A Report on IT Security Threats and Cryptography for IT Systems Security & Encryption Assignment 1
Distinction grade achieved
DISCLAIMER: Do not copy & paste as document has been uploaded to Turnitin
Report on IT Security Threats
and Cryptography for Toy and
Model Company
Contents
Introduction...........................................................................................................................................2
Current IT Security Threats....................................................................................................................2
Threat Types......................................................................................................................................3
Internal Threats.............................................................................................................................3
External Threats.............................................................................................................................5
Physical Threats.............................................................................................................................5
Social Engineering and Software-Driven Threats...........................................................................7
Techniques Used to Obtain Secure Information............................................................................8
Computer Based Threats...................................................................................................................9
Passive Threats..............................................................................................................................9
Active Threats..............................................................................................................................10
Cloud Computing Security Risks...................................................................................................11
Principles of Information Security.......................................................................................................11
Principles of Confidentiality, Integrity, and Availability...................................................................11
Confidentiality:............................................................................................................................11
Integrity:......................................................................................................................................12
Availability...................................................................................................................................12
Accessibility of Information.............................................................................................................12
Unauthorised Access or Modification..............................................................................................12
Principle of Minimal Access.............................................................................................................13
Deliberate or Accidental Loss of Information..................................................................................13
Legal Requirements for IT Security......................................................................................................13
Data Protection Act 1998.................................................................................................................13
Computer Misuse Act 1990.............................................................................................................13
Copyright, Designs and Patents Act 1988........................................................................................13
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations
2000.................................................................................................................................................14
Fraud Act 2006.................................................................................................................................14
,Impact of IT Security Threats on Organisations...................................................................................14
Operational Impact of Loss of Data or Service.................................................................................14
Financial Impact of Loss of Service (E-commerce Website).............................................................14
Damage to Reputation.....................................................................................................................14
Legal Consequences of Data Privacy Breaches................................................................................15
Evaluation of Security Techniques.......................................................................................................15
Cryptography and Data Security..........................................................................................................16
Uses of Cryptography......................................................................................................................16
Shift Ciphers:................................................................................................................................16
One-Time Pads:............................................................................................................................16
Hash Functions (e.g. MD4, MD5, SHA-2, SHA-3):.........................................................................16
Block Ciphers:..............................................................................................................................16
Stream Ciphers:...........................................................................................................................17
Cryptographic Primitives (e.g. Pseudo-random Functions, One-way Functions):........................17
Cryptographic Salts:.....................................................................................................................17
Encryption Algorithms (e.g. RSA, DES, 3DES):..............................................................................17
Legal and Ethical issues and considerations that are impacted by cryptography................................17
Privacy and Data Protection Laws:...................................................................................................17
Intellectual Property Rights:............................................................................................................17
Government Surveillance and Individual Rights:.............................................................................18
Cybersecurity Regulations:..............................................................................................................18
Principles of Cryptography...................................................................................................................18
Conclusion...........................................................................................................................................18
References:..........................................................................................................................................19
Introduction
IT Security is extremely important nowadays, especially for a start-up company that designs and sells
toys and models online and locally. Many security threats target businesses and this report aims to
showcase and report on different parts of IT security and threats. This is important as understanding
this can help with combatting these security threats and help with bringing good encryption or
safeguarding to the IT systems of the business.
Current IT Security Threats
, Threat Types
There are a few IT Security threats that are used by malicious people today. These include Internal
threats, External threats, Physical Threats, Social engineering, and Software-driven threats. These
threats are continuously evolving, so companies need to constantly keep watch on them to make
sure they do not affect the business.
Internal Threats
Employees of the business may deliberately or accidentally cause a threat. There could be human
error or lack of awareness where employees may expose the organisation to risks without knowing.
Employees that are upset for any reason may also intentionally steal sensitive information or
compromise the systems and some employees may abuse their access and sell sensitive information
through insider trading.
Employees may also end up becoming a victim of phishing attacks where attackers make them reveal
their login information through scam emails which will let the attackers gain unauthorised access to
their systems.
Employees can also get manipulated by other malicious employees into revealing sensitive
information or doing things that are a risk to the security of the business.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller shaquille2005. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £15.66. You're not tied to anything after your purchase.