Report on IT Security Threats
and Cryptography for Toy and
Model Company
Contents
Introduction...........................................................................................................................................2
Current IT Security Threats....................................................................................................................2
Threat Types......................................................................................................................................3
Internal Threats.............................................................................................................................3
External Threats.............................................................................................................................5
Physical Threats.............................................................................................................................5
Social Engineering and Software-Driven Threats...........................................................................7
Techniques Used to Obtain Secure Information............................................................................8
Computer Based Threats...................................................................................................................9
Passive Threats..............................................................................................................................9
Active Threats..............................................................................................................................10
Cloud Computing Security Risks...................................................................................................11
Principles of Information Security.......................................................................................................11
Principles of Confidentiality, Integrity, and Availability...................................................................11
Confidentiality:............................................................................................................................11
Integrity:......................................................................................................................................12
Availability...................................................................................................................................12
Accessibility of Information.............................................................................................................12
Unauthorised Access or Modification..............................................................................................12
Principle of Minimal Access.............................................................................................................13
Deliberate or Accidental Loss of Information..................................................................................13
Legal Requirements for IT Security......................................................................................................13
Data Protection Act 1998.................................................................................................................13
Computer Misuse Act 1990.............................................................................................................13
Copyright, Designs and Patents Act 1988........................................................................................13
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations
2000.................................................................................................................................................14
Fraud Act 2006.................................................................................................................................14
,Impact of IT Security Threats on Organisations...................................................................................14
Operational Impact of Loss of Data or Service.................................................................................14
Financial Impact of Loss of Service (E-commerce Website).............................................................14
Damage to Reputation.....................................................................................................................14
Legal Consequences of Data Privacy Breaches................................................................................15
Evaluation of Security Techniques.......................................................................................................15
Cryptography and Data Security..........................................................................................................16
Uses of Cryptography......................................................................................................................16
Shift Ciphers:................................................................................................................................16
One-Time Pads:............................................................................................................................16
Hash Functions (e.g. MD4, MD5, SHA-2, SHA-3):.........................................................................16
Block Ciphers:..............................................................................................................................16
Stream Ciphers:...........................................................................................................................17
Cryptographic Primitives (e.g. Pseudo-random Functions, One-way Functions):........................17
Cryptographic Salts:.....................................................................................................................17
Encryption Algorithms (e.g. RSA, DES, 3DES):..............................................................................17
Legal and Ethical issues and considerations that are impacted by cryptography................................17
Privacy and Data Protection Laws:...................................................................................................17
Intellectual Property Rights:............................................................................................................17
Government Surveillance and Individual Rights:.............................................................................18
Cybersecurity Regulations:..............................................................................................................18
Principles of Cryptography...................................................................................................................18
Conclusion...........................................................................................................................................18
References:..........................................................................................................................................19
Introduction
IT Security is extremely important nowadays, especially for a start-up company that designs and sells
toys and models online and locally. Many security threats target businesses and this report aims to
showcase and report on different parts of IT security and threats. This is important as understanding
this can help with combatting these security threats and help with bringing good encryption or
safeguarding to the IT systems of the business.
Current IT Security Threats
, Threat Types
There are a few IT Security threats that are used by malicious people today. These include Internal
threats, External threats, Physical Threats, Social engineering, and Software-driven threats. These
threats are continuously evolving, so companies need to constantly keep watch on them to make
sure they do not affect the business.
Internal Threats
Employees of the business may deliberately or accidentally cause a threat. There could be human
error or lack of awareness where employees may expose the organisation to risks without knowing.
Employees that are upset for any reason may also intentionally steal sensitive information or
compromise the systems and some employees may abuse their access and sell sensitive information
through insider trading.
Employees may also end up becoming a victim of phishing attacks where attackers make them reveal
their login information through scam emails which will let the attackers gain unauthorised access to
their systems.
Employees can also get manipulated by other malicious employees into revealing sensitive
information or doing things that are a risk to the security of the business.
and Cryptography for Toy and
Model Company
Contents
Introduction...........................................................................................................................................2
Current IT Security Threats....................................................................................................................2
Threat Types......................................................................................................................................3
Internal Threats.............................................................................................................................3
External Threats.............................................................................................................................5
Physical Threats.............................................................................................................................5
Social Engineering and Software-Driven Threats...........................................................................7
Techniques Used to Obtain Secure Information............................................................................8
Computer Based Threats...................................................................................................................9
Passive Threats..............................................................................................................................9
Active Threats..............................................................................................................................10
Cloud Computing Security Risks...................................................................................................11
Principles of Information Security.......................................................................................................11
Principles of Confidentiality, Integrity, and Availability...................................................................11
Confidentiality:............................................................................................................................11
Integrity:......................................................................................................................................12
Availability...................................................................................................................................12
Accessibility of Information.............................................................................................................12
Unauthorised Access or Modification..............................................................................................12
Principle of Minimal Access.............................................................................................................13
Deliberate or Accidental Loss of Information..................................................................................13
Legal Requirements for IT Security......................................................................................................13
Data Protection Act 1998.................................................................................................................13
Computer Misuse Act 1990.............................................................................................................13
Copyright, Designs and Patents Act 1988........................................................................................13
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations
2000.................................................................................................................................................14
Fraud Act 2006.................................................................................................................................14
,Impact of IT Security Threats on Organisations...................................................................................14
Operational Impact of Loss of Data or Service.................................................................................14
Financial Impact of Loss of Service (E-commerce Website).............................................................14
Damage to Reputation.....................................................................................................................14
Legal Consequences of Data Privacy Breaches................................................................................15
Evaluation of Security Techniques.......................................................................................................15
Cryptography and Data Security..........................................................................................................16
Uses of Cryptography......................................................................................................................16
Shift Ciphers:................................................................................................................................16
One-Time Pads:............................................................................................................................16
Hash Functions (e.g. MD4, MD5, SHA-2, SHA-3):.........................................................................16
Block Ciphers:..............................................................................................................................16
Stream Ciphers:...........................................................................................................................17
Cryptographic Primitives (e.g. Pseudo-random Functions, One-way Functions):........................17
Cryptographic Salts:.....................................................................................................................17
Encryption Algorithms (e.g. RSA, DES, 3DES):..............................................................................17
Legal and Ethical issues and considerations that are impacted by cryptography................................17
Privacy and Data Protection Laws:...................................................................................................17
Intellectual Property Rights:............................................................................................................17
Government Surveillance and Individual Rights:.............................................................................18
Cybersecurity Regulations:..............................................................................................................18
Principles of Cryptography...................................................................................................................18
Conclusion...........................................................................................................................................18
References:..........................................................................................................................................19
Introduction
IT Security is extremely important nowadays, especially for a start-up company that designs and sells
toys and models online and locally. Many security threats target businesses and this report aims to
showcase and report on different parts of IT security and threats. This is important as understanding
this can help with combatting these security threats and help with bringing good encryption or
safeguarding to the IT systems of the business.
Current IT Security Threats
, Threat Types
There are a few IT Security threats that are used by malicious people today. These include Internal
threats, External threats, Physical Threats, Social engineering, and Software-driven threats. These
threats are continuously evolving, so companies need to constantly keep watch on them to make
sure they do not affect the business.
Internal Threats
Employees of the business may deliberately or accidentally cause a threat. There could be human
error or lack of awareness where employees may expose the organisation to risks without knowing.
Employees that are upset for any reason may also intentionally steal sensitive information or
compromise the systems and some employees may abuse their access and sell sensitive information
through insider trading.
Employees may also end up becoming a victim of phishing attacks where attackers make them reveal
their login information through scam emails which will let the attackers gain unauthorised access to
their systems.
Employees can also get manipulated by other malicious employees into revealing sensitive
information or doing things that are a risk to the security of the business.
