Unit 7: Organisational Systems Security

Task 1 (P1)

Potential threats:

Malicious Damage:

This refers to the criminal act of intentionally causing damage to someone’s else’s property. The malicious damage act was created by the Parliament of the United Kingdom of Great Britain and Ireland in 1861 and what it did was combine previous offences related to malicious damage into a single act.

Threats related to e-commerce:

E-commerce threats simply refers to a group of crimes that involve using the internet for criminal purposes that include theft, fraud and security breaching. There are numerous e-commerce threats some are intentional and others accidental. The most common of these threats include; phishing attacks, money thefts, data misuse, hacking, credit card frauds, and unprotected services. These are all threats that can greatly affect businesses in a negative way.

Plagiarism: I used this site to help in my answer.

https://www.techgenyz.com/2017/04/05/e-commerce-major-threats-e-commerce-security/

Counterfeit Goods:

Counterfeit goods is the criminal act of creating fake products or replicas of the real thing, with the intent to trick or swindle someone into paying the full price for a fake version of the real product. This is a form of deception and if a business is caught doing this it could have great negative affect on their reputation.

Technical Failures:

A technical failure is when a piece of equipment stops functioning or doesn’t function the way it was advertised to function. Technical failures often involve machines, processes or material that are used in business, transport and communications. This could slow down or even stop the progress of a business.

Human Error:

This refers to a human unintentionally causing a mistake, which leads to an undesirable outcome. For example, a human entering a wrong digit on his password which causes him to not be able to log in. This usually involves a set of rules and someone going outside the boundaries of those set of rules resulting in an error.

Theft of Equipment:

This is the criminal act of intentionally taking equipment that you don’t own, with ought the permission of the owner and with no intention of returning it. This is usually done in order for the thief to make profit of the stolen product.

Malicious Damage:

Internal:

Malicious damage can be done both internally and externally. Internal malicious damage refers to, for example someone on the inside of an organisation or business intentionally trying to damage the business whilst pretending to work for it’s benefit. These are usually employees who use their privileges to their advantage for the purpose of damaging their employer. An example of this could be an apple employee leaking information regarding an unreleased phone to the public which causes a huge loss in sales, as it causes people to undermine the integrity of the business. Underneath is an image of an internal attack.

Plagiarism: I used this site to help in my answer.

https://smallbusiness.chron.com/difference-between-internal-external-threats-database-74165.html

External:

External malicious damage refers to an outsider intentionally trying to damage a system by either corrupting or deleting data, electronic files or software programs. It involves a hacker using computer system outside of the business or organisation to get past their computer security measures. For example, Businesses can suffer from external threats such as hackers trying to corrupt or even steal their data and they usually do this by means of hacking or virus attacks they then either release the data or threaten to do so if they don’t pay the hacker a certain amount of money.

Viruses:

A virus is a type of malicious software that is loaded onto a user’s computer by someone else and corrupts it without them knowing. For example, it can do a series of disruptive acts such as duplicating itself, entering files or programs and infecting them they can also they destroy someone’s data.

However, not all viruses are necessarily destructive although the majority are. Different viruses function differently, for example some viruses spring into action the second the code is executed whereas other only trigger when a specific event is performed. An example of this could be someone accessing an unreliable website triggering a virus. There are ways of protecting your information from viruses by using softwares such as Mcafee and Antivirus that protect your computer systems.

https://uk.norton.com/internetsecurity-malware-what-is-a-computer-virus.html

Phishing:

Phishing refers to the criminal act of trying to gain access to someone’s personal details by pretending to be from a credible source online. For example, sending them emails pretending to be from a specific bank and asking them the targeted individual to send you their bank details. Another example could be creating a fake website to trick people into giving you their personal details. Phishing is done by criminal individuals with the aim of theft.

https://www.phishing.org/what-is-phishing

Identity theft:

Identity theft also know as fraud is the criminal act of using somebody else’s personal information to obtain things such as credit or loans and so on. For example, stealing someone else’s credit card details to make an online purchase for yourself or using someone bank account to take out multiple loans.

https://searchsecurity.techtarget.com/definition/identity-theft

Piggybacking:

Piggybacking is when an unauthorized individual tag along with an authorized individual in order to gain access to a system linked to the authorized individual. An example of this is an unauthorized user piggybacking to an authorized users Wi-Fi connection, allowing him to be able to use it free of charge.

https://www.techopedia.com/definition/33160/piggybacking-security

Hacking:

The term hacking simply means gaining entrée illegally to a computer system for corrupt purposes. Hacking is performed by intelligent individuals known as hackers. Hackers have many reasons for hacking into systems such as to get private data on companies or individuals or to blackmail the victims into giving them a certain amount of money. An example of this is, a hacker gaining access to classified files of unreleased items for a company like Apple and threatening to leak that information if they’re not paid a certain amount.

Threats Related to E-commerce:

Website defacement:

Website defacement refers to a violation of a website by changing its visual appearance. This act is carried out by people known as system crackers, who gain access to web servers to change the hosted website one of theirs. An example of this is a system cracker gaining access to YouTube’s web server and changing the colour of the home page to blue.

Denial of Service Attacks:

Denial of service attacks are simply attack whereby the hacker attempts to prevent people with authorized access to a system from entering their own system. An example of this could be a hacker gaining access to your email account and changing the password to prevent you from accessing it.

https://www.techopedia.com/definition/24841/denial-of-service-attack-dos

Counterfeit Goods:

Products at High Risk

Software:

There are many things that are at risk of counterfeit goods one of them being software. An example of this could be somebody creating a streaming app and calling it YouTube and making it look exactly like YouTube but differently coded to add things such as spyware and fooling people into downloading it.

DVD’s:

DVD’s are another item that are at risk of counterfeit goods. It’s easy for someone to create a fake version of a DVD and sell it as you won’t know if it’s real until you watch it. An example of this could be someone entering a cinema and recording the movie their watching making it into a DVD and selling it to a customer knowing it’s a fake and will be poor quality for the user.

Games:

Games are also items at risk of counterfeit goods. An example of games being counterfeit good, could simply be someone coping the exact same case and cd cover for a legitimate game but putting in a fake or different CD in the case to fool someone into purchasing a fake for the real price.

Music:

Music similarly to DVD’s is at risk of counterfeit goods. This is because it’s easy to make an illegal copy of a song and share it as songs can be accessed pretty much anywhere online nowadays and get shared at an extremely fast rate, so it’s easy for someone to pirate a song. Also, it’s easy for example for someone to illegally create a counterfeit music site.

Organisational Impact :

Loss of Business:

Loss of Customer Records- There are numerous things that could lead to a loss of your business. This could happen due to a series of different mistakes. For example, loss of customer record; they could greatly affect a businesses reputation or even ruin it. This is because when losing a customer’s record it weakens the trust between the organisation and the customer, also it could lead to a series of problems for that customer, such as their record falling into the wrong hands and being used to take advantage of that customer. As well as the customer having their identity stolen.

Poor Image- This could lead to a customer taking legal action against the organisation for losing their records, which would ruin the organisation reputation and image and a business with a damaged reputation will lose a lot of customers, which means a huge loss of money. This could lead to a business being forced to shut down.

Increased Cost-

Every business or organisation that sell products all need to ensure that their products are reasonably priced according to demand. This is because for example you might be able to get away with over pricing some items such as a video game because it’s something you buy for leisure and people are willing to spend more on thing they will enjoy using. The more popular a video game is the more they will cost because there is a huge demand for it meaning people won’t be too bothered to spend a good amount of money on it. However, if you were to over price something that is a necessity in our everyday for example water bottle. Their will be a huge backlash of complaints because everyone needs water as a necessity so over pricing them would be viewed as cruel and receive massive complaints.

Information Security(M1)

Data Integrity

It’s crucial that organisations make sure that all the data received by their customers is precise and accurate. The consequences of no data integrity could be terrible in terms of effect on an organisation reputation. It’s vital that a business doesn’t submit incorrect information to what the customers have provided. Organisations that neglect to abide by the Data Integrity rule will tremendous problems for themselves as well as their customers. For example, if a private hospital failed to submit the correct data about their patient health, it will prevent the doctor from being providing them with the appropriate medication, which could majorly affect a patient wellbeing, which will lead to major issues for the hospital. Which could lead to the Hospital losing funds from not having data integrity or even worse having it shut down.

Confidentiality

For Organisation that are dealing with a customer’s details it’s a necessity that information is kept and handled safely and securely, to prevent unauthorised pupils from accessing the information. A law that must be emplaced to ensure confidentiality is employees dealing with this data mustn’t discuss with any external source from the organisation. Businesses refusing to operate correspondingly to the confidential rule will exposing themselves to a range of issues. For example, employees within the business will be free of boundaries regarding how they handle the information they’re in charge of. Rouge misuse the information they receive from their customers and the one who will suffer from it the most are the customers themselves. For example, if an employee working at a banks uses customers information for personal benefits, the banks reputation will suffer from it the most as customers will no longer trust them.

Access to data:

An organisation must keep track of what individual has accessed to specific info on the system. This makes it easier to identify the number of employees that have viewed the data as well as who specifically has accessed it. This means that if need be the organisation can find out who is using data for illegal purposes. Organisations that neglect these rules will be vulnerable to the following; employees could possible view the salaries of their colleagues

on the employers account, likewise they can alter the system which can lead to future threats. For example, the network firewall could be taken down allowing unauthorised access to the network. Allowing hackers to access that data and use it as they please.

https://unit7organisationalsystemsecurity.blogspot.com/2015/01/p1-p2-p3-m1-m2-d1.html