Unit 7

Possible Threats

There are many different threats that can be harmful to a company’s computer system. They can be internal, like Viruses, or External, like Acts of God.

Here is a list of just a few threats that could compromise or potentially wipe out a company’s IT systems:

• Magic Disk Tactics - This is one disk can override all passwords on an operating system
• Key Logging - This tracks all key presses on a keyboard. It is used to find out passwords and account details and can be un-noticed for a long  period of time
• Trojans - These work by hiding in files, like installation files, and infecting the system once the file is opened or installed
• Worms - This is a program that has the ability to copy itself from machine to machine. An example of a worm is Code Red which hit the headlines in 2001. More information here: http://bit.ly/1oJhyfE
• Hurricane
• Malicious damage from a distraught employee
• And many more...

Any one of these threats could lead a company to be compromising data of an employee or customer, which would be against the Data Protection Act and could lead to prosecution, or damage to hardware, which would mean the company would have to pay for new hardware. This is just some of the potential problems that could be apparent if these types of threats could happen

Site Referances

http://www.westfordcomputer.com/images/virus-detected.jpg - Virus Picture

http://watermarked.cutcaster.com/cutcaster-photo-100268975-Data-corruption.jpg - Corruption Picture

Threats to E-Commerce

 There are different types of threats that relate to e-commerce. Some include website defacement, which can create a bad image for the company because it shows that the company is not smart enough to go through the right procedures to protect their sight, which can makes customers think that they cannot secure their personal details properly. 

Another threat could be a DDoS attack. This could render a companies computer systems useless for many hours, depending on the scale of the attack and the amount of skill the technicians have.

Other types of risks could be;

• Technical failure
• This could be a power serge, damaging key components that make the whole computer systems function properly
• It could also be the malfunction of an old machine
• Human errors
• This could be an employee opening an email attachment, which could contain a virus, worm or malware. This could lead to the compromise of the data on the systems
• Theft of equipment
• This could be that the area where the equipment is kept was not secure properly and was stolen, along with all the data that was on the machine, personal or not
• This would give the company a bad image as it shows that they are not capable of keeping your data secure
• Acts of God
• This could be a flood that has made all of your systems useless
• This can be seen as a problem that may not be the companies fault but the company should have measures in place to prevent the loss of data

Security and Recovery

To protect against threats you have to use different types of security or recovery. There are 3 main areas of security; Physical, Software and Network and Encryption.

Physical

Physical security is essential for protecting against malicious damage and theft. Here are a few examples of different types;

·       Lock and Key (Low security, low cost)

·       Key code or password (Medium security, medium to high cost)

·       Biometric - Fingerprint, Retina scan, voice command (High security, high cost)

Biometric locks work by using mathematical algorithms which allocate a specific pattern which will link into your fingerprint/retinal image and this pattern will be unique to you and only you. Voice commands work by taking different samples of your voice, in different circumstances, like being ill or in different moods, so that it has a wider variable to be able to know your voice.

You can use a combination of one or more of these but the best, in my opinion, is a combination of password and biometric locks. This means if someone has found your password, they still cannot get into the secure area because they need a biometric signature, like your fingerprint and vice versa.  

Every door that may have any of your companies systems behind needs at least a lock and key. Some systems that store more precious data, like band details or even government information, may need something more sophisticated, like passcode or biometric.

Disaster Recovery

Having a disaster revovery plan, in the event of a disaster you will want to get your systems back online as soon as possible, and having one can help this.

If you do not have one, it could take days, even weeks to get your systems back online, but even if your sytems are back all the data on them is lost.

A data recovery plan should include some key aspects;

• Backing up your data regulary so that it is not lost
• Being able to buy new systems to replace damaged ones
• Hiring someone who is experienced in networking to recover any damaged aspects of your business network
• Time scale on how long this should all take
 

Encryption works by scrambling up the file into a certain pattern of code, using an algorithm, which can only be decrypted by someone with the algorithm us