ELEMENTS OF COMPUTER

SECURITY
SYSTEM VULNERABILITIES AND RISK
SYSTEM VULNERABILITIES AND RISK

u This simply refer to the flaws of the computer hardware, software and other procedure
that can be compromised by attackers concerning the security of a system. These risk
can exist in some part of the system like the operating system, network protocols,
applications and system files etc.

This harm or loss could manifest in various forms, including:

1. Unauthorized access to sensitive information: Attackers could exploit vulnerabilities to gain access to
confidential data, such as personal information, financial records, or proprietary business data.
2. Disruption of service: Vulnerabilities can be exploited to disrupt the normal operation of systems or
services, leading to downtime, loss of productivity, or financial losses for businesses.
SYSTEM VULNERABILITIES AND RISK

1. Damage to reputation: Security breaches resulting from exploited vulnerabilities can

damage the reputation of organizations, leading to loss of trust from customers,
partners, and stakeholders.
2. Financial losses: Attacks exploiting vulnerabilities can result in financial losses due to
theft, extortion, fines, legal fees, and costs associated with remediation efforts.
3. Legal and regulatory consequences: Organizations may face legal and regulatory
consequences for failing to adequately protect systems against vulnerabilities, including
fines, lawsuits, and sanctions.
SYSTEM VULNERABILITIES AND RISK

1. Compromise of integrity and availability: Vulnerabilities can be exploited to compromise

the integrity or availability of data and systems, leading to data manipulation, data loss,
or service outages.
HACKING

Hacking Is referred to the act of exploring and experimenting with computer systems, often
driven by curiosity and a desire to understand how systems work. However, over time, the
term has become associated with unauthorized access to computer systems, networks, and
data for malicious purposes. There are two types of hackers namely;

Ethical Hacker
Also known as white hat hacking involves security professionals who use their skills to
identify and fix vulnerabilities in systems. White hat hackers may be hired by organizations to
conduct penetration testing and security assessments to improve the overall security
posture. One of the major programs to pursue this career is called cyber security and system
administration. The minimum salary for such a job is $70,000 to $120,000 per year.
SYSTEM VULNERABILITIES AND RISK

NON-ETHICAL HACKERS
This refers to hacking done with malicious intent. Black hat hackers exploit vulnerabilities in
computer systems to steal data, disrupt services, or gain unauthorized access for personal
gain or to cause harm. These hackers are prone to arrest by federal law. Black hackers defect
Systems and ask for huge ransom and this I how they make money. Others also tend to use
their skills to steal information or data for personal consents. Every country has a law that
punishes these people when caught.
PASSWORD ATTACKS

u Password attacks refer to various techniques used by attackers to gain unauthorized

access to user accounts, systems, or networks by exploiting weaknesses in password
security. These attacks can target individuals, organizations, or entire networks and may
involve different methods and tools.
To mitigate the risk of password attacks, individuals and organizations should follow best
practices such as using complex and unique passwords for each account, enabling multi-
factor authentication (MFA), regularly updating passwords, using password managers,
educating users about phishing threats, implementing account lockout policies, and
monitoring for suspicious activity. So for whatsapp like this it has a two factor authentication
that avoid some of these activities.
BACK UP

u "Backup" refers to the process of creating copies of data or files to protect against data
loss in case of accidental deletion, hardware failure, data corruption, or other disasters.
Backups are essential for ensuring the availability and integrity of important information.
FIREWALL

u A firewall is a network security device or software that monitors and controls incoming
and outgoing network traffic based on predetermined security rules. It acts as a barrier
between a trusted internal network and untrusted external networks, such as the
internet, to prevent unauthorized access, data leakage, and other malicious activities.
ENCRYPTION

u Encryption is the process of converting plaintext data into ciphertext, which is a

scrambled and unreadable form, using mathematical algorithms and cryptographic keys.
The purpose of encryption is to protect the confidentiality, integrity, and authenticity of
data, especially when it is stored or transmitted over insecure channels.

Encryption is widely used in various applications, including secure communication (e.g.,

HTTPS for web browsing, Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for email),
data protection (e.g., full-disk encryption, file encryption), digital signatures, and
authentication mechanisms. It is an essential tool for safeguarding sensitive information and
ensuring the privacy and security of digital communications.