FLORES, RICK ALLEN M.

BSA – 1A
NSTP 2
External Threats
1. Malicious threat:
- Malicious threat includes Computer viruses, Trojan, worm and spyware. It is code
or software that is particularly intended to damage, steal, disrupt, or as a rule
inflict some other "terrible" or illegitimate activity on information, hosts, or
network.
2. DOS attack:
- A Denial-of-Service (DOS) attack is an attack intended to close down a machine
or network, making it unavailable to its intended users.
3. Eavesdropping:
- Eavesdropping refers to the unauthorized monitoring of other people’s
communications. It can be conducted on ordinary telephone systems, emails,
instant messaging or other Internet services.
4. Data breaches:
- A data breach is an occurrence in which sensitive, secured or confidential data has
potentially been seen, stolen or utilized by an individual unapproved to do as
such. In case of small organization data breaches may involve personal
information and intellectual property.
5. Phishing:
- Phishing is the process to gain sensitive information like usernames, passwords
and credit card information, frequently for malicious reasons, by taking on the
appearance of a dependable element in an electronic correspondence.
Internal Threats
1. Malicious cyberattacks
- Research conducted by Cert has found the most likely perpetrators of cyberattacks
are system administrators or other IT staff with privileged system access.
2. Social engineering
- Perhaps one of the most common ways for attackers to gain access to a network is
by exploiting the trusting nature of your employees. After all, why go to the
trouble of creating a program to steal passwords from the network, if people will
simply give out this information on the telephone?
3. Downloading malicious internet content
- Some reports suggest the average employee in a small business spends up to an
hour a day surfing the web for personal use — perhaps looking at video or file-
sharing websites, playing games or using social media websites such as Facebook.
4. Information leakage
- There are now a staggering number of ways that information can be taken from
your computer networks and released outside the organization. Whether it's an
MP3 player, a CD-ROM, a digital camera or USB data stick, today's employees
could easily take a significant chunk of your customer database out of the door in
their back pocket.
5. Illegal activities
- It's important to remember that, as an employer, you are responsible for pretty
much anything your employees do using your computer network — unless you
can show you have taken reasonable steps to prevent this. Famously, the US-
based Citibank was sued for $2m (£1m) when employees downloaded
pornography from the internet, and UK companies have dismissed workers for a
range of misdeeds, from selling drugs using company email to distributing
racially and sexually offensive material over corporate intranets.