Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Unit 7 - P1, M1

No description
by

Ashley Relf

on 11 December 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Unit 7 - P1, M1

Malicious Damage
Counterfeit Goods
Threats Related to E-commerce
Unit 7 - P1, M1

Ashley Relf

P1- Explain the impact of different types of threat on an organisation.

M1- Discuss information security.

Organisational Impact
Internal
The threats that happen internally, can range from theft to human error or damaging the operating system.
There are many internal threats when using a computer system because not everyone who uses the system, knows how to stay safe and they may mess around with the system. Internal threats are threats that happen from inside the business for example someone could damage the operating system on the computers by using key logging. This will impact the business as they will not be able to use the computers.

Although it is internal, it can still be done externally because someone could send a harmful email and then open it on the system, because when someone opens the email then it will be a threat.


External
The threats that happen externally can vary from viruses to having data stolen or hacking.
External threats are threats that happen from outside the business. The most popular form of external damage is hacking. Hackers will use a computer outside the company because they might not get caught and once they get past the security then they can continue to steal information. This will impact the business as they may lose information and some of their data.
Access Causing Damage, E.G Viruses
A virus is a harmful attack that someone can install on a computer. If a computer has a virus then the computer system will experience many different problems. The impact that this has on the business, is that it can cause many different problems, for example one of the problems that the computer system can experience when it has a virus is loss of data, or the who computer system could stop working.

A type of risk that is like and works like a virus, is Malware. Malware is put onto the computer system by a program and is used to look at personal details, so if there are any personal details on the computer system, then they would have been looked at.
Access Without Damage E.G Phishing, Identity Theft, Piggybacking, Hacking
Identity theft is a type of malicious damage, even though it does not harm the computer system. Identity theft does not harm the computer system, because it is where someone steals someone else's identity and pretends to be them.

Hacking is where someone gains access to a protected piece of information when it is protected. the files that a hacker may look at, is personal details, customer data and hacking may cause a lot of harm to staff.

Phishing is the fraudulent action of sending emails, pretending to be from a well known company in order to persuade people to reveal their personal information such as credit card numbers and passwords.


Piggybacking is where someone will use an established wireless internet connection by using someone elses' wireless internet access service without them knowing and without their permission to use it.

The impact that this has on the business is that it may take them time to find out that they have been hacked for example as it would not cause damage to the system meaning that they might not find out that they have been hacked until they have lost loads of data.
Website Defacement
Website defacement is where someone will go onto a website and attack it, either by changing the text on the website or the appearance of it.
The people who do this, are system crackers. These people break into a web server and they replace the hosted website to one of their own hosted sites.
Defacement is like graffiti, however it has also been used to pass messages on.

The impact that this has on the business is that their website will not look as good as it was and the information on the website may be incorrect.
Control of access to data, via third party suppliers, E.G denial of service attacks
Third party suppliers are where a website will employ another company to maintain their website because they can't do it. This means that the third party will have access to the website meaning that they may be able to see user names and passwords. The business will not want the third party to have the these user names and passwords as they will not want the third party to use the data, so the business will have to control it to make sure that they can't access the data.

"Traffic" can be used to block the firewall, which will stop access to the system. Firewalls can be used to stop "traffic". This will stop people from doing work and if it is an e-commerce site that is down, then they will be losing money as none of their customers will be able to use their site.
Products at risk, E.G Software, DVDs, Games and Music
Counterfeit goods are a threat because if you have counterfeit goods, with some of them you can't tell if they are real or not. This means that you could be persuaded to buy something that you think is going to work, but when you try to use it, it won't work, for example: software, DVDs, Games and music. There is also software that can be used to download illegal files over the internet via a bit torrent. the files will be ones that people are sharing over the internet and the person using the bit torrent will download them for free. This is "Pirate" and is a form of copyright in the film and music industries.
Distribution Mechanisms E.G Boot Sales and Peer to Peer Networks.
The distribution of media files such as DVDs and music is seen as being pirate and by sharing these files is illegal. Sharing these files will result in a big fine and can cause a lot of damage to the users computers if someone downloads the files on to it, as it is illegal content. These illegal files can be downloaded by using different methods for example they can be downloaded from sharing websites using peer to peer networks and they can be downloaded off of illegal music sites. This happens by the user making a folder on their own server and then once it is on their server, they can upload it to a central server for their website that allows anybody to click on a download for free. This was made illegal because the music industry found that they were not making money as people were using these illegal site instead of going to the shops and buying them like they normally would.
Loss of Service
If some of these threats happen to the website, it will have a big impact on the website itself. An impact on the business, is that they may have loss of service. Loss of service means that no one will be able to use their website as there is no service meaning that the users will not be able to view what is on the website as they will not be able to access it. It is not just the users who will not be able to access it, but the staff as well, meaning that they will not be able to update the information on the website until they can access it again.
Loss of Business or Income E.G Through Loss of Customer Records
If some of these threats happen to the website, it will have a big impact on the website itself, for example their could be loss of business. The impact that this will have on the business, is that there would be loss of business because if they have a virus on their system, then it may cause them to lose all of their customers records meaning that they will lose business as their customers will have to create a new account with them and then fill in all of their details again however they might not want to give their details again as the website have lost them once and may lose them again so the users may not trust the website.
Increased Costs
If some of these threats happen to the website, it will have a big impact on the website itself, for example there may be increased costs. There will be increased costs because if they have loss of service, then they will be losing business and if they have lost their customer's records, then they would lose money so to make up for the money that they lost, they will have to increase their prices so they can also afford to buy better anti virus software and more protection on their system, to make sure that they are well protected and none of these threats happen to them again.
Poor Image
If some of these threats were to happen to the website, then they would get a poor image. They would get a poor image because if they lost their customers records and were not a good website, then their customers will use word of mouth to give them a bad reputation, causing them to have a poor image and not make as much money. This will affect their website because if they have a bad image, then they will not have as many people who use their website meaning that they will lose money as not as many people will trust the site with their details.
Information Security:
M1

Confidentiality
Integrity and Data Completeness
Access to Data
The information that a business has about their customers must be kept secure, so that anyone who isn't meant to see it does not see it. The members of staff who are higher up in the business like managers for example will have choose what other members of staff are allowed to view certain bits of information for security reasons. The managers will also have to choose who can update the information and who can't. Another thing that the managers have to do to make sure that the data is kept safe, is that they have to decide how often the data is checked and how often it is stored. This will help the business, because if the managers only choose a few people who have access to the information, if any data goes missing or any data gets corrupted, then the managers can easily identify who it was. The people who have been chosen to have access to this information can't use it outside the business, for example address, numbers.
A business has to make sure that the data that they have about a customer is correct, as this can cause harm to both the business and the individual who the business has wrong information about. It will affect the business because they will look bad if they have the wrong data about someone because they did not check it first before filing the data and it will affect the individual because if they business blames the individual for something they didn't do, then the individual will not be happy with the business. This means that the business has to check the data and clarify it with the individual before they save the data.
It is important that the business makes sure that they have viewed the overall access that has been used. This is important because if they review the access then they can see who has and who hasn't been accessing the data also it can be used to check how many people have access to certain bits of data. It can also be used so the business can make sure that there is not too many people who have access to the data and they are not using the data for the wrong reasons. For example if someone needs an individuals data for a short amount of time, they may be allowed it however as soon as they do not need the data anymore then the access should be taken away from them.
Comparison between integrity and data completeness and access to data
Comparison between access to data and confidentiality
Comparison between integrity and data completeness and confidentiality
The comparison between integrity and data completeness, and access to data is that access to data is where someone within the business may have permission to access a customer's data so they can see some of their personal information and integrity and data completeness is where the business will have to make sure that their customers information is all filled in so it is complete and they will also have to make sure that their customer's information is correct otherwise their customers may get blamed for something that they didn't do, because they have the wrong information for that person. They can use both of these together because if they are unsure whether the data is correct or not, then the person who has access to customer data can check to make sure that it is correct and complete.
The comparison between access to data and confidentiality is that access to data is where a member of staff from the business will have permission to be able to access the data which is different to confidentiality because if the data is confidential then people who are not allowed to access data will not be able to view the confidential data, whereas the people who can access the data will be able to see the confidential data as they would have been granted access to some of the confidential data. Although some members of staff will have access to some pieces of confidential data, they will only be allowed to access the data when they are at work and they will not be allowed to use or access the data for their own benefit.
The comparison between integrity and data completeness, and confidentiality is that confidentiality is where only certain people can see the data because it is confidential and these people are the members of staff who have been granted access to certain pieces of data, whereas integrity and data completeness is where the data that the customers give the business has to be correct before it is saved to their database and it also has to be complete otherwise the business will have incorrect information about their customers and then their customers may be blamed for something that they didn't do if they think that it is them because of their incorrect data.
Full transcript