Criminal threats to IT infrastructure
(a) False data input:
The falsification of the data input is a major threat to IT infrastructure. This threat may arise from:
(i) Unreasonable or inconsistent data, or
(ii) Changes in the keyed-in data, or
(iii) Misinterpretation of input type ( e.g. payment recorded as receipt), or
(iv) Unauthorised addition, deletion or modification of data elements or whole records, or
(v) Improper use of error correction procedures.
Such threats endanger the integrity and safety of data and normally cause direct financial loss to the enterprise.
(b) Misuse of IT infrastructure:
Misuse of IT infrastructure may be as serious as sale of classified information to competitors or other adversaries of the enterprise or as moderate as use of computer hardware for personal data processing activity. Selling information or program listing of files and destruction or modification of information not for gain are other examples of misuse of IT infrastructure.
(c) Unauthorised access:
Most of the abuse of IT infrastructure is possible only through bypass of in-built access permissions. The breach of access security system is a major threat because it not only causes damage to IT infrastructure, but also makes the task of establishing responsibility for the damage impossible as the access is normally achieved by misrepresenting the identity of the user.
Theft of data files, unauthorised access to terminals or systems through remote log in, cracking of password and other methods can pose a serious threat to security of IT infrastructure.
(d) Ineffective security measures:
Inadequate security measures and ineffective implementation of these measures increase the vulnerability of the system. Poor definition of access permissions, inadequate or incomplete follow up on security violations and lack of adequate control over sensitive data can increase the threat to IT infrastructure.
(e) Operational lapses:
Sometimes, the IT infrastructure is threatened by poor handling of basic housekeeping procedures on various elements. The stories of system failures immediately after preventive maintenance or data loss during periodic disk check or relocation of data are very commonly heard. Even minor mistakes as mislabeling of storage media and failure to erase sensitive or redundant data can pose a serious threat to the security of IT infrastructure.
(f) System development process:
Many threats to security emanate from the security lapses during the software development stage. Wrong testing, inadequate control over the changes during and after testing and implementation of the system may expose the IT infrastructure to serious security risks.
(g) Communication traffic jams:
The increasing traffic of data communication is exposing IT infrastructure to greater risks of failures of control over the communication systems. Poor identification, verification and authentication are matters of serious concern for both communication experts and information system users. As the saying goes ‘you can never be sure that the system is safe if it is hooked on a network, the only thing that you can say with surety is that it is unsafe.’
A combination of threats to security defines the vulnerability of the system and in most of cases the vulnerable parts of IT infrastructure are subjected to abuse by different types of persons. The attacks on IT infrastructure may also be termed as computer abuse.