Definition of computer security risk:
Any event or action that could cause a loss of or damage to computer hardware, software, data, information or processing capability.
Malicious Code
• Malicious code is code causing damage to a computer or system. It is code not easily or solely controlled through the use of anti-virus tools.
• Malicious code can either activate itself or be like a virus requiring user to perform an action, such as clicking on something or opening an email attachment.
Example :
- Worm - A worm is a program that copies
itself repeatedly. Worms
spread from computer to computer, but unlike a virus, it has the capability to
travel without
any human action.
- Trojan Horse - A program that hides within or looks like a legitimate program. It does not replicate itself to other computers. At first glance will appear to be useful software but will actually do damage once installed or run on your computer.
- Computer Virus - A computer virus is a potentially damaging computer program that affects or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
Unauthorized Access and Use
- Unauthorized Access- The use of a computer or network without permission.
- Unthorized Use - The use of a computer or its data for unapproved or possibly illegal activities.
- To help prevent unauthorized access and use, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.
- Many systems implement access controls using a two-phase process called identification and authentication.
- Identification verifies that an individual is a valid use.
- An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.
Software Theft
Software theft occurs when someone:
-Steals software media
-Intentionally erases programs
-Illegally copies a program
-Illegally registers and/or activates a program.
- Although the programs are company property, some dishonest programmers intentionally remove or disable the programs they have written from company computers.
- Intentionally erases programs can occur when a programmer is terminated from, or stops working for a company.
- Steals software media involves a perpetrator physically stealing the media that contain the software or the hardware that contains the media.
HardwareTheft
- Hardware theft is the act of stealing computer equipment.
- Hardware vandalism is the act of defacing or destroying computer equipment.
- Companies, schools, and other organizations that house many computers, however, are at risk of hardware theft.
Information Theft
- Information theft occurs when someone steals personal or confidential information.
- If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.
- An unethical company executive may steal or buy stolen information to learn about a competitor.
- A corrupt individual may steal credit card numbers to make fraudulent purchases.
System Failure
- A system failure is the prolonged malfunction of a computer.
- Can cause loss of hardware, software, data, or information.
- These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.
Security Measure
Definition of security measures:
- The precautionary measures taken toward possible danger or damage.
1. Data backup
- A data backup is the result of copying or archiving files and folders for the purpose of being able to restore them in case of data loss.
- Data loss can be caused by many things ranging from computer viruses, hardware failures, file corruption, system failure or theft.
- If you are responsible for business data, a loss may involve critical financial, customer, and company data.
- If the data is on a personal computer, you could lose financial data and other key files, pictures, music and others that would be hard to replace.
2. Cryptography
3. Anti-Virus
- Anti-virus software is a program or set of programs that are designed to prevent, search for, detect and remove software viruses and other malicious software like worms, Trojan horses, adware and more.
- If and when a virus is detected, the computer displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the vault.
- If a virus infected a computer without an antivirus program, it may delete files, prevent access to files, send spam, spy on you, or perform other malicious actions.
- Examples: Norton anti-virus, AVG anti-virus, Kaspersky anti-virus
4. Anti-Spyware
- Spyware is a type of malware that is installed on a computer without the user's knowledge in order to collect information about them.
- Once installed, spyware can degrades system performance by taking up processing power, installing additional software, or redirecting users' browser activity.
- It also can monitors user activity on the Internet and transmits that information in the background to someone else.
- Spyware can also gather information about email addresses and even passwords and credit card numbers.
5. Firewall
- A firewall is a system designed to prevent unauthorized access to or from a private network.
- A firewall can be implement either through hardware or software form, or a combination of both.
- Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
- All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified rules/security criteria.
- Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out.
6. Physical Access Control
- Lock your laptop whether you're at home, in a dorm, in an office, or sitting in a coffee shop, use a security device, such as a laptop security cable.
- Lock doors and windows, usually adequate to protect the equipment.
- Put the access code at the door to enter the computer room or your office.
- Put the CCTV (closed-circuit television) in your office or computer room.
- Make a policies who can access the computer room or your data center.
7. Human Aspects : awareness
Ethics - Be a good cyber citizen
- Do not engage in inappropriate conduct, such as cyber bullying, cyber stalking or rude and offensive behavior.
- Do not use someone else's password or other identifying information.
Lock it when you leave.
- It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.
- Set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.
Phishing Emails
- Never respond to requests for personal information via email. Businesses will never ask for personal information in an email.
- Do not enter personal information in a pop-up screen.
Dispose of Information Properly
- Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, health records.
- Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices
Protect data on mobile devices
- Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Never use the same password for multiple devices or accounts.
- Store your portable devices securely. When not in use, store devices out of sight and when possible in a locked drawer or cabinet.
Expose employees or staff to computer security.
Make a routine check to update from new virus, worm or other malicious threat.
No comments:
Post a Comment