The Threats
A threat is defined as intentional or unintentional situation or events that affect the organisation system adversely (Connolly and Begg, 1998). The harm can be tangible or –intangible in nature. Tangible harm includes software, hardware or data while intangible are loss of credibility or client confidence. The difficulty to detect all possible threats facing organisation is the problem organisation do encountered. Successfulness of breach of security by any threat must be viewed as critical because this will have certain impact on the organisation. The table below summaries various threats that organisation could encountered with their corresponding consequences on the organisation.
Table 1 – Examples of threats
|
Threat |
Theft and fraud |
Loss of confidentiality |
Loss of privacy |
Loss of integrity |
Loss of availability |
|
Using another person’s means of access |
Yes |
Yes |
Yes |
No |
No |
|
Unauthorised amendment or copying of data |
Yes |
No |
No |
Yes |
No |
|
Program alteration |
Yes |
No |
No |
Yes |
Yes |
|
Inadequate policies and procedures that allow a mix of confidential and normal data |
Yes |
Yes |
Yes |
No |
No |
|
Wire tapping |
Yes |
Yes |
Yes |
No |
No |
|
Illegal entry by hacker |
Yes |
Yes |
Yes |
No |
No |
|
Blackmail |
Yes |
Yes |
Yes |
No |
No |
|
Creating trapdoor into system |
Yes |
Yes |
Yes |
No |
No |
|
Theft of data, programs, and equipment |
Yes |
Yes |
Yes |
No |
Yes |
|
Failure of security mechanisms, giving greater access than normal |
Yes |
Yes |
Yes |
No |
No |
|
Staff shortage or strikes |
No |
No |
No |
Yes |
Yes |
|
Inadequate staff training |
No |
Yes |
Yes |
Yes |
Yes |
|
Viewing and disclosing unauthorized data |
Yes |
Yes |
Yes |
No |
No |
|
Electronic interference and radiation |
No |
No |
No |
Yes |
Yes |
|
Data corruption due to power loss or surge |
No |
No |
No |
Yes |
Yes |
|
Fire(electrical fault, lightning strike, arson),flood, bomb |
No |
No |
No |
Yes |
Yes |
|
Physical damage to equipment |
No |
No |
No |
Yes |
Yes |
|
Breaking cables or disconnection of cables |
No |
No |
No |
Yes |
Yes |
|
Introduction of viruses |
No |
No |
No |
Yes |
Yes |
Connelly and Begg, 1998
A single threat can have multiple effects on the organization for example theft of data, programs, and equipment has the consequences of theft and fraud, loss of confidentiality, loss of privacy and availability. But the presence of many factors such as contingency plans and existence of countermeasures will reveal the extent to which organization will suffer.
Appropriate plans and countermeasure must be initiated by organization after possible threat has been identified and evaluated.
Accidental incident result in most computer breaches and must be recorded with the frequency of occurrence as well as the person by whom it is caused, if frequent, organization should review the procedure or policies through improvement in other to eliminate the future occurrence.
To minimize the impact of threat on organization, risk analysis must be carried out to evaluate every potential threat effectively. (Connelly and Begg, 1998).