COURSE: Computer Applications



Syllabus Focus: Unit 1 Module 2 Content 15Specific Objective 15: explain the meaning of terms related to the security of Information Technology Systems;Content: For example, data security, passwords, authentication, encryption, data IC: Computer SecurityComputer SecurityComputer security involves the prevention of unauthorized modification, disclosure or destruction of data and the maintenance of uninterrupted computing services.General RisksRisks to computers come from a variety of sources, including:Human errorTechnical ErrorVirusNatural DisastersUnauthorized access and useTheft and vandalismCategories of Computer RisksHuman Error – The mistakes staff and other people make are a treat. E.g. inputting a transaction to the wrong account, key an incorrect value, forgetting to check if a back up has completely properly. Incorrect data prevents the system from operating, as it should.Technical Error – Hardware, software, and storage media faults. Hardware failure has the potential to prevent the system from operating. A software fault (bug) may slow down the system. A major software fault must be corrected. A faulty disk is likely to prevent the system retrieving data held on it.Virus – A virus is a small piece of software that performs unauthorized actions and which replicates itself. They may damage files or attempt to destroy files and damage hard disks.Natural Disasters – In some areas flooding is a natural risk, e.g. towns near rivers or coasts. Wind and rain can cause substantial damage to buildings. Flooding and lightning, pose a treat to power supplies. Power surges may occur when services are restored which may affect computer operations. Earthquakes may damage buildings that house computers.Unauthorized Access and Use – Hackers attempt to gain unauthorized access to computer systems. They may attempt to damage the system or steal information. Hackers use tools like electronic number generators and software, which enables rapid password attempts. Data that is transmitted across telecommunications links is exposed to the risk of being intercepted or examined during transmission. This is called eavesdropping.Theft and Vandalism – Computer theft may be carried out by staff or intruders. Other theft risks includes: chip theft, theft of storage media e.g. CD-Rs, theft or unauthorized copying of company software, theft of commercially valuable data (either by hackers or unauthorized users).Risk ManagementRisk management involves putting in place measures and controls to ensure computer security is maintained. Organizations should take steps to minimize or control the possible impact of risks to computer systems.Types of Risk Management or ControlsAccess codes and passwords (Logical Access Controls) – Prevents actual entry to computer system software and data. Examples include:Passwords required to log on or gain access to certain files or functions. Users should be required to log of before they leave their PC. PCs should have protected screensavers that automatically activate on idle machines.Audit Trails – A record showing who has accessed a computer system and what operations he/she has performed during a given period of time. Audit trails are useful both for maintaing security and for recovering lost transactions. Most accounting systems and database management systems include audit trail component. In addition, there are separate audit trail software products that enable network administrators to monitor use of network resources.Log Systems – A file that lists actions that have occurred. For example, web servers maintain log files listing every request made to the server. With log file analysis tools, it’s possible to get a good idea of where visitors are coming from, how often they return, and how they navigate through a site.In addition, a log of all equipment should be maintained. Staff allocated portable equipment such as laptops should sign acknowledging responsibility for the equipment. The log and booking procedures aim to reduce the likelihood of theft by people who have official access to equipment.Anti- virus software – This protects data against viruses. Anti-virus software such as McAfee or Norton’s searches the system for viruses and removes them. Updated anti-virus software should be on the system.Encryption – This involves scrambling the data at one end of the line, transmitting the scrambled data, and unscrambling it at the receiver’s end of the line. Thus, the person intercepting the scrambled message is less likely to make sense of it. Data that is sent across telecommunication lines is exposed to the risk of being intercepted or read during transmission. Encryption is used to reduce this risk.Physical security measures – Unauthorized access to equipment or systems can by controlled by restricting physical access to buildings. Physical access controls are used to minimize the risks of theft and malicious damage to computer systems. Physical access controls include:Personnel (security guards).Personal identification numbers (PINs) can be required to be keyed in to gain entry to the building and/or areas. PINs can be used in conjunction with a magnetic stripe card or a smart card.Door locks (key operated or combination).Magnetic strip cards or smart cards.Closed circuit television (CCTV) allows movement to be monitored.Burglar alarms may deter intruders outside of office hours.Biometrics – systems used to identify individuals through the use of fingerprints or retina scans. However, these are too expensive for most organizations.Backup and recovery procedures – A copy of a file or files held on an alternative storage medium (e.g. a disk or tape). Back ups are held as a precaution in case the file(s) in use become damaged or unable to be used. Making a back up of files enable recovery in the case of future failure or corruption.Loss of, or damage to, data or program file can severely disrupt computerized systems. Files can be physically deleted, and it is also possible for a file to become corrupted (changed in unintended way). A file may also be physically damaged and become unreadable. It is important, therefore that a usable copy of a file can be restored from back up.Most operating systems include back up utility for creating back ups. There is also specialized back up software available to allow easy establishment and performance of back up routines.With networks and larger systems back-up utility can be set to back up everything or certain selected files, automatically, at a regular time each day e.g. midnight. At least some back up copies should be stored off site. In the case of a fire or a burglary at business premises the back up copies will not be damaged. Some organizations keep one set of back up on-site (for speed of access) and a second set at a separate location. Back up data can also be stored in fireproof cabinets.Some organizations Archive data. This is the process of moving (by copying) data from the hard disk, to tape or other portable media for long term storage.Making duplicate copies of files (back up) reduces the risk of loss of data from natural disasters, theft of data, corrupted data, human error, deletion of files.RisksRisk Management TechniquesHuman ErrorInput ControlsBackupTechnical Error (Hardware, software and storage media faults)Ensuring the system installed is capable of performing the tasks required. Testing the system.Securely store and handle storage media such as floppy disk, Zip disks and CDs with care.Protect CDs form dust, scratches and fingerprints.Floppy disks labels should be written on before being stuck on to the disk.Floppy disks are “magnetic” disks. They should not be exposed to magnets.Protect tapes form magnets, heat and liquid.BackupVirusCurrent antiviral software.Establish controls over the use of diskettes.Download software and files from only trusted sources.Scan files before downloading.Back upNatural DisastersChoosing suitable location of the company buildings away from flood prone areas.Generator Uninterrupted Power Supply (UPS)Back upUnauthorized Access and UseAccess codes and passwordsEncryptionPhysical security measuresAudit TrailsLog systemsTheft and VandalismPhysical security measures e.g. security guards, PINs, door locks, smart cards, CCTV, burglar alarms, biometrics.Fire, Terrorism and other major incidentsFire safety plan – plan to prevent fire, detect fire and put out the fire.Site preparation (appropriate building materials, fire doors)Detection e.g. smoke detectors.Extinguishing e.g. sprinklers.Training for staff in observing fire safety procedures.Reference: Information for Management Control - CATExerciseIdentify three computer risks, apart from the risks identified on this lecture sheet.Analyze the following situation and propose appropriate risk management solutions where needed.(i). Your department is located in an open-plan office. The office contains five networked desktop PCs and two laser printers.You have just read an article suggesting the best form of security is to lock hardware away in fireproof cabinets, but you feel this is impractical. Make three (3) suggestions of alternative security measures that you may adopt to protect the hardware and data held on the system.Create a private file. Create a password to open and another password to modify the document.Assignment1. Your company is reviewing all areas of computer operations and the associated risks. You realize that no one has considered the risks of fire or flooding. Make recommendations of the risk management techniques you consider relevant to these areas. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download