Definition of computer security risk:
Any
event or action that could cause a loss
of or damage to
computer hardware, software, data, information or processing capability.
MALICIOUS CODE
•Malicious code is code causing damage
to a computer or system.
It is code not easily or
solely controlled through the use of anti-virus tools.
•Malicious
code can
either activate itself or be like a virus requiring user to perform an
action, such as clicking on something or
opening an email attachment.
*Computer Virus
•Definition : A computer virus is a potentially
damaging computer program that affects or
infects, a computer negatively by
altering the way the computer works without the user’s
knowledge or permission.
•A
computer virus attaches itself to a program or file enabling it to spread from
one
computer to another, leaving infections as it travels
•It
may damage
files and system software,
including the operating system.
*Worm
•A worm is a program that copies
itself repeatedly.
•For
example in memory or on a network, using up resources and possibly shutting
down
the computer or network.
•Worms
spread from computer to computer, but unlike a virus, it has the capability to
travel
without
any human action.
*Trojan Horse
•A
program that hides within or looks like a legitimate
program. It does
not replicate itself
to
other computers.
•At
first glance will appear to be useful software but will actually do
damage once installed
or run on your computer.
•Examples:
It can change
your desktop, adding silly active desktop icons
or they can cause
serious damage by deleting files and destroying
information on your system.
•Examples:
Netbus,
Back Orifice, Subseven,
Beast
Unauthorized
access & use
•To help prevent unauthorized access and use, they should have a written
acceptable use
policy (AUP) that outlines the computer activities for which the computer and network may
and may not be used.
•An access
control
is
a security measure that defines who
can access a computer, when
they can access it, and what actions they can take
while accessing the computer.
•Many systems implement access controls
using a two-phase process called identification
and authentication.
•Identification
verifies
that an individual is a valid user.
HARDWARE THEFT
•Hardware
theft is
the act of stealing computer equipment.
•Hardware
vandalism is
the act
of defacing or destroying computer equipment.
•Companies, schools, and other
organizations that house many computers, however, are at
risk of hardware
theft.
•Safeguards
against Hardware Theft and Vandalism:
-physical access controls, such as locked
doors and windows
-install alarm systems in
their buildings
-physical
security devices such as cables that lock the equipment to a
desk.
SOFTWARE THEFT
•Software theft occurs
when someone:
-Steals software media
-Intentionally erases programs
-Illegally copies a program
-Illegally registers and/or activates a
program.
•Steals software media involves
a perpetrator physically stealing the media that contain the
software or the
hardware that contains the media.
•Intentionally erases programs can
occur when a programmer is terminated from, or stops
working for a company.
•Although
the programs are company property, some dishonest
programmers intentionally
remove or disable the programs they have written from company
computers.
INFORMATION THEFT
•Information
theft occurs
when someone steals personal or
confidential information.
•If stolen, the loss of information
can cause as much damage
as (if not more than) hardware
or software theft.
•An unethical
company executive may steal
or buy stolen information to learn about a
competitor.
•A
corrupt individual may steal credit
card numbers to make fraudulent purchases.
SYSTEM FAILURE
•A system
failure is the prolonged malfunction of a
computer.
•Can cause loss of hardware, software, data, or information.
•These include aging hardware; natural
disasters such
as fires, floods, or hurricanes;
random events such as electrical power problems; and even errors in
computer programs.
No comments:
Post a Comment