Complete Unit 7.1 Assignment with all the learning aims covered.
Unit Grade: Distinction
DISCLAIMER! I do not recommend copying and pasting this document for your assignment as I have been a student myself and I have uploaded this assignment to TurnItIn. If you copy paste then this might flag up ...
Threats to IT systems can come from a range of different sources; company’s
employee’s can pose risk to the security of the company by either being deliberate,
accidental or unintentional, and of course threats can come from outside of the
company too. These threats come in a variety of forms, and a number of them are
described below:
P1 Explain the different security threats that can affect the IT systems of
organisations.
Threat Types:-
Internal:-
Internal threats refer to the threats being posed by within the companies by the
company’s own employees.
Deliberate:
Revenge Attack: Angry employees who are kicked out, or behaved unjustly towards
might edit or delete some important files of the company as a form of revenge.
Furthermore, they can also post repute damaging information online.
Data theft: Employees who have access to the company’s databases (which they
often do) can steal and sell confidential data of their customers (such as the credit
card information or the names and addresses) to cybercriminals and make financial
gain out of it.
Users bypassing security controls: Employees who find some security controls very
frustrating and restrictive may find ways to bypass them which may find them
undesired results. For example, if an employee wants to play games or watch
Youtube during their lunch break might not be able to in the first place as of the
security controls in place.
Accidental:
,Accidental deletion: Sometimes employees may accidentally delete data as they
might not deem it necessary or maybe just by pure accident (such as clicking the
wrong button accidentally) and this can be a result of misunderstanding of
procedures. Although nowadays, majority of the operating systems these days have
the facility of a “recyle bin” in some rare cases some of the software applications an
organisation may use might not have this facility.
Unintentional:
Unsafe Practices: Employees may perform actions which might leave the company’s
computer systems open to risks of security attacks by cybercriminals. For example,
employees may be using USB(s) on the company’s computers which might already
have malware on it without them knowing about it.
Visiting or downloading files from an untrusted website might also lead to malware
infecting the computer systems.
External:
Threats from outside an organisation can come from a variety of sources. In most
cases, there is a financial motive and cybercriminals usually try to steal information
which can be used to obtain money (like credit card information) or to hold a
company to ransom such as by encrypting data or restricting access to services.
Sometimes an organisation’s competitors might also attack an organisation to gain
competitive advantage, or use a professional to attack the organisation, but if proved
guilty then these are surely criminal acts.
, In other cases, there is sometimes a political motive behind cyber attacks. For
example, when protest groups might attack an organisation that they disagree with
politically or on the basis of religion.
In the most extreme cases, cyberattacks can also be used as form of warfare (when
one country attacks another). Unlike traditional warfare, this form of attack has the
least risk of loss of life but the level of chaos that is caused if banking, transportation,
or other critical systems were to be disrupted or destroyed would be nothing less to
talk about. For example, the Stuxnet computer worm which is believed to have been
made jointly by the United States and Israel to attack the Iranian Nuclear
Programme. It allegedly destroyed Iran’s one fifth of nuclear gas centrifuges (which
separates nuclear materials). They attacked by targeting the Programmable Logic
controllers PLCs of Iran by infecting Microsoft Windows first and then the Industrial
system that Iran was using which was of Siemens. It worked by collecting
information on the industrial systems and then ultimately causing the fast-spinning
centrifuges to tear themselves apart. The most mind-blowing fact is that the virus
that almost caused World War III is open source and still available online!
Physical:
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller omarmahmood. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £25.49. You're not tied to anything after your purchase.