2.  The main risks and threats to information systems security

Risks of the Internet are connected exclusively from it not by controllability. Being an enormous source of the information, the Internet doesn't divide it on good and bad, or useful and useless.

On the one hand, the Internet provides mass character of its use, and with another – generates a number of problems with serious consequences.

First, the Internet is the port in an external world, it became the basic source of distribution of a harmful mobile code (viruses, Trojan programs).

Secondly, the Internet began to be applied actively as means of the latent penetration into corporate local computer networks.

Thirdly, now the Internet can be considered as one of the basic ports of escape of the confidential information. For example, information resources of the companies are exposed to serious threats because of use by employees of these companies of free mail boxes. Employees of the various companies besides internal corporate mailing addresses actively use the free mail boxes given by various providers (hotmail.com, mail.yahoo.com, gmail.com and etc.). Having access to the Internet from the workplace and knowing that the port isn't supervised, any user can free send any confidential information for organization limits. But even understanding it, not all companies forbid the employees to use free post services. Ports of information leakage from the point of view of prevention of insider incident are various enough: usb-flash, an instant exchange of messages (ICQ, MSN, etc.), photoaccessories and others.

There are a variety of threats such as computer viruses, worms, spyware and Trojan horses.

Gordon B. Davis and Gordon Bitter Davis (1999, p. 239) point out that a computer virus is a computer program designed to destroy other programs, corrupt stored data, or interfere with the operation of computer system. Computer viruses were and remain one of the most widespread reasons of loss of the information. Despite huge efforts of anti-virus firms competing among themselves, the losses brought by computer viruses, don't fall and reach astronomical sizes in hundred millions dollars annually. These estimations are obviously underestimated, as it becomes known only about a part of similar incidents.

Another kind of threat is Trojan horse. According to Kim Berquist and Anrew Berquist (1996, p. 150) the Trojan horses is an apparently useful program containing hidden code which allows the unauthorized collection, falsification, or destruction of data. The wide circulation of Trojan programs has given to the hacker rather effective tool for reception of the confidential information and destructive activity in relation to users of network Internet.

Programs-spies (Spyware): the software, allowing to assemble data on separately taken user or the organization without their permission. Spyware is applied to a number of the different purposes. The core are marketing probes and target advertizing. In this case the information on a configuration of the computer of the user, the software used by him, visited sites, the statistican of inquiries to search cars and statistics of words entered from the keyboard allows to define a kind of activity and a focus of interest of users very precisely. However the assembled information can be used not only for the advertizing purposes – for example, recieved information about the computer can essentially simplify hacker attack and breaking of the computer of the user. And if the program periodically updates itself through the Internet it does the computer very vulnerable

The deliberate threats-threats connected with malice aforethought of deliberate physical collapse, subsequently system failure. Internal and external attacks concern deliberate threats. The modern history knows weight of examples of deliberate internal threats of the information are tricks of the competing organizations which introduce or hire agents for the subsequent disorganization of the competitor, revenge of employees which are dissatisfied with a salary or the status in firm and other. It is possible to carry threats of hacker attacks to external deliberate threats. If the information system is connected with a global network the Internet for prevention of hacker attacks it is necessary to use firewall which can be built in the equipment. Hacker attack is an electronic equivalent of breaking of a premise. Hackers constantly crack both separate computers, and large networks. Having got access to system, they steal the confidential data or install harmful programs. They also use the cracked computers for spam sending. The outstanding examples of hacker attacks are attacks Jonathan James. He cracked the serious organizations such as Defense Threat Reduction Agency which is part NASA. After that he has got access to names of users and passwords, and also possibility to look through the confidential information. According to NASA, cost of the stolen software is estimated in 1,7 million dollars. Another example, in the summer of 1995, the Russian hacker by name of Vladimir Levin has cracked electronic protection of Citybank and has stolen 400 000 USA dollars.

There are plenty of natural threats, such as fires, flooding, hurricanes, blows of lightnings. The most frequent among these threats are fires.


Информация о работе «Information Systems Security»
Раздел: Иностранный язык
Количество знаков с пробелами: 17242
Количество таблиц: 0
Количество изображений: 0

Похожие работы

Скачать
320183
85
21

... OF GEORGIA JSC – Valuation (Refer to Annex 1) Valuation Limits True Value (GEL mln.) True Value/Market Cap. Low 50.8 3.3 High 68.6 4.4   4.3  Human-Resource Development in the Private Sector 4.3.1     Business Schools/Universities European School of Management (ESM). Data Sheet. European School of Management ESM-Tbilisi 40, Vazha ...

Скачать
49935
0
0

... of control and supervision in the field of customs and the functions of a currency control agent and special functions of contraband control, abatement of other crimes and administrative violations. The Federal Customs Service (FCS) is under the jurisdiction of the Ministry of Economic Development and Trade of the Russian Federation. The FCS in its activity is guided by the Constitution of the ...

Скачать
238632
0
0

... on trucks and utility vehicles, while the automobile industries in other countries may focus on sport cars or compact vehicles. Greater specialization allows producers to take full advantage of economies of scale. Manufacturers can build large factories geared toward production of specialized inventories, rather than spending extra resources on factory equipment needed to produce a wide variety ...

Скачать
293733
5
0

... метод доступа с передачей полномочия. Охарактеризовать метод множественного доступа с разделением частоты. Какие существуют варианты использования множественного доступа с разделением во времени? Лекция 5.ЛВС и компоненты ЛВС Компьютерная сеть состоит из трех основных аппаратных компонент и двух программных, которые должны работать согласованно. Для корректной работы устройств в сети их нужно ...

0 комментариев


Наверх