The main risks in an electronic information system are the leak of confidential information to the wrong people, the willful destruction or non-authorized editing of data and the unavailability of information and critical systems. The most usual destructive actions a system could be subject to are: 1. Hacking, usually through the Internet or between networks, resulting in the theft of archives bearing sensitive material, or archives being changed or canceled illegally. 2. Spam e-mails that can spread a virus for the purpose of introducing malign codes into an organization’s computers in order to steal, alter or destroy data. 3. Use of exploits to attack upgraded systems. On the Internet there is information on hacking methods called exploits. 4. Links to specific websites. Some websites have malign codes (e.g. Java scripts, active-X) and if the target is unprotected, it is easy to infect and could result in financial losses, particularly if infected by a dialer program (sex websites). 5. Use of data loggers to record whatever is typed into the system, enabling the theft of passwords and entire texts. 6. Use of RAS (remote access server) used by staff members to receive their e-mails while outside headquarters, thereby opening up a entry point for hackers to the networks of corporations.