Unit 7: P1, P2, P3, M1, M2 & D1

Unit 7 

P1: Explain the Impact of Different Types of Threat on an Organisation

Malware Attacks

Malware is software that is designed to disrupt computer systems. It also has the ability to gather sensitive information off the user’s computer. The impact malware attacks have on a business is that details of the business could be compromised and also has the ability to restrict the employees/customer access to their account. Malware could come from emails, files or USB memory sticks, where once it’s opened or inserted the malware will then spread on to the computer system and start to disrupt the system without the users being aware of it. The consequence a user and business will have is that they could lose data, data being compromised, lose trust from customer/users and also affect their reputation, as the users will experience what a malware attacks is capable in doing. Malware attacks affect the customers, as the malware attacks have the ability to compromise the customer’s details. Malware attacks could also limit the access or not allow the customer/user access to their account; this will affect the user if they are at work and are trying to access their work. For example information business plans could be leaked and customer details.

Internal

The internal data threats to a business are deleted data, leaked data, data corruption, theft, human error, terrorism, rouge employees and email threats. All these threats could happen by the user inserting a USB memory stick to the system which could have stored malware, the malware will then spread throughout the system or employees who feel that they are not being treated fairly or getting paid enough on the job they are doing. If any of these data threats happen the consequences the business will have are that, users of the system will lose trust in the business and will also affect their reputation, as their users will inform others that the systems the business uses are not secure. The data on the organisation system could be deleted and information about organisation, customer and users could be leaked out to other business or to people who are not related to the business. For example in 2011 PlayStation Online server went down due to users PSN accounts were hacked by group of hackers. A number of the user’s credit card details were stolen and some users account was deleted.

External

The external data threats to an e commerce site are data theft, website impersonation, denial of service, redirection, defacement, delete data, phishing, Trojan, spam, human error and server failure. These threats have a huge impact on the business and also the customer as both sides are being affected by the attacks.

DOS happens when the server receives too much requests at the same time, the server cannot handle this so it crashes. Data theft happens when a group of people impersonate an e commerce website to steal customer’s information. Redirection is when the e commerce website is redirected to another website which could be storing viruses. The virus from the website could spread on to the user’s computer and cause damage their computer. These threats could happen from rival e commerce sites or from a group of people who like to cause problems.

Threats to Ecommerce Site

Ecommerce site store a lot of information on their servers about their customer’s details, these data could be compromised if malware attacks the system. The malware attacks that could happen to ecommerce sites are data theft, impersonation, DOS, redirection etc. Data theft is when customer’s information on ecommerce site is stolen. The information stolen is likely to be details about the customer’s credit card. Impersonation is when websites attackers create a mirror copy of the ecommerce site, which they use to fool the customers in to typing their login details into the impersonated website. DOS (denial of service) is when the server receives too much requests at once causing the servers to crash. This will cause the ecommerce site to crash and not allowing the customers access to their accounts or to purchase or sell items on the website. The consequences the ecommerce sites will have is that their reputation will be affected causing the ecommerce site to lose customers, ecommerce sites income will also be affected as well because of the downtime and repair. These attacks on ecommerce site can happen a number of ways. They can happen by attacks are not from the organisation who are trying to gain the information about the customers of the ecommerce sites. It could also be caused by rouge employees, who may not be treated well or are not being paid enough for the job they are doing.

Hardware

The internal threats to hardware are damage during installation, theft or natural disasters. Damage during installation is when computer components fail or is damaged during an upgrade or installation of a component. Theft can occur from within an organisation by rouge employees who may not agree with the organisation on how they are being treated. Natural disasters can happen at any time. Natural disasters are likely to occur in areas of the country that are affected by the weather a lot. For example south of Wales are affected by floods every year, so organisation there must be aware of the impacts it will cause them if they do not take action. The consequence business will have if they do not take action to these issues are that it will impact their profit, as they will need to pay for extra employees to help them with repairs.

Software

The internal threats to software are theft, technical fault and copy right software/counterfeit. These threats can occur at any time. Theft of software could involve a rouge employee or security issues where the documents and files could be stolen.

• Copy right software/counterfeit
• Theft
• Technical Fault
• Human Error 

M1: Information Security

Confidentiality - Organisation that have customer’s details must keep the information safe and secure, so that unauthorised person cannot get access to the information. The employees who deal with this data must talk about this information with anyone outside of the organisation or within. The employer will also chose who is responsible for updating the information and who can't. They can also check how often the information has been check, this helps the organisation as they can employ fewer people to deal with the information. If the information is tampered with or goes missing the employer can easily identify the employee who is responsible for it. Businesses which fail to follow the confidential rule will have be affected by this, as the employees within the business, will be free to do what they like with the information they work with. Rouge employees can use the information they gather about people to their advantage. This will also affect the person who’s personal details are be used for other things. For example if employees within banks use customers information for their benefits, will not only impact the customer and it will also have a huge impact on the bank. Their reputation of the bank will have a huge impact as they will be known by the public for employing rouge employees. Customers will not trust the bank again to store their money. 

Data integrity - Organisation need to make sure all the data they have about their customers is correct, as it can cause problems later to both the business and the customer. The organisation reputation will be affected because people will think they store wrong information about their customers. It will also affect the customer as they could be blamed for something they had nothing to do with. The organisation must clarify that the information the customers have provided them is correct. For example if banks have wrong information their customers, the customers may be charged with things they should be charged for. Organisations who do not follow the data integrity rule will be affected hugely and also the person whose information is incorrectly stored in the organisation. The incorrect information stored on the system can cause a lot of problems. for example if a hospital has the incorrect information about their patient, the doctors and nurses will not be aware of this and could provide the wrong medicine to the patient which can lead on to other issues. The organisations reputation will be affected as the public will be aware that the organisation is storing incorrect information about their customers on the system, which is causing a huge mix up.

Access to data - It is essential that organisations make sure that they have viewed who has accessed certain data on the system. They can uses this to identify who has and hasn't been accessing the data and also check how many people have viewed the data. Organisation can also use this to give certain users access to certain data on the system and identify who is using the data for the wrong reasons. Organisation can put time limits on the data to view. for example if someone within the organisation needs a part of the data, they will be allowed to view this data for a short amount of time, once they are done with it they will not be able reopen the data. Organisations who fail to follow the access to data rule will be impacted hugely. As everyone on the system will be able to view other users data. For example employees may be able to view other employee salary on the employers account as they will have access to it, they can also make changes to the system which can later cause other threats. If one of the users on the network turns the firewall off on the network unauthorised access to the network will take place. Hackers outside of the organisation will be able to see the data passing through the network, this can be information about peoples bank details or personal information on where they live etc.

Counterfeit

Counterfeit goods are illegal copies of the original item. Counterfeit goods are unsafe as they have not been approved by manufacture, that the software is safe to use. As the software is counterfeited this could lead to loss of data or downtime as the software will have security issues which potentially could lead to other problems to the system. This can affect the organisations reputation because the user will not know that the software is legitimate and can come across issues with the software, as it has not been approved by the manufacture. For example there are windows operating systems which have been counterfeited, where they have been coded differently which could store spyware and have security breaches on the software.

P2: Physical Security

Hardware

The hardware security an organisation could use are USB/Port locks, CCTV, ID cards or by limiting access points within the organisation. USB/Port locks are used to cover the ports on a computer tower. This is so that if there are any malware on the USB it does not transfer over to the computer system, where the malware could spread throughout the system causing downtime. CCTV is security camera which records and monitors areas of a room. The security team can use the CCTVs to monitor areas of the organisation that are highly limited access. For example a shop will have CCTV cameras to prevent items from the store from being stolen. ID card is an identification card which helps other employees and security identify that you are part of the organisation, without an ID card the security has the right to not allow you access to the organisation. It can be used so that only the employees can access the building and certain areas of the organisation, employees with a high level of access will be able to access areas in the organisation that are secure. For example colleges and universities will require their students to wear an ID badges so that the staff can identify the student. This is to prevent others to access the organisation. Limiting the access points is when certain areas of the organisation can be access depending on the level of access the employee has. This can be used to store data in certain areas depending on how important the data is and only allow employees access this area if they have the right level of access to it. For example colleges/university only allows their technicians to access their server rooms.

Software

The software security organisation can use are biometrics, keyfob and swipe cards. Biometrics is technology that analyses biological data to identify someone. It can be used to access certain areas of the organisation by an eye scanner, finger print, voice recognition etc. this technology will be used mainly in highly secure organisation. For example airports have now used this technology to help them identify the person instead of using their passport photo to identify them, this is now used to faster the process. A swipe card is security card that allows the person to access areas which can only accessed using a swipe card.  This can be used to limit the access to areas of the organisation that store important data. For example colleges students will need to have swipe card to access to the college without it they will not be able to access the building.

Network

The physical network securities the organisation can place on their servers are CCTV, swipe cards, ID cards, biometrics, limit access points and using shielded cables. Swipe cards will only allow people who have the card to unlock and have access certain areas of the organisation. Organisation could use swipe cards to allow only the technicians of the organisation to access the server room. For example Banks will have areas of the organisation which can only be accessed using a swipe card this is to prevent unauthorised access to the area. Organisation can also limit the access points to certain areas of the organisation, depending on the employee’s level of access. By doing this they will be able keep their server room safe, as random people/employee cannot enter that area of the organisation. For example colleges will have limited access to areas for the students, such as the server room where only the staff will be able to access the area.

   

P3: Describe how Software and Network Security can keep Systems and Data Secure

Software

The software that can be used to keep the systems and data secure are anti-virus, complex passwords and security updates. Anti-virus software will help the computer system to identify and remove any viruses on the system. This software will prevent malware or spyware to access the computer. Having a complex password will also help the organisation to keep their systems and data secure, as it will make it harder for hackers to access the system or data. For example Apple will have will have complex password to prevent data from their system being leaked or stolen. The organisation could have regular security updates which will help the system to identify new virus that have been introduced and also preventing them to enter the system. For example Microsoft always introduces a new security update to all of their users to prevent the user’s computer being attacked by viruses. Encryption is another way in which organisation could help secure their software. Encryption encodes the data so that unauthorised user cannot read or access it. By encrypting the software the users of the software will be unable to steal the software as it has been encrypted to the system.

Network

Computer network can turn on their firewall, level of access and permission. Firewall is used to prevent unauthorised access to the network or system and keep data passing through the network secure. The organisation could also enable permission where in order to access the network you will need permission from the network you are trying to access. This prevents random people access the network. Level of access is when certain areas of the organisation will have access to the only data that they only need, however the technicians will have access to all of the data. Organisations can also use encryption to secure their data passing through the network. Encryption encodes the data passing through the network, so that an unauthorised user is unable to read or open the data which is passing through the network. For example large organisation such as banks will have encryption on their network to prevent hackers from stealing people’s bank details which is passing through the network.

M2: Encryption Techniques

Encryption is a security method which encodes a message before it is being sent out. This is so that unauthorised users cannot access this information without have permission and only the authorised will have access to the information. This method is used within organisation to keep stored information/data secure and confidential. People use encryption to change plain text into an unreadable secret. Encryption doesn't only protect confidential messages but also ensures that the message has not been tampered with while it is being sent. Decryption is when the receiver receives the message and decodes the information that has been sent to them. Decryption is only done by the private key which the users has access to.

Public & Private Key are two types of encryption key. The public key uses itself and a private key. The private key is used only on the user's computer system to decrypt the message and the public is used on the users and also the users receiving the data, this is so that the two systems communicate with each other securely. The data is encrypted during the transfer of the data. In order for the system to receive encrypted data the computer system must have a public key which will be used to receive the information. The public key is sent to everyone connect to the network however they will be unable to read the information as they will also require a private key to decrypt the information. The user who will have the private key is the user in which the message is originally intended to. The encryption works by using prime numbers, this makes it very difficult for hackers to access and makes the message extremely secure.

The sender of the message encrypts the message with a symmetric key and then encrypts that key with a public key on the receiving computer, this in orders that the message is secure. Once the message is sent through the network the receiving computer the uses the private key to decrypt the message so that is can be opened. Large organisation such as banks may uses this type of encryption technique to secure their web server however it uses a slightly different approach to secure the information. It uses a digital certificate which uses unique numbers to code the message same as public and private key, this is so that the web server in organisation can trust the source the information is coming from, this source is known as a certificate authority. This sources identifies that the sender and receiver are the correct systems which the message will be transferred from and to. It then provides them both with a public key so that the message is directly sent to the receiver and not to anyone else connected on the network.

D1: Discuss Different Ways of Recovering From a Disasters

Disaster recovery is a procedure used in organisation to recover their systems from a disaster. This protects the organisation from the effects from negative events. The negative attack can include malicious attacks on their network or computer systems, equipment failure or natural disasters such as earthquakes, floods, hurricanes etc. This procedure reduces disruption to an organisation from disasters. This will benefit the organisation as they will be able to trade with their customers.

There are many types of disaster recovery procedure. Back up, system restore point and hard drive clone.

Back up is one most common method to recover information from a disaster. This method will be introduced when the network is introduced within an organisation, technicians will regularly back up data off the network to prevent any data being lost if a disaster occurs. Organisation will back up the data off the network to an external drive which will not be located in the same building as the network and computer systems. This is so that if the main building which houses the network components is damaged, the backed up data will not be as it is not in the same building. For example large organisation such as banks will have backups of all their data stored in another area from the original data.

Restore points can also be set on the computers systems, this is similar to backup however the data is not backed up on to an external device. This method is used when the computer system becomes corrupted or stopped working, where the technician can then access the start up menu and restore the system to its previous computer function or can restart the computer to its factory settings. This method is useful for a small disaster such as single computer system failing. For example technicians within schools will commonly use this method to restore their systems to its previous computer function.

Hard drive clone copies the entire hard drive from the main computer system to another hard drive. The copied data will be stored within another system, where the copied data will be used only when a disaster occurs. The data copied will be stored in a different location to where the main computer is stored.

"note you may be asked to expand on some of the points, so try to add more to the assignment. Also remember not to copy word for word, as their are now software to check for plagiarism, when marking the assignment, try to complete the assignment your own way." [I am not encouraging you to copy this piece is here for educational purposes]