COMPUTER SECURITY RISK

Definition of computer security risk:

Any event or action that could cause a loss of or damage to computer hardware, software, data, information or processing capability.

MALICIOUS CODE

•Malicious code is code causing damage to a computer or system. It is code not easily or

solely controlled through the use of anti-virus tools.

•Malicious code can either activate itself or be like a virus requiring user to perform an

action, such as clicking on something or opening an email attachment.

*Computer Virus

•Definition : A computer virus is a potentially damaging computer program that affects or

infects, a computer negatively by altering the way the computer works without the user’s

knowledge or permission.

•A computer virus attaches itself to a program or file enabling it to spread from one

computer to another, leaving infections as it travels

•It may damage files and system software, including the operating system.

*Worm

•A worm is a program that copies itself repeatedly.

•For example in memory or on a network, using up resources and possibly shutting down

the computer or network.

•Worms spread from computer to computer, but unlike a virus, it has the capability to travel

without any human action.

*Trojan Horse

•A program that hides within or looks like a legitimate program. It does not replicate itself to

other computers.

•At first glance will appear to be useful software but will actually do damage once installed

or run on your computer.

•Examples: It can change your desktop, adding silly active desktop icons or they can cause

serious damage by deleting files and destroying information on your system.

•Examples: Netbus, Back Orifice, Subseven, Beast 

Unauthorized access & use

•To help prevent unauthorized access and use, they should have a written acceptable use

policy (AUP) that outlines the computer activities for which the computer and network may

and may not be used.

•An access control is a security measure that defines who can access a computer, when

they can access it, and what actions they can take while accessing the computer.

•Many systems implement access controls using a two-phase process called identification

and authentication.

•Identification verifies that an individual is a valid user.

HARDWARE THEFT

•Hardware theft is the act of stealing computer equipment.

•Hardware vandalism is the act of defacing or destroying computer equipment.

•Companies, schools, and other organizations that house many computers, however, are at

risk of hardware theft.

•Safeguards against Hardware Theft and Vandalism:

  -physical access controls, such as locked doors and windows

  -install alarm systems in their buildings

  -physical security devices such as cables that lock the equipment to a desk.

SOFTWARE THEFT

•Software theft occurs when someone:

  -Steals software media

  -Intentionally erases programs

  -Illegally copies a program

  -Illegally registers and/or activates a program.

•Steals software media involves a perpetrator physically stealing the media that contain the

software or the hardware that contains the media.

•Intentionally erases programs can occur when a programmer is terminated from, or stops

working for a company.

•Although the programs are company property, some dishonest programmers intentionally

remove or disable the  programs they have written from company computers.

INFORMATION THEFT

•Information theft occurs when someone steals personal or confidential information.

•If stolen, the loss of information can cause as much damage as (if not more than) hardware

or software theft.

•An unethical company executive may steal or buy stolen information to learn about a

competitor.

•A corrupt individual may steal credit card numbers to make fraudulent purchases.

SYSTEM FAILURE

•A system failure is the prolonged malfunction of a computer.

•Can cause loss of hardware, software, data, or information.

•These include aging hardware; natural disasters such as fires, floods, or hurricanes;

random events such as electrical power  problems; and even errors in computer programs.

SECURITY MEASURE

What is security measure?

The precautionary measures taken toward possible danger or damage.

DATA BACKUP

•A data backup is the result of copying or archiving files and folders for the purpose oF

being able to restore them in case of data loss.

•Data loss can be caused by many things ranging from computer viruses, hardware

failures, file corruption, system failure or theft.

•If you are responsible for business data, a loss may involve critical financial, customer,

and company data.

•If the data is on a personal computer, you could lose financial data and other key files,

pictures, music and others that would be hard to replace.

CRYPTOGRAPHY

*Cryptography is technology of encoding information so it can only be read by authorized

individuals.

*Encryption is process of converting readable data into unreadable characters to

prevent unauthorized access.

*Decryption is process to recorded encrypted data.

How…

-To read the data, you must decrypt it into readable form.

-The unencrypted data is called plain text.

-The encrypted data is called cipher text.

-To encrypt, plain text converted into cipher text using an encryption key.

Importance…

-The process of proving one's identity.

-Ensuring that no one can read the message except the intended receiver.

-Assuring the receiver that the received message has not been altered in anyway

from the original.

-A mechanism to prove that the sender really sent this message.

ANTI-VIRUS

•Anti-virus software is a program or set of programs that are designed to

prevent, search for, detect and remove software viruses and other malicious software

like worms, Trojan horses, adware and more.

•If and when a virus is detected, the computer displays a warning asking

what action should be done, often giving the options to remove, ignore, or move the file to

the vault.

•If a virus infected a computer without an antivirus program, it may delete

files, prevent access to files, send spam, spy on you, or perform other

malicious actions.

•Examples: Norton anti-virus, AVG anti-virus, Kaspersky anti-virus

ANTI-SPYWARE

•Anti-spyware is a type of software that is designed to detect and remove unwanted

spyware programs.

•Anti-spyware software can be used to find and remove spyware that has already been

installed on the user's computer.

•OR it can act much like an anti-virus program by providing real-time protection and

preventing spyware from being downloaded in the first place.

•Examples :

 -Spyware Blaster

-Spy Sweeper

FIREWALL

•A firewall is a system designed to prevent unauthorized access to or from a private

network.

•A firewall can be implement either through hardware or software form, or a combination

of both.

•Firewalls prevent unauthorized Internet users from accessing private networks

connected to the Internet, especially intranets.

•All messages entering or leaving the intranet (i.e., the local network to which you are

connected) must pass through the firewall, which examines each message and blocks those

that do not meet the specified rules/security criteria.

•Rules will decide who can connect to the internet, what kind of connections can be made,

which or what kind of files can be transmitted in out.

PHYSICAL ACCES CONTROL

•Lock your laptop whether you're at home, in a dorm, in an office, or sitting in a coffee

shop, use a security device, such as a laptop security cable.

•Lock doors and windows, usually adequate to protect the equipment.

•Put the access code at the door to enter the computer room or your office.

•Put the CCTV (closed-circuit television) in your office or computer room.

•Make a policies who can access the computer room or your data center.

AREAS OF COMPUTER ETHICS

WHAT IS COMPUTER ETHICS ?

The moral guidelines that govern the use of computers, mobile devices and information systems.

AREAS OF COMPUTER ETHICS :

·         Information accuracy

·         Green computing

·         Codes of conduct

·         Intelectual property

·         Information privacy

INFORMATION ACCURACY

·         One of the concern because many users access information maintained by other people or companies, such as on the Internet.

·         Do not assume all the information on the Web is correct.

·         Users should evaluate the value of a Web page before relying on its content.

·         Be aware that the organization providing access to the information may not be the creator of the information.

GREEN COMPUTING

Green computing is the environmentally responsible and eco-friendly use of computers and their resources. In broader terms, it is also defined as the study of designing, manufacturing/engineering, using and disposing of computing devices in a way that reduces their environmental impact.

•       Involves reducing the electricity and environmental waste while using a computer.

•       Society has become aware of this waste and is taking measures to combat it.

•       Some of the actions that has been taken:

i)         Using energy- efficient devices that require little power when   they are not in use.

ii)       Buy computers with low power consumption processors and power supplies.

iii)     When possible, use outside air to cool the data center.

•       Average computer users can employ the following general tactics to make their computing usage more green:

i)        Use the hibernate or sleep mode when away from a computer for extended periods.

ii)       Use flat-screen or LCD monitors, instead of conventional cathode ray tube (CRT) monitors.

iii)     Buy energy efficient notebook computers, instead of desktop computers.

iv)     Activate the power management features for controlling energy consumption.

v)       Turn off computers at the end of each day.

vi)     Refill printer cartridges, rather than buying new ones.

CODES OF CONDUCT

Written guideline that helps determine whether a specific action is ethical/unethical or allowed/not allowed.

INTELECTUAL PROPERTY

·         Unique and original works such as ideas, inventions, literary and artistic works, processes, names and logos.Or, refers to creations of the mind: inventions, literary and artistic works, and symbols, names, images, and designs used in commerce.Intellectual property rights are the rights to which creators are entitled for their work.

i)    PATENT

a)       A patent is a set of exclusive rights granted by a government to an inventor or applicant for a limited amount of time (normally 20 years from the filing date).

b)      It is a legal document defining ownership of a particular area of new technology.

c)       Invention - a product or a process that provides a new way of doing something, or offers a new technical solution to a problem.

d)      The right granted by a patent excludes all others from making, using, or selling an invention or products made by an invented process. 

     

ii)       TRADEMARK

a)       Trademark is a word, phrase, symbol, design, combination of letters or numbers, or other device that identifies and distinguishes products and services in the marketplace.

b)      Or a distinctive sign which identifies certain goods or services.

c)       Or can be any distinctive name or logo.

d)      Examples of well-known Trademarks are:

Coca-Cola ,Samsung,The Apple logo ,The Nike “swoosh”.

iii)     COPYRIGHT

a)       Protection provided to the authors of “original works” and includes such things as literary, dramatic, musical, artistic, and certain other intellectual creations, both published and unpublished.

b)      Copyright is an exclusive right and gives its creator, or owner :

#  To reproduce the copyrighted work

#  To prepare derivative works

#  To distribute and sell any copies of the copyrighted work

# To perform or display the copyrighted work publicly

IMPORTANT OD INTELECTUAL PROPERTY

*  To protect any original work that created by individual person/ company for example,

image, drawing, lyric, publishing and so on.

*  Preserve the features and processes that make things work. This lets inventors profit from their inventions

INFORMATION PRIVACY

-  The right of individuals and companies to deny or restrict the collection, use, and dissemination of information about them.

-  The privacy of personal information and usually relates to personal data stored on computer systems.

- The need to maintain information privacy is applicable to collected personal information such as medical records, financial data, criminal records, political records, business related information or website data.

-  Information privacy is also known as data privacy