Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
P1 - Explain the impact of different types of threat on an o
Transcript of P1 - Explain the impact of different types of threat on an o
Threats related to e-commerce
Unit 7 - P1/M1
P1 - Explain the impact of different types of threat on an organisation
M1 - Discuss information security
There are many internal threats when you are using a computer system because not everyone who uses the system knows how to stay safe and they may misuse the system. The threats that happen internally can range from theft to human error or damaging the operating system. Internal threats are threats that happen from inside the business, for example damage to the operating system or the computers by using key logging.
If an employee were to open and download files from an infected email and then the network will become infected.
The types of external threats that occur are things like virus attacks hacking and data theft. External damage is malicious damage infecting the system from the outside. The primary form of external damage is hacking.
The impact of this is that the hacker can bypass company computer security measures externally from a computer outside of the company. Then the hacker can then proceed to steal information or infect the company system with viruses.
Access Causing Damage E.G. Viruses
People can access software and cause a lot of damage if they are harmful. This is gaining unauthorised access, and by doing this they can damage the data and jam resources to stop people using them, this is ristricting the user from using the software.
The impact of this is that it may go unnoticed by the user as they wont know what has been changed, even so its still an impact on the system.
Access Without Damage E.G Phishing, Identity Theft, Piggybanking, hacking
Some of the threats can go unnoticed because of the way people choose to threaten your system, examples of these could be phishing were the purpose of this is to try and lure you into giving away information like contact details away. This can be done in many ways which are evolving all the time as its a recent threat that try's to get unauthorized access. A way in which phishing can be done is that an e-mail might be sent to you saying they are a friend that you knew a long time ago in school, and would like to find out where you live etc. There is also hacking where people try to access your PC and get information usually when the network traffic is corrupted, and piggybacking can usually be performed when there is a save communication but with that is a harmful virus that will try to attack. Identity theft is where another e-mail could be sent to you e.g. from your bank saying you need to update your details and you will have to click a link to type in your details.
Website defacement is an attack on a website that changes the visual appearance of the site or a web page, this is the work of system crackers who break into a web server and replace the hosted website with one of their own. Defacement is also meant like graffiti but on the web, although it also spreads messages.
The impact of this is that it can change the visual appearence of your web page, beacuse of crackers getting access to change your website and the way it looks.
Control of access to data via third party suppliers; other eg denial of service attacks
So called "traffic" can be made to block the firewall and not allow entry to a system. Firewalls can be used to prevent uninvited traffic. This means no work can be done and it is denial of service so when an e-commerce business's system has denial of service, it means they have no income. Third party suppliers means that its not like a shop where you walk in and pay and get the product there and then, it means that the product gets stored somewhere else e.g. like eBay. eBay is where your buying the product but your not buying the product from them, you are buying from another user over the eBay website. Websites like eBay and for that matter Amazon act as go-between sites.
Products at risk e.g software, DVDs, games, music;
Counterfeit goods are a threat because it is difficult to tell what is real and what is fake. This means that you could be led into buying something that you think is real when it is a copy, for example DVD's and music. This can be simple for people to do as there are many programmes that can convert and copy files such as music and movies. These can then be made into counterfeit DVD's or music album for people to purchase. Also they are able to access and download illegal files over the internet via a bit torrent. This is known as 'pirate copying' and is classed as copy right from the music and film industry, also counterfeit goods can be made of software programmes and computer/console games. When buying products you should always check the labels or packaging of the product to see if anything seems out of place, for example the information on the back of the product, when mentioning the name of the product it may be spelled differently and if buying DVD's or music CD's you should check the disc's to see if they are different to a normal CD, you are able to check this as the pirate disc can sometimes have a different unside colour to the disc, which is blue. Also it is important that you check where you are buying the product from, checking that it is a reliable source and that the product itself is licensed.
Distribution mechanisms eg boot sales, peer-to-peer networks
The distribution of media files such as music and films is seen as being pirate and sharing these files to be illegally downloaded can result in a heavy fine and can cause great damage to the user who downloads them and therefore the user's who upload the illeagal content. The files can be downloaded from sharing websites that use peer-to-peer networks, which means users make folder with the content in on there own server and then upload them to a central server for the website and for anybody to click on and download for free.
The impact of this is that when copyrighting and pirarting files, they can recieve a heavy fine for doing this. Another impact of that it can cause damage to the user that downloads the file because it is illegal content that they are downloading so as well as it affecting the person that shares the file, it also affects the person downloading it because it is an illgeal file.
Loss of service
Loss of business or income eg through loss of customer records
This is done by losing out service on Internet or telephone. This can lead to many major problems for businesses and the customer. For businesses they would loose out on ability to function their work through the Internet and also may loose out on some data if it’s from the Internet. In customer aspect the loss of service from the organisation will lead to website service down, problem with customers cannot be solved due to no connection with the server and loosing out potential money.
The organisation would have a big impact on threats or damages to the computer system, it would require some back up or information towards the customer about the organisation status. This would give an image of the organisation in poor image, as customer would expect better security to the business. It would impact the organisation's reputation from customers, by getting better security and showing better performance as it would’t impact as much as before.
As there would be damages done at organisation it would require cost to repair what has happened. The cost will significantly increase on technology and insurance, the organisation will become low on budget therefore services and goods would increase to customers. This would impact the company as they can loose out on business because of cost of replace or repairing technology and loosing out on customer due to price increasing.
Businesses will loose income, this is due to them losing customer records. By this happening this will affet the business massively, because they wont have customer information, and if a customer enquired about their record with that business, and they tell the customer that they have lost their customer records, they will then lose a customer and this will keep occuring. This will affect the business because they will not be getting any income and they will be loosing customers.
Data Completeness and Data integrity
Access to Data
The information will have to be kept secure so that the information doesn't get seen, or get in the hands of someone that has no right to have access to that piece of information. The higher the people in the business, for example the managers who chooses who has access to the information and who doesn't, also which of those people can can update the information. Also they will have to decide how often the information is stored and reviewed. By doing this, it helps make their jobs much easier for the managers because their will only be a small amount of people who have access to that piece of confidential information. This means that if any of the information is missing or if it has been corrupt then the manager will know it has to be one of those people who the manager gave access to that information. This also means that the information that the manager told his members of staff, that it is confidential between them.
Businesses must make sure that they have the correct data, as it can cause damage to the individual of the wrong information. Also to the business itself because they will look bad for not using and handling of the data in the correct way. Not using the data correctly means that the individual could get wrongly targeted for something they haven't done. Due to the wrong information that got put on the system for them. This means that the data has to be checked correctly before it is put onto the system.
It is important to make sure that you review the overall access that has been used, to check who has and who hasn't been accessing the data, this is so you are able to keep a check on how many people have the access to the data. This should also be checked so that not only too many people are getting access to the data, and only have access when they need to. For example if someone needs to have access to the data on a short term basis, when that person leaves the access of data should be taken away from them, as they are no longer in control of having access to the data.
Comparison - Confidentiality/Access to Data
The comparison between confidentiality and access to data, is that with confidentiality the information has to be kept secure so that the information doesn't get seen as the piece of information is private and not to be seen by others unless they have the access to the information. Although which access to data it is important that the business keep checking who has had access to the data. With access to data you have the right to be able to look at the data, where as with confidentiality you will have to have permission, or you will not be able to look at it at all, as the piece of information is private, but whereas access to data you will be able to read that piece of information.
Comparison - Data Integrity/Access to Data
The comparison between data completeness and data integrity is that for data completeness and integrity businesses must make sure that they have the correct data as it can cause damage to an individual, where as access to data allows you to be able to view that piece of data as you have the right to be able to access it. Data completeness and integrity must make sure that they keep the information out of the reach of others and they must make sure that the information is not wrong as it is personal, and if someone gained access to the piece of information then they can then be targeted. Access to data allows you to be able to view information about someone or something as you have the right to do so.
Comparison - Confidentiality/Data Integrity
The comparison between data completeness and data integrity is that for data integrity is that businesses must make sure that they have the correct information is correct and nothing is wrong, as that person can get targeted for the information being in-correct. Confidentiality is rather similar as the information has to be correct as well as people not having access to the piece of information. Confidentiality is when you cant have access to a piece of information unless you are granted to do so.