D1 Effectiveness of techniques
to protect against security
threats
Introduction
In this document I will be evaluating the effectiveness of the techniques used to protect our
organisation from security threats. The principles of information security and the legal requirements
are also important and will be considered in this document.
Security threats
There are a number of threats the company could face and we will need to use effective methods to
stop/mitigate the effects of them. Internal threats, such as employees gaining access to highly
confidential information, need to be prevented as if the banking details got into the wrong hands
they could be used for fraudulent activities. There are two main techniques which could be used to
protect against this type of attack, these are: having passwords and codes on certain files (File/folder
access controls) to protect files on the company network and having an access control system for
staff so that only certain employees can enter rooms which contain highly confidential information
customers private and banking details. Both these methods are classed as physical security and can
protect against security threats as they restrict the number of people who have access to this data,
meaning if someone just walked into the company building they wouldn’t have access to anything,
whilst only authorised staff members would have access to the data. To further improve the physical
security, we could install CCTV cameras around our building and offices, so that we could monitor
our site 24 hours a day, whilst having automatic
locking doors (part of the access control) on the server
room would prevent any damage or theft of the data
inside that room.
Physical Security: 8/10 | Overall, these methods of
physical security will be effective in protecting against
security threats as they will mitigate the chances of
someone, who shouldn’t have access to information,
looking or gaining data. They also meet the
requirements of the principles of confidentiality and availability but could be prone to social
engineering; for example, an employee getting manipulated into giving his password or information
about clients away.
An additional threat includes external threats - those which come from outside the company. This
type of threat poses a bigger danger to our security as it would be harder to track down the
perpetrator and, because the software often used is hidden, it is harder to know when an attack has
occurred. To counter this threat, we will need to implement both hardware and software security -
these take the shape of anti-virus software and firewalls. On our systems we will need to use anti-
virus software as this will allow us to detect and destroy any computer virus. This is important as
viruses would destroy or steal data, and corrupt the computer system, so it is integral to use such
software to protect the confidential information we hold. To insure the highest protection against
Unit 7: IT Systems Security and Encryption
to protect against security
threats
Introduction
In this document I will be evaluating the effectiveness of the techniques used to protect our
organisation from security threats. The principles of information security and the legal requirements
are also important and will be considered in this document.
Security threats
There are a number of threats the company could face and we will need to use effective methods to
stop/mitigate the effects of them. Internal threats, such as employees gaining access to highly
confidential information, need to be prevented as if the banking details got into the wrong hands
they could be used for fraudulent activities. There are two main techniques which could be used to
protect against this type of attack, these are: having passwords and codes on certain files (File/folder
access controls) to protect files on the company network and having an access control system for
staff so that only certain employees can enter rooms which contain highly confidential information
customers private and banking details. Both these methods are classed as physical security and can
protect against security threats as they restrict the number of people who have access to this data,
meaning if someone just walked into the company building they wouldn’t have access to anything,
whilst only authorised staff members would have access to the data. To further improve the physical
security, we could install CCTV cameras around our building and offices, so that we could monitor
our site 24 hours a day, whilst having automatic
locking doors (part of the access control) on the server
room would prevent any damage or theft of the data
inside that room.
Physical Security: 8/10 | Overall, these methods of
physical security will be effective in protecting against
security threats as they will mitigate the chances of
someone, who shouldn’t have access to information,
looking or gaining data. They also meet the
requirements of the principles of confidentiality and availability but could be prone to social
engineering; for example, an employee getting manipulated into giving his password or information
about clients away.
An additional threat includes external threats - those which come from outside the company. This
type of threat poses a bigger danger to our security as it would be harder to track down the
perpetrator and, because the software often used is hidden, it is harder to know when an attack has
occurred. To counter this threat, we will need to implement both hardware and software security -
these take the shape of anti-virus software and firewalls. On our systems we will need to use anti-
virus software as this will allow us to detect and destroy any computer virus. This is important as
viruses would destroy or steal data, and corrupt the computer system, so it is integral to use such
software to protect the confidential information we hold. To insure the highest protection against
Unit 7: IT Systems Security and Encryption
