would work when one employee can send data to only one other person via encryption.

Updates need to be kept up to date as this would leave the systems very vulnerable as this now would be class as an old piece of software therefore many hackers could eventually hacker into a particular program. Not only hackers but many viruses could cause havoc which leads to useful money being spent on repairing a system or purchasing a new system.

Describe the countermeasures available to an organisation that will reduce the risk of damage to physical systems – P4 – Task 2

The physical side of computing may not seem that important at all but it is. Teign and Tow really need to maintain their physical systems in order for the systems to run with distinction. The maintaining can include tasks such as cleaning, opening up the systems and extracting the dust inside.

Computing fans are one of the most important items to be maintained, a broken fan could lead to a system overheating therefore the systems need to be checked.

The conditions are very important, the rooms in which there are servers should be kept at a cool temperature so counteract the heat being generated from the computer. In contention with the room or the environment, security would come into play as the servers would need to be secure so that not just anyone could walk in and play around.

Describe different methods of recovering from a disaster – P5 – Task 3

Disasters are one of these things that can happen at the spur of the moment, they could potentially cause major damage.

They cannot be stopped and Teign and Tow cannot move out of the way if a potentially disaster would strike but there would be many ways in which they could protect specific fields such as data. The 3 examples of force majeure would be earthquakes, floods and storms nowadays terrorism would widely come into consideration.

The same technique of backups would be the first idea to preserve the data, making sure that many copies are saved and store in more than one office, as one office could completely diminish as a result of an earthquake for example.

Explain the operation and use of an encryption technique in ensuring security of transmitted information – M3 – Task 4

Data is sent within packets, when these packets are usually sent they have no protection and the data sent can easy be translated into a format which would understandable to the hacker. This then would allow them to view, steal and/or edit the data.

However, all this data can actually be protection from the potential hacker, using encryption. With encryption data can be sent safely without anyone hacking into system and using it to their benefit.

Companies such as Teign and Tow would use this as part of their internet security to ensure that any data they send is sent safe.

Encryption works by taking the packets of data and giving it an outer coat, in more common terms it turns the data into a coded format so that anyone trying to hack into the system midway actually will find it possible.

There are two main stages within the cycle of encryption; first the data need to be locked up (encrypt) when the data reaches the other party then it needs to be unlocked (decrypted).

Now not just any Tom, Dick or Harry could receive the data and use it, there is a correct method in place to decrypt the code then translate it into simple form. The correct key or algorithm is the most important thing because without this you’ll receive information in a coded form which will not make any sense at all.

A common type of encryption is Asymmetric encryption is a secure and easy way that can be used to encrypt data that you will be receiving. It is generally done electronically. A public key is given out to whomever you want or posted somewhere for the public to see. They can then encrypt information using the key and send it to you. This is often done when writing emails. However, to decipher the encrypted code, there is another key, a private one, that only one person has. This means that while any can encrypt the data with the public key, it can only be read again by whomever has the private key.

Describe the possible security issues which exist within a given system identifying the likelihood of each and propose acceptable steps to counter the issues – D1 – Task 5

One of the worst and dangerous threats are hackers and industrial espionage. Hackers will never go away they will always find new ways to do what they do best, new security patches and updates can always be downloaded but hacking will always be at a high peak.

The best ways in which to defeat them would be to use encryption software when sending important data in which hackers will not get through to the data at all.

This would mean more capital being spent on security but Teign and Tow would have to think long term if they are to remain a successful company.

Teign and Tow policy would need a check and this check would need to be maintained every so often, this check would be for fake employees secretly working for the opposing company.

Biometrics would need to be installed; facial and finger recognition software to name a couple.

Teign and Tow would need to defiantly patch up their employment process if they are at risk of allowing a fake employee into the company to ‘work’. Special security and history checks would need to be checked before any potential employee sets foot into Teign and Tow territory, just to make clear that the employer is genuine.

Viruses and bugs are such a threat to Teign and Tow just as much as any other because these could potentially wipe out any system and the contents within.

The fundamental steps need to be taken; these would be to purchase state of the art security software for the OS and internet.

Viruses could be sent via e-mail, the same software if decent enough should wipe out any junk mail before opened.

The main problem for Teign and Tow is that if one computer gets infected with one particular bug then being that the computers are networked; all the computer will breakdown one by one of not secured properly.

Another problem is that computer viruses are closely related to human viruses in the sense that they mutate over time, so if the previous year one specific virus didn’t make it into the system, then Teign and Tow shouldn’t be that certain that their security software could fight off the same virus again, because this virus could have developed even robust. So this is why it is adamant that Teign and Tow purchase the high end top spec security software.

Human error closely relates with data loss because the main cause of data loss is conceded by a human.

Whoever has access to the data is usually the one in charge; they need to be in no doubt that the data stays out of harm’s way.

The hierarchy of Teign and Tow need to make sure that the data doesn’t go out to anyone that shouldn’t, anyone in the sense that some of the staff wouldn’t be allowed the data; the receptionist for example.

There is one event which cannot be stopped is a disaster. Teign and Tow need to plan a sustainable strategy to extract data and make copy, also keeping up to date with these copies.

If the worst case scenario occurs then what good is a longstanding copy of the data going to do; nothing, so it is very important that whoever is in charge of updating the data completes this stage appropriately.

Teign and Tow in this town would need to make sure that they keep an updated copy of their data in an alternate Teign and Tow office in another town or country all together.

This way, if an earthquake was to strike an office in London and some of the data was destroyed, hopefully then there would be a backup copy in Geneva for example.

Nowadays the main threats to Teign and Tow are floods, earthquakes and international terrorism.

Insurance is also a big factor when it would come to paying out for damages cause by these disasters, Teign and Tow need to make sure they have the correct insurance policy in place so that if they were to make a claim, the insurance company couldn’t turn around and state something out of the small print.