Scribd
Upload
77 views6 pages

Part 2 Information

The document discusses information and network security threats. It describes potential internal threats from employees, such as unauthorized access, accidental data disclosure, social engineering, and theft or damage of company devices. It recommends training employees and protecting network servers. External threats are also discussed, such as malware, viruses, Trojan horses, spyware, and worms. The document concludes by describing how anti-virus software works to detect and remove threats.

Uploaded by

Moi Erickson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
77 views6 pages

Part 2 Information

The document discusses information and network security threats. It describes potential internal threats from employees, such as unauthorized access, accidental data disclosure, social engineering, and theft or damage of company devices. It recommends training employees and protecting network servers. External threats are also discussed, such as malware, viruses, Trojan horses, spyware, and worms. The document concludes by describing how anti-virus software works to detect and remove threats.

Uploaded by

Moi Erickson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

COM4010

Introduction to Computer Systems and Security

Time Constrained Assessment

Table of Contents
Part 2 Information and Network Security.............................................................................1
Information and network security......................................................................................1
External threats....................................................................................................................3
References.................................................................................................................................5
Part 2 Information and Network Security

Information and network security

An internal security threat can be defined as a potential risk that is posed by an employee of a

company who might exploit systems in order to steal data or even damage the system (Perez,

2014). Some of the key examples of information security threats include software attacks or

threats, identity theft, theft or damage of company equipment or information. Following are

some of the potential internal risks to the company.

Unauthorised employee access

In a situation when an employee has access to particular parts of the system that they usually

don’t work with, they often have access to some administrative rights to the system. As a

result, this might lead to an individual changing system password or even physically

tempering with the network system of the company (Roy Sarkar, 2010). As such, this might

be a potential threat to the security of the company’s information.

Accidental disclosure of data

This involves a situation where, some devices that are being use by the company might be

accidentally forgotten somewhere by employees which leads to disclosure of sensitive

information (Roy Sarkar, 2010). These devices can include company laptops and mobile

phones which employees are allowed to work with them from home.

Social engineering

Social engineering involves an individual with bad or malicious intentions might pretend to

be a nice person or friend to any one of the employees. Eventually, they usually use that

opportunity to ask for or gain access to sensitive information (Roy Sarkar, 2010).

Physical damage or theft to the company’s devices


Particularly, when it comes to employees working from home, they are allowed to go with

the company’s devices which might often end up being stolen or damaged by their family

members (Roy Sarkar, 2010). Moreover, company devices might also get stolen during when

employees attend meetings and meet their clients carrying with them the devices.

Recommendations

It is therefore necessary for the company to ensure that the physical locations where their data

centres are kept is protected from any unauthorized access or intruders. The company should

also ensure that, employees working from home are informed and trained on key issues of

information security. In addition, the company should also ensure that, their network servers

and server rooms are well protected (Roy Sarkar, 2010).

Another best practice for the company to undertake is by creating effective and agile work

policies regarding the use of company assets and infrastructures by employees. For example,

the company should frequently conduct security awareness trainings for employees to keep

them informed (Roy Sarkar, 2010).

External threats
When it comes to external threats to the security of company’s information, it involves the

risk related to non-employees or intruders from outside the company who might intend or

accidentally gain access to sensitive information (Rizov, 2018). Some of the common

examples of external threats to the security of the company’s information include malware

and spam attacks, viruses and worms and denial of service (Roy Sarkar, 2010).

Code injection – code injection involves the use of malicious code to attack a system or an

application in order to change or manipulate the behaviour or the way a system works. Such

programs when injected into the system, they end up making it vulnerable to attacks like

making the system accept invalid inputs or credentials (Crnkovic and Tonchev, 2011).
A computer virus can be defined as a piece of code capable of replicating itself and when

introduced into the system, they usually have a detrimental effect to the system. For example,

a virus will destroy or corrupt sensitive company information (Crnkovic and Tonchev, 2011).

Trojan horse – a trojan is usually a fake version of an application or system that looks legit

on the outside but very dangerous inside. For example, a trojan can be in the form of a

malware that is installed into the system or application (Crnkovic and Tonchev, 2011). Trojan

examples include fake email adverts and file sharing websites.

Spyware – a spyware is usually a software or program that can be used to secretly gather

sensitive data or information from the company systems and devices (Crnkovic and Tonchev,

2011). However, spyware can also be legitimately used to monitor employee actions for

commercial purposes such targeted advertisements.

A computer worm is basically a malware capable of spreading copies of themselves across

the network or from one computer to other. Essentially, worms are self-dependent as they do

not need any software or program for them to spread (Crnkovic and Tonchev, 2011).

An anti-virus refers to a special software utility program designed for detecting and

destroying computer viruses or malware like trojan horse. Examples of computer anti-virus

include MacAFee and Kapersky (Crnkovic and Tonchev, 2011).

How anti-virus works

Usually, an anti-virus will scan all data, networks and websites looking for known threats and

constantly monitoring the behaviour of all programs and applications in a system. When an

anti-virus detects a potential threat or suspicious behaviour, it flags them for further action to

be taken (Crnkovic and Tonchev, 2011).


References
Crnković, D. and Tonchev, V. (2011). Information security, coding theory and related

combinatorics. Amsterdam: IOS Press.

Perez, A. (2014). Network Security. London: ISTE.

Rizov, V. (2018). Information Sharing for Cyber Threats. Information & Security: An

International Journal, 39(1), pp.43-50.

Roy Sarkar, K. (2010). Assessing insider threats to information security using technical,

behavioural and organisational measures. Information Security Technical Report,

15(3), pp.112-133.

You might also like