100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
Previously searched by you
Summary A.P1 Explain the different security threats that can affect the IT systems of organisations. | UNIT 7: IT SYSTEMS SECURITY AND ENCRYPTION | BTEC Computing$8.66
Add to cart
Summary A.P1 Explain the different security threats that can affect the IT systems of organisations. | UNIT 7: IT SYSTEMS SECURITY AND ENCRYPTION | BTEC Computing
P1 Threats within an
organisation
Types of threat
There are a number of threats which, if they occur, could potentially affect our computer systems
and servers. They can be categorised as follows:
Internal threats
Threats which come from within the organisation are called ‘internal’. These can include the actions
of employees, such as downloading/uploading files – for example from email – which contain viruses
or connecting a home device like a laptop (BYOD), which could contain viruses or malware, to the
organisation system/Wi-Fi. Although these examples may cause unintentional threats to the system,
any damage or theft to data by
employers - who may be unhappy
with the way the company has
treated them and are seeking
revenge – is classed as an
‘intentional’ threat.
The John Fisher School operate a
simple policy when it comes to
‘Bring Your Own Device’. It states
that students are able to bring their
own devices (phones and laptops)
into school, providing they abide by
the rules. These include
‘understanding that bringing in devices is at their own risk, not using anonymising proxies to
circumvent security systems and understanding they have the right to search the content of any
device if there is reasonable suspicion’. This style of system could be used by your company as it
would allow employees to use their own devices to complete work, whilst signing the policy would
protect the companies system as, if followed, there would be no internal threat caused by the use of
employees’ devices.
Another example of an internal threat is the unintentional disclosure of data. This could include
employees leaving their computers unlocked when they are not present, meaning it is easy for
someone to come past and access that data as it has been clearly revealed to them as it is not
restricted - even though the employee didn’t mean for that to happen. Also included under this type
of threat is leaving paper documents lying around the office, as this makes it easy for someone to
see data as there is no password protection on it. These two threats may have been not deliberate,
but could mean data becomes damaged, as the person who found the data could destroy it.
An example of an organisation which could fall victim to such threats would be any company which
deals with money like us; this would most probably be in the form of fraud or theft. If any employers
had legitimate access to the financial data, they may try to take advantage and use the money for
their own purposes. New legislation, such as GDPR (General Data Protection Regulation), aims to
Unit 7: IT Systems Security and Encryption
, protect people’s data (including bank card details) through the strict regulations regarding the
processing and storage of data. These new rules aim to stop people from overriding security controls
and accessing people’s data for their corrupt purposes.
Unsafe practices, such as visiting untrusted websites and using external flash storage, also pose an
internal threat, along with the use of file sharing apps. Accidental loss also causes a threat as,
although it is unintentional, the data would be lost/compromised.
External threats
Threats which come from outside the organisation are called ‘external’. This can comprise of data
theft through many routes, including malware, viruses, worms, Trojan horses and spyware. When
hackers (groups or individual) gain data through these many routes they can either destroy the data
or demand a ransom (normally a large sum of
money) in return for the data.
A piece of Trojan malware, which disguised itself as
the Google Play Store, has recently been discovered
by digital security investigators. This is an example
of an external threat as it is something which has
been downloaded onto the device from outside
sources – most probably websites. It poses as a
threat as it tricks unsuspecting users into
downloading and using it, therefore letting the
malware, which is called ‘GPlayed’, steal valuable
information such as bank and location from the
phone.
Other means of external threats includes the withholding and/or disruption of systems. This
normally occurs when the organisations competitors or cyber criminals steal your data and/or use its
public release as blackmail. Governments and terrorist groups also use these techniques in order to
get the financial gain or to profit from the political publicity; whether that is for an election campaign
or propaganda.
Physical threats
It’s not only threats from inside the organisation or from the internet which could cause a threat to
our data; natural disasters or terrorist attacks could also pose a threat. Floods and fires could
damage our offices, and with it our data and computer
systems, whilst terrorist acts could destroy the offices and
premises. In the event of a natural disaster, if not totally
damaged/or destroyed, the data would be left vulnerable as
it would be easier to access – due to the damage – meaning
it would be easy for someone to steal the equipment and/or
data, as well as inflicting malicious damage to it. Other
examples of natural disasters include hurricanes and volcanic
eruptions.
In September 2018, Hurricane Florence affected areas of
West Africa, Cape Verde, Bermuda, Eastern United States
and Atlantic Canada. The estimated cost to repair the
Unit 7: IT Systems Security and Encryption
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BTECcomputingANDbusiness. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.66. You're not tied to anything after your purchase.
