Chloe Holmes
Unit 7 IT Systems Security and Encryption
Assignment 1
1
,Contents
Introduction- Page 3
Security Threats- Page 4-12
Principles of information security- Page 13-18
The Impact that IT security threats have on an organisations’ IT systems
and business- Page 19-21
Reasons why organisations must adhere to legal requirements when
considering IT systems- Page 22- 24
Principles and uses of cryptography to secure and protect data- Page 25-
31
Bibliography- Page 32-33
2
,Introduction
In this report I will be educating young people on the cyber risks of bad practice and
management of personal data. I will be explaining the different type of security threats that
are both online and offline and the impact that these threats have on originations. This
report will include the principles of information security and the legal requirements and
obligations that information security has to an origination. Lastly this report will inform
young people on the principles and uses of cryptography and how encryption can help to
protect data from being stolen.
3
, Security Threats
Security threats can harm computer systems and organisations. Security threats can be
online and offline which means that there are physical risks such as someone stealing a
computer and non-physical risks such as malware/ransomware. There are many different
types of security threats these include internal threats, external threats, physical threats,
software threats, passive network threats, active network threats and cloud computing
threats.
Internal threats
Internal threats mean the danger of someone from inside the organisation misusing an IT
system that can cause damage or theft to data. Examples of internal threats are employees
damaging and stealing data/physical equipment, employees having unlawful access to
secure areas and administration functions, having faulty cyber-security, and using hazardous
practices and lastly accidental loss or exposure of data. An example of internal threats is
employees installing files from an email that contains viruses and this will affect the
organisations IT system and WIFI. Another example of internal threats are past employees
that might be frustrated with the organisation and decide to get revenge by stealing data or
physical equipment. Employee damage and stealing data/physical equipment is an internal
threat because employees have access to the organisations data and equipment. An
example of internal threats being a risk to organisations is that a hard drive that has crucial
information on it can be physically stolen from the organisation, but it can also be moved
onto a USB flash drive which then can be exploited and cloned online. However, employees
can deliberately harm organisations equipment and data by deleting the data or even by
physically harming physical equipment such as a hard drive. Unauthorised access by
employees means that employees who do not have the authorisation to connection or use a
system gains access without the knowledge of the system owner. Unauthorised access by
employees is an internal threat for organisations because employees have access to other
employee’s IT systems which can lead to getting information that they are not authorised to
have or changing other employees’ administrative functions such as changing the access
rights or deactivating network security tools. These can impact organisations because it can
lead to employees launching cyber-attacks, damaging data, and stealing data. Weak cyber
security measures and unsafe practices impact organisations because it increases the risk of
a weakness being utilised. An example of weak cyber security measures and unsafe
practices is if the organisation’s server network is left in an unsecure room which allows
people to walk in and out, it can lead to people damaging and stealing data and physical
equipment. Employees can accidentally exploit security weakness by going on suspicious
websites because computer viruses can be accidently installed which can affect the whole
organisation’s network. Accidental loss or disclosure of data impacts organisations because
it affects individuals’ rights and freedoms because it affects their clients and employee’s
personal information, and this can lead to a loss of trust between clients and the
organisation which then can lead to clients not wanting to continue with the organisation.
4
Unit 7 IT Systems Security and Encryption
Assignment 1
1
,Contents
Introduction- Page 3
Security Threats- Page 4-12
Principles of information security- Page 13-18
The Impact that IT security threats have on an organisations’ IT systems
and business- Page 19-21
Reasons why organisations must adhere to legal requirements when
considering IT systems- Page 22- 24
Principles and uses of cryptography to secure and protect data- Page 25-
31
Bibliography- Page 32-33
2
,Introduction
In this report I will be educating young people on the cyber risks of bad practice and
management of personal data. I will be explaining the different type of security threats that
are both online and offline and the impact that these threats have on originations. This
report will include the principles of information security and the legal requirements and
obligations that information security has to an origination. Lastly this report will inform
young people on the principles and uses of cryptography and how encryption can help to
protect data from being stolen.
3
, Security Threats
Security threats can harm computer systems and organisations. Security threats can be
online and offline which means that there are physical risks such as someone stealing a
computer and non-physical risks such as malware/ransomware. There are many different
types of security threats these include internal threats, external threats, physical threats,
software threats, passive network threats, active network threats and cloud computing
threats.
Internal threats
Internal threats mean the danger of someone from inside the organisation misusing an IT
system that can cause damage or theft to data. Examples of internal threats are employees
damaging and stealing data/physical equipment, employees having unlawful access to
secure areas and administration functions, having faulty cyber-security, and using hazardous
practices and lastly accidental loss or exposure of data. An example of internal threats is
employees installing files from an email that contains viruses and this will affect the
organisations IT system and WIFI. Another example of internal threats are past employees
that might be frustrated with the organisation and decide to get revenge by stealing data or
physical equipment. Employee damage and stealing data/physical equipment is an internal
threat because employees have access to the organisations data and equipment. An
example of internal threats being a risk to organisations is that a hard drive that has crucial
information on it can be physically stolen from the organisation, but it can also be moved
onto a USB flash drive which then can be exploited and cloned online. However, employees
can deliberately harm organisations equipment and data by deleting the data or even by
physically harming physical equipment such as a hard drive. Unauthorised access by
employees means that employees who do not have the authorisation to connection or use a
system gains access without the knowledge of the system owner. Unauthorised access by
employees is an internal threat for organisations because employees have access to other
employee’s IT systems which can lead to getting information that they are not authorised to
have or changing other employees’ administrative functions such as changing the access
rights or deactivating network security tools. These can impact organisations because it can
lead to employees launching cyber-attacks, damaging data, and stealing data. Weak cyber
security measures and unsafe practices impact organisations because it increases the risk of
a weakness being utilised. An example of weak cyber security measures and unsafe
practices is if the organisation’s server network is left in an unsecure room which allows
people to walk in and out, it can lead to people damaging and stealing data and physical
equipment. Employees can accidentally exploit security weakness by going on suspicious
websites because computer viruses can be accidently installed which can affect the whole
organisation’s network. Accidental loss or disclosure of data impacts organisations because
it affects individuals’ rights and freedoms because it affects their clients and employee’s
personal information, and this can lead to a loss of trust between clients and the
organisation which then can lead to clients not wanting to continue with the organisation.
4
