ICT

COMPUTER VULNERABILITY
Organisations must ensure their information systems are secure against various hazards,
both natural and man-made. Computer vulnerability is a weakness or flaw in one or more
computer systems, or connectivity to them, which can be used to gain access and damage
the system or its data. It includes hardware, software, data communications and users.
Vulnerabilities of systems and their data can be classified as external and internal. External
sources include natural disasters, lack of protection from electrical power surges and
spikes, and terrorist activities. Internal sources include errors by employees, no backup
procedures in place, hardware and software not kept in locked rooms, lack of anti-virus
programs, former employees whose passwords and security information have not been
removed from the system, and employees who attempt to fraudulently obtain money using
the company’s name.

THREATS AND SECURITY

A security threat is an attempt to take advantage of a vulnerability or weakness in a system
or its data. Computer security refers to the protection of hardware and software resources
against their accidental or deliberate damage, theft or corruption. Data security is the
protection of data against intentional or accidental damage. Computer users can represent
the greatest threat to a company’s computer system security, as only authorised persons
should have access to the computer systems. Each user is provided with a username and
password with which they log in to use network resources.

DELIBERATE DAMAGE
Hacking is the unauthorised access and use of networked or stand-alone computer systems
to steal or damage data and programs. Deliberate damage can occur when security
monitoring is not enforced. Network access logs should be maintained by network
administrators to observe the resources being used and the time of their logging in and
logging out. Software access restrictions are necessary to ensure system security is
maintained.
ACCIDENTAL DAMAGE
Accidental damage to computer data can occur through errors by users, as well as viruses
transferred from secondary storage devices or the Internet.
DATA COMMUNICATIONS
Cyber security focuses on stopping threats that attempt to access a computer or other
systems in the network via the Internet. It protects the network by maintaining logs on
attacks and attempted breaches, monitoring sources of attacks and protecting against
future ones. Cyber threats are unauthorised attempts to access a system, device and/or
network via the Internet.

Organisations gather information from a variety of sources, such as employees, customers,

suppliers and competitors. When people voluntarily provide information to organisations,
it is usually for a specific purpose. However, security breaches are common and the use of
information for purposes other than those for which it was originally intended is also
common. Agencies may provide mailing lists to other companies seeking potential clients,
for example, the names and addresses of persons between 18 and 25 earning above a given
salary level may be sold by a bank to an associated insurance agent. If a subscriber to a
computer magazine receives a letter from another company trying to sell them software,
they should have a choice as to whether their personal information is passed on.

PROPRIETARY DATA AND SOFTWARE

Organisations must protect their information systems and data by developing proprietary
data and software exclusively for them, which must be used by employees for day-to-day
operations. Organisations go to great lengths to protect the integrity and security of this
data.
COMPUTER FRAUD
Computerised systems have led to a rise in electronic transaction processing and the misuse
of information, leading to computer-based fraud. Examples show how information can be
misused.
PROPAGANDA
Computer systems have been used to spread both beneficial and harmful material, and the
widespread use of the Internet has created an accessible means of transmitting such
material. This propaganda can be used to sway public support in favour of one party group
or to discredit opposing groups.
IDENTITY THEFT
Criminals use computerised systems to steal people's credit card information, date of birth
and other personal details. They then use these details to make expensive purchases or
facilitate cash transfers. To prevent identity theft, it is important to check bank and credit
card statements for unusual purchases, use a secure website when making online
purchases, not make online purchases using a debit card, and not use public computer
systems to enter personal information
FINANCIAL ABUSE
Computer-based fraud involves gaining unauthorised access to financial accounts and
changing the details to their advantage, as well as setting up websites for companies that do
not exist to accept credit card payments.
PHISPHING ATTACKS
Phishing attacks involve the use of websites and email messages to trick people into
entering their personal information. Examples include emails asking for money to help
someone who will repay it later. It is important to ignore these messages, as they are
intended to steal money from you. Additionally, it is important to avoid downloading
attachments in email messages from senders that do not know as they may contain a virus
or malware that searches for passwords and other personal information.
DENIAL OF SERVICE ATTACK
A denial-of-service (DOS) attack occurs when computer systems or networks are
overwhelmed with too much data and processing that it makes it difficult or impossible for
legitimate users to access their computer systems, devices, or other network resources.
Signs of an attack include a decrease in network performance, difficulty or inability to
reach regularly accessed websites, and receiving lots of junk email. This results in an
inconvenience to a majority of users on the network, although the person who caused the
attack usually intended to sabotage only an organisation or individual.
ELECTRONIC EAVESDROPPING
Electronic eavesdropping is the use of electronic devices to monitor electronic
communications between two or more groups without the permission of any of the
communicating parties. This includes computer data communications, voice, fax, phone
and email. In some companies, it is the policy for all electronic communications to be
monitored, but when done by unauthorised persons, the threat of invasion of privacy
becomes real. It is a good idea to avoid transmitting sensitive information in electronic
form unless there is an encryption system in place.

Companies ensure their data is encrypted before it is transmitted, making it unreadable if

intercepted. The intended receiver will have the decryption key to decode and read the
data, but this is often not enough to stop the most persistent eavesdropper
SOFTWARE AND MUSIC PIRACY
Software programs and music files can be accessed online by users from anywhere in the
world, but are legally owned by individuals or organisations. There are rules or licences for
all programs and music specifying the permissions and limitations on how they should be
used. Therefore, when using an online program or listening to a song, there are restrictions
on what you can do with it. Software or music piracy is illegal use, sharing, selling or
distribution of copies of software or music, which prevents the rightful owners from
receiving the money due to them for their creative efforts.
UNAUTHORIZED ACCESS
Hacking is the attempt to electronically break into a system without authorised access. The
purpose of this activity varies, from game-playing to more destructive acts such as
electronic vandalism. Some hackers view their activities as a form of game-play, while
others target organisations they are antagonistic towards and commit acts of 'electronic
vandalism'.

Countermeasures are physical or logical procedures that reduce or eliminate a threat. Data
protection refers to computer users who can protect their data against loss or damage, and
data protection laws set down rules about what information can be kept by others. These
measures should be taken to prevent or minimise threats.

SURVEILANCE
Computer surveillance involves the use of technology to gather information from the user
and from the computer, often without the user’s knowledge. Common approaches to
physical security include closed-circuit TV monitors, electronic alarm systems, computer-
controlled locks, biometric recognition, and access codes. However, there are some negative
consequences of computer surveillance, such as loss of privacy for the user, lack of security,
potential misuse of information, difficulty in determining the source and scope of
surveillance activities, and limited measures to prevent computer surveillance. There are
several techniques for surveillance, including monitoring software and hardware devices.

MONITORING WITH UTILITY SOFTWARE

Messages can be monitored using utility software or a computer on the network, which can
observe all packets passing through the network. This is also known as 'packet sning'.
MONITORING WITH HARDWARE DEVICES
Bugs are physical or hardware devices that record keystrokes made by the user over a
period of time and can be retrieved. Other more sophisticated devices can be inserted into
the computer itself, but placement and retrieval requires physical entry into the place
where the computer is stored. This can be a legal obligation and a violation of privacy
without legal authorisation.
PROTECTION FROM NATURE
Data should be protected from natural disasters such as fire, storm damage, dust and
humidity. Organisations should use proof cabinets and safes to store critical data, and
computer systems should use electrical surge protectors to protect against electrical surges
and spikes. An uninterruptible power supply (UPS) can be used to minimise the effect of
power outages. Data protection should be backed up and a normal shutdown of the
hardware can be performed.
PROTECTION FROM THEFT
Schools should limit access to authorised persons and maintain records and logs of
computer usage to prevent theft of system units, peripherals, memory chips, hard drives,
CD and DVD drives, printers, inks and other accessories.
COMPUTER VIRUSES
A computer virus is a program that infects computer elements and makes them do
something unexpected or damaging. It is spread through email, USB memory sticks, and
other devices. There are three main types of virus: those that infect program elements,
those that infect system or boot elements, and macro viruses. A worm is an electronic
threat that does not require a host program in order to be transmitted. It can be
transmitted via email and can create infected email messages and send them to the
addresses saved on the infected computer.
PREVENTING VIRUSES
Virus protection programs are programs that scan a computer's data for harmful viruses
and protect from and intercept viruses attempting to infect data in system or application
software. The best way to protect a computer against viruses is to install anti-virus
software, turn on program virus protection, try to know the origin of each program or le
you use, and never open an email attachment that contains an executable le with an
extension EXE, COM or VBS. Anti-virus software can also be set up to automatically check
storage devices, Internet downloads and emails for any viruses.
PROTECTING FILES AND DATABASE
Databases are essential for organisations, so it is important to maintain backups and
archives of all critical data. Master and backup files should be stored in secure safes or
separate buildings away from the main computer centre.
BACKUPS AND ARCHIVES
Making backups of files is essential for businesses and organisations that depend on
databases. Files can become damaged, corrupted or even lost, so regular backing up is
essential to prevent this. If a file does become damaged or corrupted, the backup copy can
be restored or recovered, allowing business to continue as normal. How often backups are
made depends on the value of the information.
Most modern networks have software which automatically performs backups of data files
to magnetic tape or CD-RW. Backups can be performed after each work day, every other
day, or as often as deemed necessary. Some backups are also stored in a remote location to
protect against disasters. Users and companies buy online storage for easier access to data,
but data stored online is prone to deletion if the online storage company goes out of
business. An archive preserves data that you no longer need on a regular basis and can be
extracted if the need arises. For example, an organisation may preserve archives of past
ledgers, receipts and tax forms for future reference only.

NETWORK AND SECURITY

Companies use encryption or decryption techniques to protect data from cyber threats.
Users on a network can each be given a username with an individual password, which
prevents other users from accessing an individual's account, changing program settings, or
installing, copying, or deleting software. Other techniques include preventing virus attacks
through networks, email, or sharing secondary storage devices and media.
COPYRIGHT AND PIRACY
Copyright is the protection in law of the rights of the person(s) responsible for creating
something. Illegal copying and stealing of software costs the software industry millions of
dollars a year. A copyright law would make it a criminal offense to be caught copying or
stealing software, as well as to copy or distribute software without permission and run
copyright software that has been bought on two or more computers at the same time unless
the software agreement (licence) allows it. Intellectual Property Authorities in countries
would be responsible for enforcing the law on copyright and campaigning against software
piracy.
Software piracy is the theft of computer programs and the unauthorised distribution and
use of these programs. In the Caribbean, countries are enforcing copyright and piracy laws
for music, printed material and software. The main types of piracy are copying software
and its packaging, copying and selling recordable CD-ROMs that contain pirated software,
downloading software from the Internet, and using software on more computers in a
network than the number of computers for which there are software licences. People found
guilty receive a large or a prison sentence. Some countries also have legislation that seeks to
protect the individual from the potential misuse of personal information, such as
information should be used only for the purpose for which it was provided.
Individuals have the right to examine their personal records, which must be accurate and
regularly updated. Information should not be held for longer than necessary, and all
measures should be taken to ensure its security against physical and electronic threats.
Privacy of the individual should be protected.
The ICT revolution has caused widespread changes in the workplace, with most oces now
using computer systems connected by LAN or WAN. Applications such as word processors,
databases and email, and mobile telephones are used by millions of people every day. Video
conferencing via WAN and the Internet enables meetings to take place without participants
leaving their oces.
Computers are used in many economic sectors, and employees must become more skilled in
the use of information technology to perform their duties. This is necessary for most
occupations that involve information collection, processing and distribution.