TYPES OF COMPUTER SECURITY RISKS AND SECURITY MEASURE

Types of Computer Security Risks

Definition of computer security risk:

Any event or action that could cause a loss of or damage to computer hardware, software, data, information or processing capability.

Malicious Code

    •   Malicious code is code causing damage to a computer or system. It is code not easily or solely controlled through the use of anti-virus tools.

   •   Malicious code can either activate itself or be like a virus requiring user to perform an action, such as clicking on something or opening an email attachment.

Example : 

•          Worm - A worm is a program that copies itself repeatedly. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.
•          Trojan Horse - A program that hides within or looks like a legitimate program. It does not replicate itself to other computers. At first glance will appear to be useful software but will actually do damage once installed or run on your computer.
•          Computer Virus - A computer virus is a potentially damaging computer program that affects or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
• 
  

Unauthorized Access and Use

•          Unauthorized Access- The use of a computer or network without permission.
•       Unthorized Use - The use of a computer or its data for unapproved or possibly illegal activities.
•       To help prevent unauthorized access and use, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.
•        Many systems implement access controls using a two-phase process called identification and authentication.
•          Identification verifies that an individual is a valid use.
•         An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.

Software Theft

Software theft occurs when someone:

                   -Steals software media

-Intentionally erases programs

-Illegally copies a program

-Illegally registers and/or activates a program.

•          Although the programs are company property, some dishonest programmers intentionally remove or disable the  programs they have written from company computers.
•          Intentionally erases programs can occur when a programmer is terminated from, or stops working for a company.
•          Steals software media involves a perpetrator physically stealing the media that contain the software or the hardware that contains the media.

HardwareTheft

•          Hardware theft is the act of stealing computer equipment.
•          Hardware vandalism is the act of defacing or destroying computer equipment.
•         Companies, schools, and other organizations that house many computers, however, are at risk of hardware theft.

Information Theft

•          Information theft occurs when someone steals personal or confidential information.
•          If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.
•          An unethical company executive may steal or buy stolen information to learn about a competitor.
•          A corrupt individual may steal credit card numbers to make fraudulent purchases.

System Failure

•          A system failure is the prolonged malfunction of a computer.
•          Can cause loss of hardware, software, data, or information.
•          These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power  problems; and even errors in computer programs.
• 
  
• 
  

Security Measure

Definition of security measures:

•         The precautionary measures taken toward possible danger or damage.

1. Data backup

•          A data backup is the result of copying or archiving files and folders for the purpose of being able to restore them in case of data loss.
•          Data loss can be caused by many things ranging from computer viruses, hardware failures, file corruption, system failure or theft.
•          If you are responsible for business data, a loss may involve critical financial, customer, and company data.
•          If the data is on a personal computer, you could lose financial data and other key files, pictures, music and others that would be hard to replace.

2. Cryptography

3. Anti-Virus

•          Anti-virus software is a program or set of programs that are designed to prevent, search for, detect and remove software viruses and other malicious software like worms, Trojan horses, adware and more.
•          If and when a virus is detected, the computer displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the vault.
•          If a virus infected a computer without an antivirus program, it may delete files, prevent access to files, send spam, spy on you, or perform other malicious actions.
•          Examples: Norton anti-virus, AVG anti-virus, Kaspersky anti-virus
• 
  

4. Anti-Spyware

•          Spyware is a type of malware that is installed on a computer without the user's knowledge in order to collect information about them.
•          Once installed, spyware can degrades system performance by taking up processing power, installing additional software, or redirecting users' browser activity.
•          It also can monitors user activity on the Internet and transmits that information in the background to someone else. 
•          Spyware can also gather information about email addresses and even passwords and credit card numbers.

5. Firewall

•          A firewall is a system designed to prevent unauthorized access to or from a private network. 
• 
  
•          A firewall can be implement either through hardware or software form, or a combination of both. 
• 
  
•          Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. 
• 
  
•          All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified rules/security criteria.
• 
  
•          Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out.
• 
  
• 
  

6. Physical Access Control

•          Lock your laptop whether you're at home, in a dorm, in an office, or sitting in a coffee shop, use a security device, such as a laptop security cable.
• 
  
•          Lock doors and windows, usually adequate to protect the equipment.
• 
  
•          Put the access code at the door to enter the computer room or your office.
• 
  
•          Put the CCTV (closed-circuit television) in your office or computer room.
• 
  
•          Make a policies who can access the computer room or your data center.
• 
  

7. Human Aspects : awareness

 Ethics - Be a good cyber citizen

•          Do not engage in inappropriate conduct, such as cyber bullying, cyber stalking or rude and offensive behavior. 
•          Do not use someone else's password or other identifying information. 

Lock it when you leave.

•          It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk. 
•          Set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.

Phishing Emails

•          Never respond to requests for personal information via email. Businesses will never ask for personal information in an email. 
•          Do not enter personal information in a pop-up screen.

Dispose of Information Properly

•          Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, health records.
•          Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices

Protect data on mobile devices

•          Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Never use the same password for multiple devices or accounts. 
•          Store your portable devices securely. When not in use, store devices out of sight and when possible in a locked drawer or cabinet.

Expose employees or staff to computer security.

Make a routine check to update from new virus, worm or other malicious threat.

• 
  
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  

RULES OF NETIQUETTE AND AREAS OF COMPUTER ETHICS

Rules of Netiquette

•         Netiquette, or net etiquette, refers to etiquette on the Internet. 
•         Is the code of acceptable behaviours users should follow while on the Internet or online or cyberspace.
•         It is the conduct expected of individuals while online.
•         Rules for all aspects of the:

           -World Wide Web

           -E-mail

           -Instant Messaging

           -Chat rooms

           -Newsgroups & message board

When does the rules apply? 

Anytime when you are using…

•Chatting online 

•Using email

•Posting to a discussion

•Blogging

•Playing online games

•Social media

•Using web

•Internet messaging

•FTP

Areas Of Computer Ethics

Definition of Computer Ethics:

•      The moral guidelines that govern the use of computers, mobile devices and information systems.

Information Accuracy

•        One of the concern because many users access information maintained by other people or companies, such as on the Internet.
•          Do not assume all the information on the Web is correct.
•          Users should evaluate the value of a Web page before relying on its content
•         Be aware that the organization providing access to the information may not be the creator of the information.

Green Computing

•      Green computing is the environmentally responsible and eco-friendly use of computers and their resources. In broader terms, it is also defined as the study of designing, manufacturing/engineering, using and disposing of computing devices in a way that reduces their environmental impact.
•         Involves reducing the electricity and environmental waste while using a computer.
•         Society has become aware of this waste and is taking measures to combat it.

Codes of Conduct

•           Written guideline that helps determine whether a specific action is ethical/unethical or allowed/not allowed.

Information Technology

•          The right of individuals and companies to deny or restrict the collection, use, and dissemination of information about them.
•         The privacy of personal information and usually relates to personal data stored on computer systems.
•         The need to maintain information privacy is applicable to collected personal information such as medical records, financial data, criminal records, political records, business related information or website data.
•          Information privacy is also known as data privacy.

Intellectual Property

- To protect any original work that created by individual person/ company for example, image, drawing, lyric, publishing and so on. Preserve the features and processes that make things work. This lets inventors profit from their inventions.

•          Patent
•          Trademark
•          Copyright

Patent

•       A patent is a set of exclusive rights granted by a government to an inventor or applicant for a limited amount of time (normally 20 years from the filing date).
•          It is a legal document defining ownership of a particular area of new technology.
•         Invention - a product or a process that provides a new way of doing something, or offers a new technical solution to a problem.
•         The right granted by a patent excludes all others from making, using, or selling an invention or products made by an invented process. 

Trademark

•        Trademark is a word, phrase, symbol, design, combination of letters or numbers, or other device that identifies and distinguishes products and services in the marketplace.
•         Or a distinctive sign which identifies certain goods or services.
•         Or can be any distinctive name or logo.

Copyright

Definition:

•              Protection provided to the authors of “original works” and includes such things as literary, dramatic, musical, artistic, and certain other intellectual creations, both published and unpublished.

INTERNET SERVICE AND TYPE OF WEBSITE

Internet Services

1. World Wide Web (WWW)

 •The World Wide Web (WWW), or Web, consists of a worldwide collection of electronic documents.

 •Each electronic document on the Web is called a Web page which can contain text, graphics, animation, audio, and video. 

2. E-mail 

•         The transmission of messages and files via a computer network
•         An e-mail address is a unique name that consists of a user name and domain name that identifies the user. 
•         Basic form of an email address is :  username@hostname.subdomain.domain
•         Example: hazmira88@gmail.com
• 
  

3. Instant Messaging

•          A real-time Internet communications service that notifies you when one or more people are online and allows you to exchange messages or files or join a private chat room with them.
•         For IM to work, both parties must be online at the same time.

4.Voice Over Internet Protocol (VoIP)

•         VoIP , a technology for making telephone calls over the Internet in which speech sounds are converted into binary data.
•         To connect a calling party to one or more local or long distance called parties.
• 
  

5. Message Board 

              • Type of discussion group.

                 • Many web sites use message boards because they are easier to use.

                  • Also known as discussion group, discussion forum and online forum.

                  • A general term for any online "bulletin board" where you can leave and expect to see                  responses to messages you have left.

                  • A popular Web-based type of discussion group that does not require a newsreader.

6. File Transfer Protocol (FTP)

•         FTP is one method, users have to transfer webpages files from their local machine to the server.
•      •   An FTP server is a computer that allows users to upload and/or download file using FTP.
•        An FTP site is a collection of file including text, graphics, audio clips, video clips and  program files that reside on an FTP server.
•       Some FTP sites restrict file transfers to those who have authorized accounts on the FTP server

Types Of Website

1. Portal

• A web site that offers variety of internet services from single, convenient location.
•         Most portals offers these free services:
  Ø Search engine
  Ø News
  Ø Sports and weather
  Ø Web publishing
  Ø Reference tools such as yellow pages, maps, shopping, and e-mail and other communication services.

2. Business 

•         Contains content that promotes or sells products or services.
•         Many of these enterprises also allow you to purchase their products or services online.
•         Examples: Pearl Haya Gallery, Anakku brand, Walt Disney Company  and Kraft Brands .

3. Blog 

•       An informal web site consisting of time-stamped articles, or posts in a diary or journal format, usually listed in reverse chronological order
•        Most blogs are interactive, allowing visitors to leave comments and even message each other via widgets on the blogs.
•         Many blogs provide commentary or news on a particular subject; others function as more personal online diaries.

4. Wiki

•         A collaborative web site that allows users to create, add to, modify, or delete the web site content via their web browser.
•         The difference between a wiki and blog is that users cannot modify original posts made by the blogger.
•         Visitors can also create new content and change the organization of existing content.
• The simplest wiki programs allow editing of text and hyperlinks only.
• More advanced wikis make it possible to add or change images, tables, and certain interactive components such as games.

                                                                

5. Online Social Network

• Encourages members in its online community to share their interests, ideas, stories, photos, music and videos with other registered users.
• Examples: Facebook, MySpace
•         A media sharing web site

              - a specific type of online social network that enables members to share media such as                   photos, music and videos.

WEB BROWSER

• A web browser, or browser is application software that allows users to access and view Web pages. 

• The purpose of web browser is to bring information resources to the user.

• With an Internet connection established, you start a Web browser.

• The browser retrieves and displays a starting Web page.

WEB ADDRESS

• A Web page has a unique address called URL (Uniform Resource Locator) or Web address.
  
   1 - Protocol

           2 - Domain name

           3 - Path 

             

           4 - Web page name

• The last component of web address not only webpage name, it can be file name.

• Examples:

           http://www.bankislam.biz/promote/index.htm

           http://www.sukasuki.my/promotional/image1.jpeg

WEB PAGE NAVIGATION

• Surfing the web - The activity of using links to explore the web.
• A link - Can be text or an image.
• Text links - May be underlined and/or displayed in a colour different from other text on the page 

                           - The colour of the link will change once the link has visited.

• Types of web page navigation: 

Hypertext	Hypermedia
Links in text-based documents	Combines text-based links with graphic, audio and video links

Tab Browsing 

• Most current web browsers support tabbed browsing.
• Tabbed browsing allows you to open and view multiple Web page in a single Web browser window.

WEB SEARCHING

• A primary reason that people use the Web is to search for specific information, including text, pictures, music and video.

• The first step in successful searching is to identify the main idea or concept in the topic about which you are seeking information.

• Types of search tools :

Search engine (keyword search)	Subject directory (directory search)
Finds information related to a specific topic	Classifies Web pages in an organized set of categories.

Search Engine

• Helpful in locating information for which you do not know an exact Web address or are not seeking a particular Web site. 

• A search engine is helpful in locating items such as: Images, Videos, Audios, Publications, Maps, People or Businesses and Blogs.

• A program rhat searches documents for specified keywords and returns a list of the documents where the keywords were found.

• Requires the users to enter a word or phrase, called search text or search query.

• Each word of the search text s known as keyword.

• Result of the search is called hits and can be in form of : web pages, articles, images, audio,videos, etc.

What is a hit ?

- Any Web site name that is listed as the result of a search.