Essay
Unit 7.1 & 7.2: IT system security and encryption.
- Institution
- AQA
Unit 7.1 & 7.2: IT system security and encryption. Distinction grade material, 49 pages and 8k words
[Show more]
Seller
Follow
Content preview
Unit 7 – IT Systems Security andEncryption
Report on the effectiveness of techniques used to protect
organizations from security threats
Introduction
In this document I will be looking over all the different protection techniques used to defend
an IT system and will justify their uses to secure any organization. Additionally, I will be
evaluating their uses in a plan – that protects an IT system from security threats – whilst
assessing if they are effective at securing an IT system against requirements.
A1: Threat types
Internal threats:
Internal threats refer to threats that come from within your organization that can
have important information about your company and data. This can be a very
dangerous threat to a business as someone can just be paid off by a competitor for
damaging things to your company. This can include leaking customer data, posting
unorthodox and controversial statements on the company social media, etc.
Internal threats also include accidental loss. This means that an employee can
accidentally delete or leak an important piece of data that is damaging to the
company. An employee may also bring an external flash drive and download unsafe
files or upload private company files onto the internet.
This type of threat is extremely important to counteract. This is because employees
can damage your company beyond repair. The way to defend this is by making sure
employees have limited access to company data. They should also only be able to
share files with themselves from their own device using cloud software such as
OneDrive. This can also be managed by a higher-up staff so they can see the
software that has been shared is safe. OneDrive also has security threats so viruses
and trojans wouldn’t be able to be downloaded.
External Threats:
External threats are when people from outside the company threaten your business.
This can be data theft, which is when an unauthorized user from outside your
organization hacks into your company systems and accesses your data. This can be
data for anything ranging from client information to business transactions. Another
type of external threat can be somebody damaging your property and stealing your
products. As this company has a local shop the business can be robbed at closing
times when no one is around. Another type of external threats can be competitor
businesses or cyber criminals attacking your online store through ddos attacks. A
ddos (distributed denial of service) attack is when your website's server gets
flooded with so much internet traffic that users cannot access the website. This can
be devastating to a business as it can cause you to lose a TON of sales due to
people not being able to access your business.
, Unit 7 – IT Systems Security and
Encryption
This type of threat can be crucial for a business to defend from. This is because
large companies are often targets for criminals as they generate a good amount of
wealth. The way to protect your business from external threats is by making sure
your data is all protected and your websites have backup servers so if one is being
targeted the websites can still function as intended.
Physical Threats:
Physical threats refer to when your business is physically damaged. This can involve
theft of equipment. Because this business also sells locally, there is always a risk of
a criminal stealing your equipment and or products. This means you will lose
business and profit. Another type of threat is natural threats. For example, weather
is always unpredictable and sometimes it may flood, or a fire may happen. This
means that the stuff in your shop will be damaged and unusable.
Ways to defend ourselves from physical threats include locks & keys for keeping
items safe and the store inaccessible. Also, security guards, big brands tend to use
security to guard the shop at night because that is the peak time when robberies
take place. This of course costs money but is a good investment. Natural disasters
also need to be defended from. Ways to do this are by making sure your store is
physically reinforced so that floods won’t be able to break into your store, damaging
your equipment. Your store should also be fire safe. This means all exposed wires
should be covered and damaged wires should be replaced as soon as possible.
Social Engineering and software driven threats:
Often people use social engineering tactics to gain access to information they
shouldn’t have. This means that random people or competitors can use methods
(such as spear phishing which means directing a scam to a person which is harder
to notice as they are explicitly addressed to a target.) to compromise your
company. Software driven threats can be employees downloading software off the
internet that they have no idea can be a trojan or virus. This is extremely important
to make sure that it doesn’t happen as it can completely destroy your entire
business as criminals will gain access to everything.
In order to stop this from happening you must make sure you have anti-malware
and anti-virus software on your computer so that it can never be downloaded. You
should also make staff aware of social engineering techniques to make sure that
they won’t be fooled into leaking important information.
A2: Computer network-based threats
Passive threats:
, Unit 7 – IT Systems Security and
Encryption
Passive threats are a network attack and usually involve scanning a system and
ports for vulnerabilities. The purpose is to allow criminals to learn about the system
and does not take action on the system that is being targeted. Types of passive
attacks can involve analyzing traffic through a network. Eavesdropping to gain
information about the network by tapping into phone calls or unencrypted
messages. Spying which means unauthorized individuals can log into a company
employees account and check out the system.
Ways to avoid passive attacks are often hard, due to the fact they leave no traces
as they do not directly interfere with the system. This means that in order to avoid
them you must encrypt data. Only employees should be able to understand what is
being said and keep sensitive information private.
Active threats:
Active threats are when users directly interfere with data and try to alter or destroy
it. This involves attackers taking action against a targeted system. Types of active
threats include modifying messages sent between employees. Also, denial of
service (dos) which is when a network becomes unavailable due to criminals
sending too many traffic requests.
Ways to prevent active attacks are by implementing one time passwords which only
allow authenticated users to log in with one time. This means that even if the
password gets leaked to an unauthorized users, they can’t access the system. Also
firewalls and intrusion prevention systems should be in placed. This is specifically
designed to disallow intruders into the network and monitors all suspicious traffic
and block it. It also contains a trusted list of senders and receivers so messages
cannot be intercepted.
A3: Information Security
Principles of confidentiality, integrity and availability:
Confidentiality means data is only allowed to be viewed, altered or deleted by
authorized people. This means that no one that isn’t allowed to access data cannot
somehow gain access. Integrity means defending said data from attacks and
destruction. This means you must make your systems invulnerable to attacks
targeted on making your data redundant. Availability means that the data must be
available to be used and accessed by whoever is authorized at the time they need it
to be.
Unauthorized access or modification of information:
This means that people from outside the company or even within the company that
do not have access to data should NEVER be able to access it. This is so they cannot
modify information that can affect the business in a negative way. Ways to do this is
, Unit 7 – IT Systems Security and
Encryption
by implementing firewalls so illegal access will be caught and blocked. Also, by
making sure each employee account has the correct permissions and file access.
Deliberate or accidental loss of information:
Accidental loss of information can happen to anyone at any time. This means that
valuable data and information can be corrupted or deleted by a number of things
such as power cuts or computers crashing etc. Ways to stop this from happening is
always backing up work and data. You can also use cloud services such as OneDrive
which automatically saves work every time a new piece of data is added, removed
or edited. However deliberate loss of data can occur due to inside employees that
are here to damage the company and by outside competitors or criminals. Ways to
avoid this from happening is by making sure only the correct people can access files
within the company and that each individual has a background check before hiring
to make sure they are not fishy. But with people outside the company, you should
take measures to make sure that you have a sufficient firewall to disallow entry to
your company servers so they cannot tamper with data.
Intellectual property:
You must also protect intellectual property from others. This can include personal
customer/employee information such as bank accounts and employment details.
This can be stolen or damaged by people that have cruel intentions and you must
have sufficient cyber security such as anti-virus, anti-malware, firewalls etc. to
ensure access isn’t allowed to unauthorized people.
A4: Legal requirements
Data protection legislation:
Under the data protection act 2018, everyone in the UK has the right to know what
information organizations including the government, stores about you. This can
include: How your data is being used, Access to your personal data, restricting
access to your data and objecting to how your data is being used. Companies must
adhere to this legislation as breaching it could lead to severe legal implications
which can not only damage your company’s reputation but send you to prison.
Computer misuse act:
This is a law that protects users from having unauthorized access to information
that they have kept safe and private. This is a punishable by law offence and
discourages people from hacking into accounts. This must be followed and make
sure that the company blocks any unauthorized access by giving users encrypted
passwords.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ibzi. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £20.48. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
81849 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now
