100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Unit 7 Assignment 1 (Distinction Guaranteed) £48.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. PEARSON (PEARSON)
  4.  
  5. Computing
  6.  
  7. Unit 7 - IT Systems Security and Encryption

Other

Unit 7 Assignment 1 (Distinction Guaranteed)

 116 views  1 purchase

Don't spend excessive time doing your coursework. Buy mine and get your distinction and save your time. Work is distinction standard

Preview 4 out of 50  pages

Document information

  • October 19, 2023
  • 50
  • 2022/2023
  • Other
  • Unknown

Subjects

Written for

All documents for this subject (38)

Seller

avatar-seller
nislam0

Content preview

IT security threats and cryptography




Table of Contents
Types of threat......................................................................................................................................3
Internal threats..................................................................................................................................3
External threats.................................................................................................................................5
Physical threats..................................................................................................................................6
Software Threats................................................................................................................................7
Social Engineering................................................................................................................................10
Computer network-based threats.......................................................................................................12
Passive Network Threats..................................................................................................................12
Active Network Threats...................................................................................................................13
Cloud Computing: Specific threats.......................................................................................................16
Information security............................................................................................................................17
Confidentiality.................................................................................................................................17
Availability.......................................................................................................................................18
Integrity...........................................................................................................................................19
Legal requirements..........................................................................................................................20
Data Protection Act 2018 - General Data Protection Regulation (GDPR).............................................20
Computer Misuse Act 1990.............................................................................................................22
Copyright designs and patents Act 1988..........................................................................................23
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations
2000.....................................................................................................................................................24
Fraud act 2006.................................................................................................................................25
Legal Liability and contractual obligations.......................................................................................26
Impact of security breaches A5........................................................................................................27
Operational impact..........................................................................................................................28
Financial impact...............................................................................................................................29
Damaged reputation........................................................................................................................30
Legal implications............................................................................................................................31
Forensic research.............................................................................................................................32
Cryptography: Securing and protecting data.......................................................................................33
Principles and uses of cryptography................................................................................................33
Digital Rights Management (DRM)..................................................................................................33
Password storage.............................................................................................................................34
Two-factor authentication...............................................................................................................35


1

, Obfuscation and steganography......................................................................................................36
Secure transactions..........................................................................................................................36
File, folder, disk encryption..............................................................................................................37
Encryption of communication data..................................................................................................37
Legal and ethical issues....................................................................................................................37
Computational hardness assumption..............................................................................................37
Methods of cryptography................................................................................................................38
Shift ciphers and one-time pads......................................................................................................38
Hash function...................................................................................................................................39
Stream and Block Ciphers................................................................................................................40
Cryptographic primitives..................................................................................................................41
Cryptographic salts..........................................................................................................................41
Encryption algorithms......................................................................................................................42
Integer Factorisation........................................................................................................................43
Applications of cryptography...............................................................................................................44
Symmetric key encryption...............................................................................................................44
Public Key Encryption......................................................................................................................45
Diffie-Hellman key exchange...........................................................................................................46
Digital certificates............................................................................................................................47
Hyper Text Transfer Protocol Secure (HTTPS)..................................................................................48
Virtual Private Networks (VPNs)......................................................................................................48
Generic Routing Encapsulation (GRE)..............................................................................................49
WIFI network encryption.................................................................................................................49
Conclusion...........................................................................................................................................50




2

,Types of threat

There are several dangers that, if they emerge, have the ability to threaten our servers and
computer systems. They consist of the following:
Internal threats




Threats which come from within the organisation are called ‘internal’. Employees may
download or upload files that are infected with malware or connect a personal device, such
as a laptop that may be infected with malware or viruses, to the organization's network or
Wi-Fi. Although the system may be put at risk by these situations unintentionally, any harm
or theft of data by employers who may be seeking retaliation for how they believe they
have been mistreated by an organisation is considered an "intentional" threat.

New city College operate a simple policy when it comes to using equipment and computers
inside of their establishment. It states that students will need to use their own devices
which are not linked to the College’s network or internet connection in order to browse the
internet privately (BYOD). Moreover, when using the colleges equipment and computers,
search is monitored to ensure that members inside of the college are not looking at
inappropriate content that could potentially pose a risk to the College. As well as the
colleges legal obligation to safeguard their students. All students sign with the agreement to
the college’s policy on enrolment to the college.



This type of system could be implemented at your
company because it would allow workers to
complete tasks using their own devices, while
signing the policy would safeguard the IT
infrastructure of the business because, if followed,
there would be no internal threat posed by worker
use of personal devices.

The unintentional disclosure of data is another example of an internal threat. This might
involve employees leaving their computers unlocked when they are not using them, making
it simple for someone to walk by and access that data as it is not restricted and has been

3

, clearly shown to them—even if the employee hadn't intended for it to happen. This type of
vulnerability also includes leaving paper documents lying around the office because there is
no password security on them, which makes it simple for someone to view data. These two
dangers may not have been intended, but they could result in data harm since the person
who discovered the material could abuse it.

Any business that deals with money, is an example of one that could be a target of such
threats; these threats would most likely take the form of fraud or theft. Employers might
attempt to take advantage and utilise the money for their own reasons if they had legal
access to the financial information. With the help of newly updated strict laws for data
processing and storage: GDPR (General Data Protection Regulation) tries to secure people's
data, including bank card information. These new regulations are intended to prevent
individuals from bypassing security measures and gaining access to people's data for illegal
purposes.




Along with the use of file sharing apps, unsafe habits including accessing suspicious websites
and using external flash storage present an internal threat. Although unintentional,
accidental loss poses a concern because the data would be lost or corrupted.




4

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller nislam0. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £48.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67232 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£48.49  1x  sold
  • (0)
  Add to cart