جميع الحقوق محفوظة ـ اإلعتداء عىل حق املؤلف 52 بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية4-Access Risk: Unauthorized physical or logical access to the system, data . Results: result in theft or misuse of hardware, malicious software modifications, and theft, misuse, or destruction of data. Causes; lack of strong user access or authentication (as user name and passwords) use of smartphones to access, modify, and store corporate data and open use of wireless networks for guest access to business data 5-System Reliability and Information Integrity Risk: Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate, and/or untimely information. Results: In turn, the bad information produced by the system may adversely affect the decisions that are based on the information. Causes: software programming errors, weak edit or data verification controls, and unauthorized changes to software (bad authorization controls) 6-Confidentiality and Privacy Risk: Unauthorized disclosure of business partners’ proprietary information or individuals’ personal information. Result: in loss of business, lawsuits, negative press, and reputation impairment. Causes: for example, unimpeded access to system networks,software, and databases. (Bad authentication controls) 7-Fraud and Malicious Acts Risk: Theft of IT resources, intentional misuse of IT resources, or intentional distortion or destruction of information. Result: in financial losses and/or misstated information that decision-makers rely upon. Causes: disgruntled employees and hackers intent on harming the organization for personal gain. The IT risks described above are not mutually exclusive. For example, an information system may be unavailable (availability risk) due to hardware/software failures (hardware/software risk). Likewise, fraud and other malicious acts may cause any of the other risks.