Computer

Security
and
Data Security
 Data Security
• Data security is all about identifying and assessing
computer security risks.
• Computer security is any event action or situation-
intentional or not- that could lead to the loss of
computer systems and the data they contain.

• Data security allows individuals and organizations to

assess the risks to which their computer systems and
data is exposed, and determine and implement
suitable countermeasures.
Element Meaning Element #1 Element #2
ABC Pharmacy Customer Jan
Doyle

Vulnerability Exposure to the possibility of being Computer system is connected to a Customer fills
attacked or harmed wide area network. It is also used to prescriptions at the
access their insurance company’s pharmacy and makes
extranet payments using
credit and debit cards

Threat A statement of an intention to inflict Data may be intercepted as it Credit card data and
damage transmitted from the pharmacy to the personal data may
insurance company be accessed by an
unauthorized person.

Attack Actual action that causes damage Credit card data stolen over a period Unauthorized
of weeks by an eavesdropper. purchases made with
credit card.

Countermeasu An action taken to prevent an attack Encrypt data before transmission. Use a credit or debit
re or minimize its effect card with chip- and-
pin technology.
 Data Security
Data may become damaged, lost, stolen or have its integrity
breached through accidental or deliberate acts.

ACCIDENTAL DELIBERATE

Accidents Hacking

Hardware malfunction/ failure Malware

Power-related problems Fraud and theft

Natural disasters Revenge

Fire

Environmental factors
 Data Security
• Data may be misused or may lose its integrity in wide variety of
ways. Data may affect an individual, an organization or both.
Threat to data Individual Organizations
Credit Card fraud
Identity Theft
Violation of privacy
Storage of inaccurate information
Surveillance Computer fraud
Electronic eaves dropping
Industrial espionage
Propaganda
Software piracy
Cyberbullying
Copyright infringement
Data Theft
Denial of service attack
Transmission of virus and malware

Online publication of obscene materials

Phishing attacks
Software and music piracy
Financial abuses
 Credit Card fraud
• Credit card fraud occurs when criminals illegally
use someone else’s credit card details to obtain
goods or services. The increased popularity of
e-commerce to purchase goods and services
over the internet has led to an increase in credit
card fraud. The fraudsters use stolen credit card
details to obtain good using e-commerce
websites. Credit card fraud is very closely
related to identity theft.
 Identity Theft
• Identity Theft is when criminals obtain and
use someone else’s personal detail to
impersonate them. As more personal data
is being stored on computers, computer-
related identity theft is increasing. They
can also do this by targeting garbage and
discarded material with personal
information on it.
 Violation of privacy
• Privacy refers to an individual’s ability to
restrict or eliminate the collection, use and
sale of confidential personal information.
In many countries: it is illegal to store
personal information about individuals on
a computer without their explicit
permission.
 Storage of inaccurate
information
• The storage of inaccurate personal data can have
serious impact on an individual. For example, if a person
is incorrectly recorded as having an outstanding debt
then that person will find it difficult to obtain a loan.
Inaccurate data can occur when:
– Incorrect data is entered into a system
– Data is accidentally changed or modified.
– People ,make what they think are valid changes but the changes
corrupt the data
 Surveillance and Espionage
• Surveillance
• Surveillance is very common in the computing world. A
lot of surveillance happens without computer user
realizing that they are being monitored. Surveillance is a
computer fraud that involves electronically observing a
user’s activity on the computer; Criminals can install
special key logging software on computers that record
every key pressed.
•
• Industrial espionage
• This is when secret information is obtained by spying on
competitors or opponents.
 Electronic eavesdropping
• Electronic eavesdropping is illegally
intercepting electronic messages as they
are being transmitted over a computer
network. Hackers track and use the data
people type into websites, such as login
details for bank accounts.
 Propaganda
• Propaganda is information that is designed
to encourage you to think in a particular
way and hold a particular opinion. It may
include false information or it may give an
unbalance version of events. Computer
technology can be used to spread forms of
propaganda, with political ideals and belief
that are publicly announced or advertised.
 Software Piracy
• Piracy is any act of taking or using someone else’s work without
their knowledge and permission. Software piracy is illegal.
Software piracy involves the following:
• Unauthorized copying or distribution of copyrighted software.
• Purchasing one single copy of software and installing it on multiple
computers.
• Copying, downloading, sharing, selling or installing multiple copies
onto personal or business computer is software theft.
• Copy Laws exist to protect the owners of proprietary software from
piracy and other abuses.
• The risk of downloading pirate software includes: Legal actions, viral
attacks and No technical support.
 Cyber bullying
• Cyber bullying: the use of electronic
communication to bully a person, typically by
sending messages of an intimidating or
threatening nature. [Further explanation: is the
use of cell phones, instant messaging, e-mail,
chat rooms or social networking sites such as
Facebook and Twitter to harass, threaten or
intimidate someone. Cyberbullying is often
done by children, who have increasingly early
access to these technologies.]
 Phishing
• Phishing is a cybercrime in which a target or
targets are contacted by email, telephone or text
message by someone posing as a legitimate
institution to lure individuals into providing
sensitive data such as personally identifiable
information, banking and credit card details, and
passwords.
• The information is then used to access
important accounts and can result in identity
theft and financial loss.
 Copyright infringement
• Copyright infringement is the violation, piracy or
theft of a copyright holder's exclusive rights
through the unauthorized use of a copyrighted
material or wor.k.
• Under Jamaica’s Copyright Act 1993, copyright
applies to original literary, dramatic, musical or
artistic works, sound recordings, films,
broadcasts or cable programme, typographical
arrangements of published editions.
 Denial of Service attack
• A denial-of-service (DoS) is any type of attack
where the attackers (hackers) attempt to prevent
legitimate users from accessing the service. DoS
attacks typically function by overwhelming or
flooding a targeted machine with requests until
normal traffic is unable to be processed,
resulting in denial-of-service to addition users. A
DoS attack is characterized by using a single
computer to launch the attack.
 Definitions:
• Computer Security is concerned with
protecting hardware, software, and data
from unintentional, intentional or malicious
modification/destruction or from any type
of tampering, including unauthorized
access or disclosure of data.

• Computer systems are protected by using

physical access restrictions or logical
(software) access restrictions.
 Access Restriction
• The procedures put in place to prevent
unauthorized access to computer system and or
information.

• There are two methods used to prevent

unauthorized access:
– Physical access restriction
– Software access restriction
 Physical Access Restrictions
• This is the first line of defense. These are
devices used to prevent unauthorized
persons from gaining physical access to
stored information or from physically
damaging the computer.

• Examples: locks, fireproof cabinets, smoke

detectors, biometric systems, cables and straps,
CC-TV and cameras, badges, alarm systems,
swipe or key cards, etc.
• Physical Access Restrictions also help to
protect the computer from threats such as:
• “Natural” Disasters:
◦ Fire
◦ Flood, Hurricane
◦ Earthquake
◦ Power Outages/Fluctuations
◦ Dust and extreme temperatures
 Physical Protection from Human
Attackers
• One example why physical security should be taken
very seriously
◦ The only tools you need to break into an unsecured PC:
• A Phillips-head screwdriver
• USB Thumb drive or an external hard drive

◦ BIOS password can be bypassed.

• Remove the machine’s hard drive and put it in another machine
• Reset the BIOS password via jumpers on the motherboard
• Simply remove the CMOS battery to reset

◦ Once accomplished, boot off CD and copy.

 Biometrics
• This is the use of a person’s body
characteristics to uniquely identify him or
her. These include fingerprint, facial
features, eye or retina scan, palm scan,
hand print, voice recognition or signatures.
 Software/ Logical Access
Restrictions
• This is a method of protecting software
and data by restricting access to them. It
may be done using passwords and or
encryption. To ensure software and data
security use:
– Antivirus software
– Backup procedures
– Archiving
 Passwords
• Password
– The most common logical access control
– Sometimes referred to as a logical token
– A secret combination of letters and numbers
that only the user knows
• A password should never be written down
– Must also be of a sufficient length and
complexity so that an attacker cannot easily
guess it (password paradox)
25
 Encryption
• The process of securing information by
encoding it so that it bears no similarity to
the original. Files are encrypted using a
key. The key is a combination of
characters that is used to tell an encoding
program how to encrypt the information.
• In order to read encrypted information it
must be decrypted or decoded. A key is
required to do so.
 Authentication
• Determines that the proven identity has the set
of characteristics associated with it that gives it
the right to access the requested resources.

• Checking the user’s credentials to be sure that

they are authentic and not fabricated
 Backup and Archiving
• Backup is the process of keeping copies of
data and storing it different locations in
case the original gets lost or damaged.

• Archiving is the process by which a

second backup of a file is kept separately
from the working backup copy.
• Archiving is normally done on magnetic
tapes or microfiche. Files are usually
managed by a data librarian.
 Security and Integrity
• Data Integrity is concerned with the
correctness of the data and the prevention
of accidental loss such as overwriting,
deletions, disk or system failure.
• Errors may be introduced when typing in
data or if there is a machine or program
corrupting the data.
• Validity and verification check are
performed on data to ensure their integrity.
 Data Corruption
• When something causes data to become
lost or damaged it is referred to as
corruption. Data may become corrupted
by:
– A computer virus
– Willful acts of employees
– Computer malfunction
– Power surges or outages
– Poor methods for updating data
 Virus and Worms
• A malicious program designed to corrupt
files on a computer. It can spread from
one file to another or one computer to
another. (E.g.. Shortcut, love bug,
terminator etc)
• Trojan Horse- does not replicate itself as
viruses do. It disguises itself to resemble
real programs, such as a screensaver etc.,
and then secretly destroys or corrupts files
and programs.
 Virus and Worms
• Worms hide inside the computer memory
and replicates over and over infecting
machines by using up all the resources
and eventually shutting down the system.
 Anti-virus
• A program that detects and removes
viruses from a computer system or
removable storage devices.

• Example: Norton Antivirus, Bitdefender,

Kaspersky, Avast, AVG etc.
 Hackers
• A hacker is a person who tries to gain
unauthorized access to restricted areas on
networks etc. hackers may try to:

– Pretend top be someone with legitimate

access to certain files or areas
– Use brute force (trying thousands of
passwords until the right one is found)
– Find weaknesses known as ‘backdoors’ and
exploit them.
– Put Trojan Horses on the network
– Corrupt or delete files being shared
 MCQ
• Which of the following is not an element of
computer security?
– Assessment
– Attack
– Threat
– Countermeasure
 MCQ
• Which of the following is NOT an example
of an attack usually directed at
individuals?
– Cyberbullying
– Identity theft
– Industrial espionage
– Violation of privacy
 MCQ
• Questions 5 – 7 are based on the following:
• Allan created a game named BOOM which he offered
for sale online via his website. Users who paid the required
fee were granted non-exclusive licences to use his game
on one device only. Within one month, BOOM was
available for download from three other websites, none of
which had Allan’s permission to distribute the game.

• With which crime can individuals who download the

software from the other websites be charged?
– Identity theft
– Software piracy
– Industrial espionage
– Copyright infringement
 MCQ
• With which crime can the individual/ organization that illegally
offers the software downloads be charged?
– Identity theft
– Software piracy
– Industrial espionage
– Copyright infringement
•
• Allan launched an attack on the illegal websites that caused
each site to be unavailable for a a few hours daily. The attack
launched was MOST LIKELY
– Cyberbullying
– Denial of service
– Industrial espionage
– Violation of privacy
End of Presentation!