Layanaruiz.files.wordpress.com



UNIT 7 - Organisational Systems SecurityA computer system threat is anything that can lead to corruption of data or loss or physical damage to the hardware and/or infrastructure. It's basically? a risk that which can potentially harm computer systems and organization.?Malware is a software that was designed to disrupt computer systems and collect and use sensitive information off the users computer. This could come from emails, files and USB memory stick when once its opened can spread through the whole computer without the user doing anything or even being aware. Malware attacks affect customers as they can lose their personal information and also work data, meaning that business plans could be leaked which will then affect the organisation in a loss of money.?4178935187388500E-commerce security is protection the various e-commerce assets from unauthorized access, its use, or modification. E- commerce organisations can be very vulnerable whether it is internal or external. One of the main reason for e-commerce threats is poor management. When security is not up to the mark, it poses a very dangerous threat to the networks and systems. Here is an example of where ‘the 30 most popular travel applications on both iOS and Android in August 2019, 100 percent of iOS-based apps and 45 percent of Android-based apps failed to pass the privacy benchmark, while all iOS-based apps and 97 percent of Android-based apps failed to clear the security test’.?Counterfeit Goods (Software/Hardware) can be defined as illegal copies of a product. This leaves a negative impact on the organisation. An example could be if there are windows operating system which have been counterfeited, and have been coded differently which could store spyware. Technical failures could be explained as an unwanted error which can be seen as a threat. If for example a server where to go down for 30 minutes, it means it is now vulnerable from attacks. When there are technical failures, the organisation can’t perform at that moment. This then means that they can’t work meaning they are losing money. There even was a case when ‘A $2 billion air traffic control system failed due to insufficient computer memory’? this shows a negative impact on an organisation.? Another real life example would be the most used pirate website for watching movies for free. 123movies was recently shut down, the reason is unknown however the site was illegal because it gave users the chance to watch a slew of paid-for content for free. This is a counterfeit good example as the movies/series are the illegal copies of the original. ?As well as technical failures which impact the organization there are also human failures in other words human errors. A human error is when something wrong was done unintentionally by a person, which then caused problems for the organisation.?A great example would be during a purchase, when the customer is paying and then the amount due was increased accidently, leaving the customer to pay more.?This then means a loss of money as the customer will no longer pay and the organisation now has a poor image. However I think this also falls into the malicious damage category as only the person behind the error knows if it was a genuine mistake or it was a planned error for intentional damage towards an organisation. In 2017, about 75,000 passengers went through chaotic delays as a result of human error. It turns out that an engineer disconnected the power supply, with major damage being caused by a surge once it was reconnected. British airways lost a fortune and had one of the costliest human errors in business.?IT equipment theft is a major issue for organisations. This is when actual hardware is stolen from either an office, business rooms or even small server rooms. Researchers found that ‘84% of those businesses interviewed has suffered a laptop theft, with only 3% ever recovering their equipment’.This leaves a negative impact on business as again it is a loss of money. In 2014 BBC reported that over 600 laptops and 83 iPads had been stolen over a five year period. However there are ways to prevent theft such as a security audit for the office, security doors and that equipment is always put away safe and in the same place, meaning no swaps with other staff unless given authority.??INTERNAL THREATS - these are things like; leaked data, human error, email threats, deleted data and theft. Internal threats are ones that happen from inside the business. Most of the above could happen by inserting a USB stick into the system which could contain malware and then spread through the computer without the user being aware of it.?Company staff could lose their files and this means leaked weaknesses of the network.Sometimes it actually is a staff in the organisation who purposely damages the computer system.?This causes problems as now valuable and vulnerable information can be leaked. Uber lost a lot of money because of blockbuster tech float.It made an operational loss of $3bn. Since it was founded the company has lost $7.9bn dollars in total.?EXTERNAL THREATS - these types of threats are viruses, hacking and data theft. These threats also have a really big impact as if for example there was a hacker, they can proceed to steal information or infect the computer system with viruses. The hacker can view all your files and see what you have searched too. To prevent this organisations should have really strong passwords, antivirus apps and a firewall.A serious real life example would be when Adobe got hacked in 2013.? Adobe announced that they were hacked and that personal information of 2.9 million accounts was stolen (logins, passwords, names, credit card numbers and expiration dates).??Access causing damage is when the virus has been targeted at specific programs, this can prevent you from opening the program and might redirect you to another service. This can be internal or external.? The major cause of this is if a USB with the virus was used or if an employee opened an attached file from a suspicious email. Big organisation can actually be fined for not having a secure security software in place. The impact of this is that the user won’t know what has been changed but it will still affect the system. A real example was when the NBC was hacked and infected.?Access without damage is caused by hackers mainly, who are just curious about an organisation. Most of what the hackers do doesn’t cause any harm to the computer system itself however they can take personal information from the user.?Phishing when cybercriminals try to get sensitive information from you,they try to obtain information such as, online shopping website eBay, Amazon or even your bank details. Facebook and Google, together, were scammed out of more than $100 million between 2013 and 2015 through an elaborate fake invoice scam. A Lithuanian hacker was able to accomplish this by sending each company a series of fake invoices while impersonating a large Asian-based manufacturer they used as a vendor.??Piggy backing is also used a lot. This is when someone can gain access to a network by using a legitimate users connects often when they haven’t logged out before leaving. Above are two of the most common ways of hacking. Hacking itself is when you break into a computer or network. Threats related to e-commerce:In an e-commerce business usually hackers try to break into the firewall and the internal network and by encrypting sensitive data. It can affect people’s important information or the e-commerce website itself. Real life example have been shown above.Types of e-commerce examples below:Website defacement is where hackers can illegally go on a website and modify the appearance or content of websites without permission of the actual owner. This can lead to the company losing customers as the information could have been changed and it could be incorrect or just not there. This is obviously a negative impact on the organisation.Control of access to data via third party suppliers is where a website will employ another company to maintain their website because they can't do it. This then allows other people (the third party) to have access to the website and use their data, see the information and take control of the website. However there is a way to avoid this situation, they can set up separate security that blocks the third party form certain things so they don't have all the access to all the information. DoS (denial of service) is an attack where the hackers attempt to prevent legitimate users from accessing the service. Normally, the hacker will send excessive messages asking the network or server to authenticate requests that have return addresses. The server will not be able to find the return address of the hacker when sending the authentication approval, this means the server will then have to wait before closing the connection.Counterfeit Goods are illegal copies of the original item. In business, it’s sneaky companies who make counterfeit product or a pirated version based on the original organisations product.??Product at RiskThis can be Software, meaning pirated and sold in physical formats such as a digital format such as internet. CD’s or DVD’s and also merchandise such as clothes (could be fake designer). You can download music from youtube onto your phone without needing to buy the actual song from the Itunes store. This is obviously illegal as the music industry loses money from people downloading it.Distribution mechanismsCounterfeit items get distributed by either methods;Physical stores such as flea markets.?Internet auction sites such as Ebay or Peer to Peer is a distributed application architecture that partitions tasks or workloads between anisational impact:Loss of service means no one will be able to use/access their website as there is no service. This is not just users but also the staff who use the site. This would result in a loss of customers temporarily but also for good as customers could get frustrated that the page is not working, or the gaming network is not working.Loss of business is when the organisation is having low income or none at all. For example, some customers might not want to return to the site if they weren’t able to purchase/order before.?Poor image is really negative impact as it stays with an organisation forever. These are like reviews or a bad rumour, they are always remembered and even if there are more positive than bad, people search for the bad. When buying a product you search for all reviews but focus on if the item is bad and if it works, this is just like the company. Once a poor image, less people will use the website or the rmation SecurityConfidentiality - I believe this means that in business all the users/clients information must be kept secret and secured all the time. The higher staff (highest level of access) who have access to the information are not allowed to use this access?Outside, the managers will be the only ones allowed to change the information if needed.? Making sure that the data is stored in a safe place is also very important, if it’s stored on paper it should be kept in locked filing cabinets in locked room. Making sure that the information is safe in the organisation is really important as this keeps a good image whereas for example if it was a bank and the customers details got leaked, I assure anyone that the client would never go back to that bank and would tell people an=bout it, leaving a poor image on the organisation.?Data Integrity (Data Completeness) -? This is when an organisation needs to make sure that all the clients information is all correct. This is important as if the information is incorrect it would affect the business and the customer. An ‘bank’ example could be used for this as well. If the clients details are wrong, they could be charged with things they shouldn't be or money could be transferred to someone else. Integrity means honesty and being truthful, so this rule needs to be followed by the organisation otherwise it would impact it really badly.?Access to data -? This is also very important as the organisation should only allow a few people to access the important and secret information, such as bank details. People may request data that they do not normally get access to,? if they are a bank or loan company wanting to check a credit report, this can only be requested when someone applies for credit. This means it's important to know who is accessing what and why they are using it.?----------------------------------------------------------------------------------------------------Most of my references are from these links below, as well as the powerpoint given to us.? Physical security measures that help keep systems secure.LOCK AND KEY -? this is the simplest way of preventing unauthorized access to anything. It is always important and beneficial for anyone to have their information and data secure. If your information is secured with a lock, it becomes more difficult for people without the authority to access it. Even though there are different types of locks you can find in the market Some of the most common ones are Padlocks, Dead Bolt, levers and knob locks. Most Locks now days can be really cheap which might mean that they bad quality. ?VISITORS PASSES - a visitor pass will allow a person to temporarily enter the organisation, they are most commonly used in offices, schools, colleges, organizations or companies. This is to let the security and the staff members know that they are just a visitor. visitor passes can include photos, name, reason for visit, who they are to visit and other relevant details.?38004751079500SIGN IN SIGN OUT - what this system does is it keeps track of who has entered or left the building at what certain times for security purposes. These are really helpful and useful as for example, if there was an item stolen from a specific room the security could check the system and see who entered the room and narrowdown their search. BIOMETRICS?Biometrics are a method of authentication, this is used to identify people by checking for certain characteristics. There are many types of biometric scanning systems.?Fingerprint scanning is a really useful as not one person in the whole world has the same fingerprint as another. Fingerprint scanning was created in the 1860’s but has developed that now its used to uncover many criminals and use as a password for access to certain things.?Retinal scans is an irreplaceable design where someone is identified by their eye color, the scan is very useful as no one has the same eye colour/ pattern as they are unique. This type of security system is mainly found in business areas, organizations and large companies. Retinal scans are also used in some passports now too, the technology is evolving and I think soon everyone will have an eye scan to access certain data, like for using their bank card.?Voice recognition is the most commonly used in everyday life worldwide. What this does is recognizes a person's voice which will then grant them access if that certain person is allowed for the data. As said before voice recognition is used all the time, it could be small things like if you hands are full and you want to change the song, if your phone has voice recognition installed you can simply speak into your phone and it will take it as a command to do what has been asked (changing the song) or it can be used to help air remote alcohol-testing of DUI which stands for driving under the influence of drugs or alcohol.??????Cable Shielding -? this provides protection from power and electrical nosiness which can reduce the number of false alarms being generated.? Shielding also minimizes the noise from other electrical sources. Some common types of shielding are: aluminum foil, copper taped and braided copper. 4562475508000?Guarding - this also keeps your organisation secure. Having guards is extremely useful as they can stop an intruder entering the business. Organisations that may have guards arE expensive stores, colleges/universities or any large company that might need that physical security.?P3 - Software and network securityPublic and Private Key.?There is a security certificate issued by a public website. The certificate is a public key. Then what happens is that this exchange creates a private key. ??Callbacks - Callback is a security mechanism that authenticates a user to access a network from anywhere in the world, it authenticates a user to access a network. This system is used to protect computer networks. ?Handshaking - This is used to describe the process of one computer establishing a connection with another computer or device. It is very helpful as it helps establish communication between two devices and helps check the connection.?Diskless networks is a network that is able to share its network information and files over network instead of being done by disk. Diskless computers are much cheaper than a traditional computer, they save energy and reduces overall power costs.?Use of back-ups -?Backups are really important and I think essential for any organization because they can backup important information for a user which is keeping the information safe as if the data was to be lost or stolen it would have been backuped? and saved so it wouldn't be gone forever. An example would be that for an Apple product there is the ‘icloud’ this will store the information incase of anything that goes wrong with the other versions of the documents.?Audit Log is used to keep a record of network database activity, meaning everything will be recorded,showing who has done what and when they have done it, or taken something. The purpose of an audit log is to keep track of everything that is happening in an organisation and to make sure there is a detailed record allowing them to do so.?381952594742000Fire Walls are a protective barrier around the computers that are connected to a network, allowing only authorized programs to access data. Configuring your firewall is very important as it protects all the data stored on the computer. This helps with the security as chances of unwanted virus, malware of entering the computer system is very low.? 4743450952500Virus checking software is a software to prevent the computer system from having a virus in it, so in other words an anti-virus. Virus checking software will often be already in the background of the system, which will then scan and try to catch any viruses or anything unwanted, if something is detected then the system will get rid of it before it causes any problems. There are many great Anti-virus systems you can download on the pc, such as Bitdefender Antivirus Plus 2020, Norton AntiVirus Plus, Webroot SecureAnywhere AntiVirus.Virtual Private network aka VPN is a network that uses a public telecommunication infrastructure. A great example would be the Internet, this uses remote access to provide individual users with secure access to specific organisation.??An Intruder Detection (IDS) is a type of security software designed to automatically alerts administrators. The administrators then can take the procedures that are set in place for when an intruder is trying to break into the system. Passwords are an important security feature to have, they should have a mixture of letters and numbers and also different characteristics. A weak password is not effective, this could be a birthday or a name or an easy quessable word like “password123”?Level of security/access to data is also a great security feature as it means that not everyone can view or access or change certain document/data. This is a way of limiting the access to a system. For example in a store managers would be the only ones with access to the offices with all the papers and documents.?4333875572135What Software updating does is increase the performance and efficiency of the computer. An example could be software updates on a phone, these should be done regularly as updates can include new features such as security updates or new apps.??Disaster recovery?Backing up is very important, without having your data backed up, all of your data, pictures, document, everything could delete and you wouldn't be able to recover it.?The cloud is a system where you can back up all your information meaning that if an incident were to happen and damage the system everything would still be saved for you to then recover.?Whole system replacement should be avoided at all cost. If a hacker gets into the system and spreads a virus and damages the whole system, the user has no choice but to get the whole system replaced.? THE BOXFirstly, you must go to the page and scroll down to the page till you see ‘Join Now’. Click on the ‘Join’ button which will take you to the page screenshotted below.?Once on this page you will do an Inspect element, if using Google Chrome, by right clicking on the mouse.?Copy "/js/inviteapi.min.js" and paste it into the end of the html search. After entering, a crypted code will come up. Search for JS NICE and copy the code from before into the box where on the other side the result should come out. ?Press f12, type in ‘MakeInviteCode ()’ and copy the long red data code.The next step is to search ‘Rot13’ or ‘Base64’ to unscramble the code. Once the code has been unscrambled and you are able to read it, go to your terminal and make a POST request by searching cmd in your search for your pc.?Type in curl -XPOST as shown on the image on the left the code will appear. However you still need to decode this one, you then need to go to ‘Base64’ and paste in the code.?Copy that code and go back to where you can sign up for the site.? ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download