There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses that might attack the system. The impacts are the things that happen to the system so the after effects could be bank details that have been stolen.

Introduction

Malicious damage can be known as someone that has corrupted and or deleted files, data and software programs. Organisations could have hackers threatening the system by corrupting or delete files that may contain important information. When the organisation site has been attacked by malware the result would be the site shutting down for maintenance but for an e commerce site the problem ought to be a loss of revenue. So for a solution that may help is to for the site to be malware proof.

Malicious damage

Identity theft is when you details are stolen and when it’s used to commit fraud. They can be used to purchase goods or services maybe through the internet. http://www.actionfraud.police.uk/fraud_protection/identity_fraudFraudsters can use identity to:open bank accountsobtain credit cards, loans and state benefitsorder goods in your nametake over your existing accountsObtain genuine documents such as passports and driving licences in your name.This relates to an organisation as if an employee is affected and has been a victim then the organisation is affected as well. The reason why because from research I found that it takes about 600 hours to straighten out things and that is about up to 40 hours of work per week.

Identity Theft

Viruses are also very dangerous to when entering a system and the damage it can do. The problem with a virus is it can copy itself to another machine without anyone knowing. They travel through email, instant messaging also through network so when sharing a network it’s a threat to the system as they can travel though that.They can start big problems for an organisation from taking banking details and passwords so it’s essential for the organisation to make sure that everything is protected. Solution will be is to protect the system using an anti-virus.

Trojans and Key loggers are software that has been embedded to the person computer and knows every click. The information is then set to a cyber-thief to access you accounts. It does not need any physical access as it can be downloaded to the computer without knowing then it accesses the information.

Spam is electronic it creates fake accounts that are made to be sent, they are emails that are sent to issue for an example fake designer goods. Most spams are fake get rich schemes which are designed to attract the reader into opening the email and reading but when the email is open the spam enters the system.

This relates to an organization maybe getting entered into and erasing all data on the system this can be staff personal details. Other problems with loosing data that the hard drive that the files are saved onto may have chance of crashing. So the best thing is to have a backing up drive that saves the files that have been saved onto to the other drive so in order the drive has crashed there is still back up and you can access the data. Also going back to opening an email without knowing the impact it may have, employees are a liability as they are trusted when opening emails so even though the employee might know what they are doing but they still can open an email without knowing what it may contain, for an example viruses may be contained in that email so when opening the employees need to be sure it’s a genuine email.

Problems

Threats to an organisation e commerce website, firstly financial data can be easily stolen through an e commerce website that is insecure. So when a user is sharing financial data e.g. card details, it’s very easy for the hackers to get their hands on the details as they are always on the look for an insecure hosting website.

E commerce

http://www.bukisa.com/articles/183192_threats-and-risks-in-ecommerce-securityWhat are the Possible Threats?The threats in the ecommerce security system can be either accidental or malicious. The control measures and procedures can help to protect the website and minimize the vulnerabilities. The malicious threats could be: hackers penetrating the system to alter or read the sensitive information, burglars stealing the system or server that contains unprotected sensitive information, and fakers posing as legitimate users.A risk assessment on the ecommerce systems should be done to understand the risk facing the ecommerce system, risk in the business processes followed, and the possible impact on the ecommerce system if any security threats occur. The important part of any assessment is clearly defining the business data access needs and it should include all the standards and rules of accessing for all sets of users. For example, different conventions may be used for employees, managers, customers, government agencies, and so on.

Information RiskContent on web page exposing web publisher to libel, defamation of character, slanderCopyright infringement and invasion of privacy suits stemming from posted textual contentCopyright infringement and invasion of privacy suits stemming from digital scanning and morphingCopyright, patent, or trade secret infringement violations by material used by web site developersAfter unauthorized access to a web site, online information about employees or customers is stolen, damaged or released without authorization

Information Risk

Web page content exposes web publisher to libel, defamation of character, slanderElectronic bulletin boards containing defamatory statements resulting in liabilityWorldwide legal exposure resulting from use of information in violation of home-country lawsUsing web sites to conduct illegal promotional games, such as a sweepstakes or contestsRisks related to payment to web site developers and disputes between developers and clientsLack of maintenance on existing web pagesImpact on business due to intellectual property lost due to employees moving to competitorsChanges in supplier relationships re: data access, data ownership, distribution strategy, and marketing tacticsChanges in customer relationships re: data access, data ownership, distribution strategy, and marketing tacticsProducts out-of-stock due to poor communication with operationsHigh shipping costs required for distributionhttp://www.muhlenberg.edu/depts/abe/business/miller/ecrisks.html

organisation risks

There are a lot problems can occur within an organization, firstly human errors are mistake that the individual makes for an example purchasing Microsoft excel license as you want to store data for the web to view and it is not made for that. So you are choosing a wrong way of completing your objective. It also can mean incorrectly typing a word and you have misspelt it. Viruses also can destroy the organizations data when there is an unwanted cookie through the internet and without a antivirus scanning you could be getting a viruses every 8 minutes from my research. Natural disaster are a factor as for an example floods can happen and data can be lost. Hardware can crash and they will crash if something is not right and this can lead to data being lost.

Data integrity

Problems that may occur

SOLUTIONS

There are ways to reducing these risks firstly backing up, when backing up data you are sure if you loose data on the system you will still have back up. Incase of spelling mistakes in a document use error detection and that helps the writer to recognize any errors in the document. Updates can reduce the risks of getting any viruses, also reduce the risks of the hardware crashing.

Making sure that information massed on the computer system is not approached by unapproved individuals. This can lead if and when the individual try's and accesses the data to loosing it and defective use.

In an organisation they have different users and passwords and they are in different levels so who can access a certain account on a system. The organisation may need to change the password of the account that is only supposed to be accessed by certain users so the individual will have trouble trying to connect to the account on the system.

Its referred to whether if the data is essential to the present and the upcoming organization information request are accessible in the data store. It contracts with defining the data needed to come across the organization information request and making sure that those data are maintained in the data store so they are obtainable.

Data completeness

Confidentiality

ACCESS DATA

For an example employers and students can access the organisations data and its very hard to detect someone that is an internal threat. They can imperfect the organisation data for spreading spam through the system also access unapproved data e.g. salary of an employee and loss of data.The organisation needs to keep information on who is accessing the data and if they are allowed as only certain user are able to access that information. Unapproved access can be through a party which they pretend to be someone else and use the access to go deeper into the organisation system