Please enable JavaScript.
Coggle requires JavaScript to display documents.
Cyber Security Threat Levels 2 - Coggle Diagram
Cyber Security Threat Levels 2
Vulneralbilities:
Environmental:
Natural disasters can affect data, information and computer systems
Data/information inaccessible
Loss of power / internet connection
Hardware damaged
System:
Relate to the running of devices and computer systems
Weak passwords
Software’s not updated with patches
System updates not completed
Security updates not completed
Updates not completed in real-time
Using public Wi-Fi connections
Using unsecured hardware devices
Physical:
Theft of devices
Misplaced devices
Relate to the physical devices used to store data / information / identity theft
Impacts of a Cyber - Security Attack:
Data Destruction:
Data is destroyed by a cyber-security attacker and no longer exists.
Data Manipulation:
Data is amended to meet the needs of the cyber-security attacker
Identity Theft / Fraud:
Personal details have been stolen during a cyber-security attack. The attacker may use these details for criminal activity.
Data Modification:
It changes data to meet the needs of the attacker. However, the attacker usually has different aims and the crime may not be found for a long time.
Dos Attack:
Authorised users may not have access to the website. The affected business may lose business or data.
Data Theft:
Cyber-attacker steals computer-based data. Can happen to passwords, personal details and financial data. But it can also happen to portable storage devices or mobile devices.
Consequences of a Cyber Security Attack:
Financial:
Compensation to be paid. Financial accounts not up-to-date.
Commercial:
Business cannot function as normal.
Operational:
Time delay to restore data and continue with business.
Individuals:
Identity theft. National security.
Reputation:
Decline – not trustworthy.
Finance:
Unable to access financial accounts / data. Data loss from personal financial accounts – identity theft/fraud.
Data:
Data lost. Not backed-up.
Equipment:
DDoS.
Financial:
Compensation for loss of financial data. Data subject may also suffer.
Prevention Measures:
Anti-Virus Software
Detects viruses before they enter the computer system.
Once detected it is automatically quarantined and ask the user what action to take
Secure Backup:
Should be made at regular intervals, can use portable storage media. Should be kept safely and protected from theft or fire. Can be encrypted.
Access Rights are Permissions:
Usernames (authorisation) and passwords (authentication)
Access right - control who has access
Permission - what a user can do
Encryption Software
Encrypts data so that only users with the encryption key can read / use the data that has been transmitted.
Other Methods
Locking doors Using swipe / RFID cards or keypads
Bolting equipment to desks
CCTV cameras
Closing windows / blinds
Overwriting Data:
Data is overwritten with meaningless data, usually binary (1 or 0). Storage device can be reused.
Biometric Protection Measures:
Uses a person’s physical
characteristic:
Fingerprint
Eye scan
Voice
Facial Recognition
Magnetic Wipe:
Removes the magnetic field part of a storage device. Makes the data unreadable and the device unusable.
Physical Destruction:
Device is so thoroughly destroyed that the data cannot be recovered:
Hard drive shredder
Drill through or hammer on the device
Steamroller to run over device
