Security Assessment Report - Sample Essay

The possible threats to the security of BuyItAll. com may include malware, such as viruses (which include things like Trojan Horses), which are little programmes similar to apps which can delete crucial files in your computer and/or computer registry . Another threat to your computer system may be Spyware which is a computer programme enabling the creator to receive data from your computer about your computer and most commonly, your personal details and your businesses’ private details. These programmes may have been uploaded on to your computer by the disgruntled ex-employee maliciously.

Someone could have uploaded some malware onto a website and when you go onto this website, you will also download the malware. You can avoid this by installing anti-virus and anti-Spyware software. So be careful as not everything is as it seems – some anti-virus and anti-Spyware could be a wolf in sheep’s clothing! Without an IT Manager, your Company could be open to threats such as phishing. This is the method of obtaining someone’s details by mischievous ways by sending you an email saying “Dear Customer, We are from HSBC and we are updating our security system and need you to log in to complete our update.

” This is like putting your fishing rod into the water and hoping a fish may bite. They are very convincing but you must not open emails of this type . Banks would never address you as Dear Customer. Piggybacking is when someone else uses some sort of software of yours to their gain such as downloading illegal files on your internet and then it will look like you have done this and not the piggybacker. You can prevent this by putting security on your internet, such as a password.

There are other types of malicious damage which could include the ex-employee putting sticky juice on the keyboard or overloading the computers, blocking up the ventilation holes. Ways to avoid this kind of behaviour would be to install CCTV, lock the doors after everybody has left, and employing security personnel. Human Error This could include spelling mistakes. Spelling mistakes are quite easy to make and if you make a mistake in a name or programme, it can have consequences when you come to use email or sending letters out to customers.

It shows a lack of professionalism or lack of care and makes your business look careless as though your custom doesn’t matter to them. If spelling mistakes are made in customers’ addresses, then they may not receive ordered goods and if descriptions of goods on BuyItAll. com’s website are incorrect, this could result in confused customers and you could technically be breaking the law. If you type in your password incorrectly too many times, you could end up blocking your computer. You should train your staff in correct spelling and to remember their passwords.

Technical Failures Technical faults are when hardware or software fails. Some examples of technical failures are broken keyboards or mice, cracked monitors, hard drive failures, overheated CPUs (processors), failures through water damage could completely ruin the PC or your whole system. Your computer could have an overdose of power through powers urges. Also computers can fail when going from cold to heat as condensation can form and ruin your computer. Your computer will fail if your building gets flooded, whether that be as a result of a burst pipe or natural disaster.

I suggest you employ a technical maintainer who could make sure all hardware and software is current, up to date and relevant to minimise the possibility of technical failure (the software does not necessarily have to be up to date, excluding security software) I suggest that the technical maintainer also keeps the hardware in working order and replaces any faulty items and up-dates them as necessary. Internal threats Internal threats are damages from inside the Company, e. g. annoyed IT Managers, which could potentially implant viruses, Spyware or other malware.

The aggrieved Manager could also have deleted important files, unplugged the cable or disconnected the wireless router. He also could have planted false information, e. g. messing up formulas in excel or entering false details in databases giving himself a big pay rise. He could have deleted customers’ details, etc. , so not enabling BuyItAll. com to continue the smooth running of the business. He could also do physical damage to the computer system by pouring water into the server or anything like this but not limited to.

I would suggest having CCTV cameras; having ID badges for easy identification of employees; having alarms like pressure sensors in the server floors; having gait recognition for lost employees or employees intentionally intending to cause damage to the Company’s computer system. External threats External threats could be if the aggrieved IT Manager had a password for the computer system and it hadn’t been changed since he left. He could enter the Company’s system via the internet. He could access the files on the Computer system and delete, edit or change files.

He could take down the website. He could also plant a virus which could go into thousands of machines and zombify them, telling the computers to go onto BuyItAll. com and causing the website to crash due to increased demand. My suggestions for avoiding these eventualities would be to have a high level of encryption, secure passwords which are changed regularly, at least every six months, for high level technical personnel, such as technicians having a different password every week, then having it change every two months. eCommerce

There could be a possible threat to the running of the Company website if someone hacked into the website causing the payments to go into their bank account instead of the Company’s. The zombie machines also could be a threat to ecommerce as hundreds could log onto your website and cause it to crash. Another threat is cyber graffiti which is when they log onto your website and change your logo to something obscene or put a giant swastika on your website or something of this type making it hard for your customers to proceed with their normal shopping because of this defacement.

My suggestions are to have Firewalls, encryptions, anti-Malware and strong passwords that change on a regular basis and possibly to employ somebody to hack into your website, so any loopholes they find, you can then correct. But bear in mind, once the unauthorised hacking of your website has been committed, there is nothing you can do about it, so you would have to employ someone, or assign someone to make sure no-one has committed this offence. Obviously, if they had, then you would have to change it back as soon as possible.