Advertise Here!Call +234 (0) 8035007778
Threats to IT
are increasingly using Information Technology to improve communications
and increase profitability. However, although companies can benefit from
the application of IT, the increased use of IT also increases the risk
of a security breach.
convenience associated with IT increases the need for security. Once
security is compromised, the benefits of IT pale into insignificance and
IT becomes a curse rather than a blessing. Many organizations don’t
enjoy a healthy return on their IT investment because of their inability
to manage IT risks. People must therefore be concerned with how they can
use IT without putting themselves at risk. This discourse attempts to
identify possible threats to IT security.
Computer system threats are many and varied. A threat is a danger, which could affect the security (confidentiality, integrity, availability) of IT assets, leading to a potential loss or damage.
Power loss or outages from NEPA, can cause data loss; fluctuations in power supply damage both data and equipment. Power problems may also affect air-condition systems which are required to maintain proper environmental conditions in the computing equipment. Fire is also a major threat.
There could also be saboteurs from within an organization or those who infiltrate a company's computing network from outside to destroy valuable data, or introduce virus. There are also threats that arise from careless mistakes of staff. “Often, the cases of deliberate acts are the most serious, as they have been planned to avoid detection and cause the maximum damage”.
Different types of threats can be identified. The first type is the general threat. This could result from human error. Human error results in accidental destruction, modification, disclosure, or incorrect classification of information.
In this category errors occur due to ignorance. Like the overused but still relevant cliché states, “if you think education is expensive try ignorance.” Ignorance could be due to inadequate security awareness, lack of security guidelines, lack of proper documentation, lack of knowledge (even on the part of systems staff). Often lack of knowledge results in incorrect system configuration. It is a low level of security awareness that makes users inadvertently give information on security weaknesses to attackers.
IT related fraud is on the increase. If staffs are dishonest, the fruits are IT fraud, theft, embezzlement, illegal selling of confidential corporate information and systems. Dishonesty can be a killer! Dishonest employees have been known to use IT to bring organizations to their knees.
Related to earlier mentioned threats is that of inferior security management. It isn’t enough to acquire sophisticated IT equipment. Exposure to IT related failure is high, if the security policy is inadequate, or not enforced. What is management’s attitude towards IT security and its enforcement? Is IT security policy effective or is it simply ceremonial, or for audit purposes?
Apart from general threats it is possible to isolate Identification/authorization threats. Common sources of these threats are hackers. Hacking is the process of accessing computer systems by persons who have no legitimate access to the system, or at least not to that part of the system. It may be carried out by people outside the organization or by insiders who are users of the system but who attempt to gain access to parts of the system they are not authorized to access. Access may mean exploiting facilities provided by the system, or exploiting flaws in the security mechanism of the system, or guessing or obtaining the log-on names and password of legitimate users. The aims of hackers are to obtain confidential information; to commit fraud; to cause disruption to the target organization; or for intellectual amusement. There’ve been several well-publicized example of hacking in the US and in Europe. Are your hackers “home-based” or foreign?
How reliable is your IT service? Another group of threats are classified as Reliability of Service (ROS) Threats. Are systems up and running when required? ROS is a major problem affecting electronic banking in Nigeria today. In quite a number of banks with huge IT investments, system availability is quite low. For many it is the usual “the system is down” refrain that seems to be the norm.
ROS threats include natural disasters such as Fire, flood, earthquake, etc. ROS is equally affected by man-made disasters such as War, Bombs, civil disturbance, dangerous chemicals, nuclear accidents, etc. Any disaster will affect your ability to benefit from your IT investment.
Constant equipment failure due to defective hardware, cabling, or communications system, NITEL, etc. will definitely result in ROS problems. If equipment fails due to malfunctioning air-conditioning system, or poor environmental conditions, again ROS is affected.
Where quality of service delivered by public infrastructure is poor, ROS will always be a major threat. A common ROS problem in Nigeria is Power supply failure. Which is the backup, NEPA, or generator? ROS threats can result from the failure of either.
ROS is a major threat to IT security if IT service provision is poor. What is the quality of IT service, i.e. from an IT or Internet provider? If your business is dependent on Internet access, your ISP must always provide high quality Internet service.
Sabotage is another threat that can affect ROS. Malicious damage of information or information processing functions such as physical destruction of network interface devices, cables; physical destruction of computing devices or media; theft; deliberate electrical overloads or shutting off electrical power can all affect reliability of service.
Bugs in software can cause ROS problems. This is especially so if the software is relatively new and if it didn’t undergo rigorous testing before it was released.
Hostile computer programs such as viruses have seriously affected organizations’ ability to use IT. An attack can render an organization’s IT infrastructure impotent for a significant amount of time. As it is said, time is money, don’t let viruses waste your money. There is an alarming increase in the development viruses (in programs, documents and email attachments). With the advent and widespread use of the Internet, virus attacks are having immediate worldwide impact. Other hostile computer programs are Trojan horse, logic bomb and worm.
Another group of threats are privacy threats, i.e. unauthorized monitoring of sensitive data crossing the Internal network, unknown to the data owner, or unauthorized reading of electronic mail. If you use IT, how private is your data, or your customer’s data? How easy is it for your sensitive information to get into the wrong hands?
Integrity/Accuracy threats are those that result from deliberate damage of information or information processing functions from internal or external sources. Integrity / accuracy problems occur when there is deliberate modification of information, either done externally or internally. Examples include creating phony account balances, unauthorized deletion of transactions, or modification of accounting procedures. Does your system produce exception reports, or have audit facilities? IT security is nil if information produced by the system is of doubtful value.
Access Control threats can result from password cracking. Security is compromised through careless handling of password files, or use of bad passwords. Access control threats could be through attack programs allowing internal access, or external access to systems. Developers can also cause access control problems by creating unsecured maintenance modes in the software. Bugs in network software can open unknown/unexpected security holes.
Access control problems can occur from unauthorized physical access to Systems. Where are systems kept? Are they in a free for all zones, without any physical security cover?
Another group of threats are repudiation (denial) threats: Receivers of confidential information may refuse to acknowledge receipt. Senders of confidential information may refuse to acknowledge the source.
The last group of threats is legal threats. Companies run into problems when they fail to comply with regulatory or legal requirements. Also many countries' law forbids (especially over the Internet) incitement to racism, gambling, money laundering or the use of, or distribution of, pornographic or violent material. You may be liable if internal users or attackers abuse your systems to these ends.
The impact of these threats differs. But after a threat impacts heavily on your bottom line, it is no longer a threat but a disaster.
July 7, 2006
Adegboyega from Ilesha says:
One must always be alert to these threats. Security is a priority .
Link to this Content/Resource
We appreciate you notifying other webmasters about our Content and Resources. You can even link directly to this content article!
For instance. If you like this resource or any of our resources, please add a
link to our website using the following HTML code:
<a href="http://www.jidaw.com/certarticles/careerqa6.html">Career Tips and Suggestions</a><br>
IT Career Empowerment
MORE ...For more coverage and information related to this topic, head to the IT Articles and Resource Center
Attend the next FREE IT Career Seminar.. and Get Career Tips and Insights:
Your Guide to taking the Right IT Career Decisions
Innovation is integral to Sustainability
Samsung Galaxy Grand Prime: Important Features and Sincere Impressions
Girls in ICT Day Events and Activities
Girls in ICT Day Events and Activities
Level of OSS deployment and usage in Nigeria
Students face the Reality
follow @jidawlistTweets by @jidawlist
DISRUPT THE STATUS QUO!
Ideas are not enough. You must be action oriented to improve your future.
Don't just think but act. You get results not only from thinking but from acting.
You have ideas. You want to achieve. You want opportunity.
But what are you still doing in your comfort zone? The comfort zone is a dangerous place.
"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.
Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.
GO on the offensive now with IT Education and Empowerment.
What is the use of ideas without action?
Start becoming the achiever you deserve to be.
MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.