Please enable JavaScript.
Coggle requires JavaScript to display documents.
4.2. The Vulnerabilities that can be exploited in a cyber- security attack
4.2. The Vulnerabilities that can be exploited in a cyber- security attack
Environmental
- Natural Disasters
Lightning strikes cause surges or spike in the electricity supply . These surges can affect the operation of hard drives.
Power failures cause devices not to be charged or to be used meaning there is a limited accessibility to data + information. Batteries + power generators can be used as back-up power sources, but there must be fuel available.
Earthquake tremors could damage hard drive surfaces,
causing the data and information stored on then to be unreadable. Backups stored in Cloud could be inaccessible due to lack of internet access.
Computer devices could get destroyed or lost because tsunami's and flood could destroy or was away buildings.
Natural disasters, mean internet access is lost, means the data + information stored on Cloud is inaccessible. This impact after recovery because data + information held by the government of a location and the number of people are lost. Rescuers may not know how many to save.
Physical
- theft of identity/ theft of property.
Theft occur if someone breaks into the building/ vehicle + steals the device or if the device is left somewhere, so someone can steal it to perform illegal activities.
Example
In 2008 someone left a memory stick in a pub car park. Memory stick contained a password for HM Government Gateway. It is an online system that allows people to claim state benefits + filing their tax return.
System
- insecure software applications,weak passwords,insecure moderns
Automatic update facility
means the user does not need to remember to check updates + the system is kept up to date.
Insecure hardware cause system vulnerabilities.
Insecure devices : modems,hubs + routers mean that internet access + computer devices connected to wifi are vulnerable..
Data + information stored on devices could be accessed by cyber security attacker.
Security software
will update automatically in
real time
(when the computer system is connect to the internet the software will automatically check new updates all the time)
because new viruses + other security threats are released all the time.
If update is found this is downloaded + installed.
Some businesses offer WiFi connection to customers but these networks are unsecured. Mean that no user ID or password needed to join the connection , which increase the risk of cyber security attack.
Operating system + application software
can update automatically when the computer is shutting down. Any updates tat are available from last shut down will be downloaded.
Manual updatin
g set to check the time specified by the the user/
can be completed on a hoc basis. Ad hoc manual updating can be forgotten + leave the computer system with vulnerable threats.
Problems with manual updating are:
If updates + patches are missed, this is left open to attacks + threats , could result in data lost + stolen.
users might think the update not appropriate or intrusive
Computer system must be switch on and connected to the internet for the update to happen, but the manual update must be set to a specific time when the computer is switched off.
Users may decide to manually update the software they want to look at the updates + decide.
A patch will not be downloaded once it is released, so the computer system becomes vulnerable to virus attacks.
Software must be updated, because patches (Updates released by software vendors for their software.)released to resolve identified vulnerabilities.
System generated passwords changed to something that the user can remember.
The user chosen passwords are weak passwords ,as the simpler the password easier to guess.