Computer Security

Cybersecurity

Cyberspace

Presented by: Rev. Chester Allman

JP.
 Computer Security
 Computer Security is all the activities
related to identifying, assessing and
managing vulunerabilities, threats and
attacks on a computer system.
 Computer Security
 Computer users, both authorised
(lawfully) and unauthorised,
sometimes misuse computer systems
in a way that constitutes a risk to the
computer systems itself or to the data
and programs stored on the system’s
storage devices..
 Cyberspace
 Cyberspace generally refers to any data
or resources that can be accessed via a
network or the space where the internet
operates.
 Cyberspace
 The internet gives users access to large parts
of cyberspace; webpages that contain text,
images, videos and interactive content are all
part of cyberspace. Files stored on remote
computers that can be accessed using File
Transfer Protocol are also part of
cyberspace. Cyberspace is also information
and resources that you may be able to access
on intranets or extranets.
 Cybercrime
 Cybercrime is any crime perpetrated
using computers and networks. An
example of cybercrime is music piracy.
Pirates steal recordings of music from
musicians, who are rightful owners and
sell copies illegally over the internet by
FTP download,
 Cybersecurity
 Cybersecurity is all the activities related to
identifying, assessing and managing the
vulnerabilites, threat and attacks
originating from cyberspace.
 Cybersecurity
 An example of cybersecurity is a spam
filter in an email application program.
Spam filters identify emails that are
trying to scam legitimate users and
automatically delete them.
 Cybersecurity
 Cybersecurity is the body of technologies,
processes and practices designed to
protect networks, computers, programs
and data from attack, damage or
unauthorised access.
Elements of Computer Security

 Computer security has four main

elements:-
– Vulnerability
– Threats
– Attack
– Countermeasure
 Firewall
 A firewall monitors a network, blocking
dangerous content such as viruses.
Firewalls can be either a physical device
attached to the network or software
running on the connected computer.
 Elements of Computer Security
Element Meaning Example
Vulnerability Exposure to the Computer systems that are connected to the internet
possibility of being are vulnerable because a large number of remote
attacked or harmed computers, and so a large number of potential
criminals, have network access to the system

Threat A statement of an A resentful ex-employee may state his intention to

intention to inflict gain unauthorised access to an organisation’s
harm or damage computer system to delete critical files or steal
confidential information unless some ransom is paid

Attack Actual action that The resentful ex-employee may encrypt company files
causes harm or and demand a ransom for the recovery files
damage
Counter An action to Set the firewall to allow access from current
measure counteract a threat employees’ devices only
 Computer Misuse
 Computer misuse is any activity during
which a computer system or computer
network is accessed, or its data is
accessed, modified or deleted without
proper authorisation.
 Computer Misuse
 Computer misuse is considered to include:-
– Acts which are likely to cause unauthorised modification,
removal or copying of the contents of any computer system.
– Directly or indirectly obtaining computer service without
proper authorisation (e.g. music download from an illegal site).
– Accessing programs or data on a computer with the intent to
commit a crime.

– Unauthorised access to a computer system.

 Computer Misuse
 Computer misuse can be viewed from
three prospectives:-
– Individuals
– Organisations
– Governments
Computer Misuse - Individuals
 Computer misuse by an individual ranges from sending
a personal email from a work computer during periods
of work to gaining unauthorised access to the company’s
online banking service and moving funds from a
company account into a personal account.
Computer Misuse - Organisation

 Computer misuse by an organisation can range

from software piracy, where software is used
without paying the appropriate fees, to industrial
espionage, which is the unauthorised accessing of
a competitor’s computer system to copy
confidential data.
Computer Misuse - Government

 Governments also sometimes misuse

computer systems and data by
intercepting private emails, by altering
elections results or by spreading “fake
news”.
 Potential Impact of Computer
Misuse on the main Entities
 Table below shows common ways in which computer systems and
data may be misused:-
Individual Organisation Government
• Cyberbullying • Copyright infringement • Electronic
eavesdropping
• Financial abuse (credit • Data theft • Espionage
card fraud and identity
theft)
• Online publication of • Denial-of-service attacks • Manipulation of
obscene materials data
• Phishing attacks • Financial abuse • Propoganda
• Violation of privacy • Industrial espionage
• Software and music piracy

• Transmission of malware
Computer Misuse that Impacts
Individuals
We will now outline five (5) acts of computer
misuse that primarily impact Individuals:-
 Cyberbullying
 Identity theft
 Online publication of obscene materials
 Phishing attacks
 Violation of privacy
 Cyberbullying
 Cyberbullying is a form of bullying or
harassment using computer-based
communications.

 It can occur through SMS (text) or social

networking apps, or online on social media
and gaming platforms where persons can
view, participate in or share content
 Cyberbullying
 Cyberbullying includes sending, posting or
sharing negative, harmful, false or mean
content about someone else, usually
causing embarrassment or humiliation.

Cyberbullying can be:-

 Hard to notice – because teachers,
parents and other adults may not
overhear or see cyberbullying taking
place.
 Cyberbullying
 Persistent – digital devices offer the
ability to immediately and continuously
communicate 24 hours a day, so it can
be difficult for persons experiencing
cyberbullying to find relief.

 Permanent – most information

communicated electronically is
permanent and public if not reported and
removed.
Cyberbullying
 Identity Theft
 Identity theft is the deliberate use of
someone else’s identity, usually to gain a
financial advantage.

 All individuals are vulnerable to having their

identity stolen because data about them is
held on multiple government and company
computers.
 Identity Theft
 Identity theft is the deliberate use of
someone else’s identity, usually to gain a
financial advantage.

 All individuals are vulnerable to having their

identity stolen because data about them is
held on multiple government and company
computers.
 Identity Theft
 With enough identifying information about
an individual, a criminal can steal and
individual’s identity in order to conduct a
wide range of crimes.

For example:-
 False applications for loans and credit
cards
 Fraudulent withdrawal’s from bank
accounts
 Identity Theft
For example:-
 Fraudulent use of online accounts
 Fraudulently obtaining other goods or
services
 Online Publication of
Obscene Materials
 Obscene material is material of a sexual
nature or material that offends against
society’s morality.

 Obscene material is offense to look at and

someone who accidentally views this
material may feel invasion of privacy
because this is on their computer, in their
home. This can lead to emotional distress.
 Online Publication of
Obscene Materials
 The publication of obscene material may
impact the person targeted, the perpetrator
(criminal) and, in some cases, the online
outlet through which the materials were
published.
 In some cases the perpetrator, if caught may
lose their job and be sent to prison and the
affected person may have to relocate to a
new town to try to lessen the psychological
effects
 Phishing Attacks
 Phishing is the attempt to obtain sensitive
information such as usernames, passwords
and credit card details by sending emails
pretending to be from a legitimate
organization.

 Users are tricked into responding to the

email because it looks believable, promises
them some benefit or warns of some
penalty.
 Phishing Attacks
 Users are asked to click on a link; the link
then takes the user to a fake website which
tricks them into entering personal
information.

Phishing emails can be detected because:-

 They are unsolicited (e,g. the sender has
no permission to send it to you)
 They often contain spelling or grammar
errors.
 Phishing Attacks
Phishing emails can be detected because:-
 They urge you to act immediately
 An email program may warn you that
the email is potentially a scam
Phishing Attacks
 Phishing Attacks
Communications claiming to be from financial
institutions, service providers (such as online
payment processors and hosting providers),
social websites, package delivery companies or
IT administrators are often used to lure
potential victims into phishing scam.
Violation of Privacy
 Privacy is the right of persons to choose
freely under what circumstances and to
what extent they will reveal information
about themselves.

 Privacy relates to an individual’s ability to

control their personal information.
Governments and organisations that store
our personal data must keep it private.
Violation of Privacy
 Personal data includes name, address, date
of birth, bank information, telephone
numbers, driving licence number and
family information such as mother’s
maiden name (which is often used as a
security question for checking a person’s
identity).
 Violation of Privacy
Any act that violates any of these rights is
deemed a violation of privacy including:-
 Storage of inaccurate personal data
 Sharing of data (for free or for a fee)
without the owner’s consent
 Using data for purposes other than for
which it was collected
 Violation of Privacy
Many websites include a privacy policy and in
addition some territories have passed data
protection legislation. Privacy policies outline
how the data that websites collect will be used
and what rights the user is giving up when they
accept the website’s terms of service.
 Violation of Privacy
A Cookie is a piece of data sent from a website
and stored on the user’s computer by the user’s
web browser while the user is browsing. See
example of website cookie below.
Computer Misuse that Impacts
Organizations
We will outline five (5) acts of computer
misuse that primarily impact organizations:-
 Copyright infringement
 Software/music piracy
 Data theft
 Denial-of-service-attack
 Malware
 Copyright Infringement
 Copyright is a legal right that gives the
creator of an original work exclusive rights
over its use and distribution. Copyright is
form of intellectual property applicable to
certain forms of creative work such as
books, illustrations, maps, poetry and plays.
 Copyright Infringement
 Copyright infringement occurs when an
entity that is not a rights holder reproduces,
creates a derivative work, distributes,
performs benefits from the copyrighted
work without obtaining the requisite
permissions (and paying any associated
rights fees). Copyright can be infringed by
individuals and organizations alike.
Copyright Infringement
 Software Piracy
 Software/music piracy is the unauthorized
reproduction, distribution or use of software
products/music.

 Software publishers spend years developing

software for the public to use; a significant
portion of every dollar spent in purchasing
original software is funnelled back into
research and development so that better and
more advanced software products may be
produced.
 Software Piracy
 Software piracy negatively impacts the legal
owners that produce the software because it
reduces their revenues. It also harms
national and regional economies.
 Data Theft
 Data theft is the unauthorized copying or
removal of data from the legitimate owner’s
computer system.

 The Dark Net is the term given to the parts of

the Internet that are kept hidden from the
general public and cannot be accessed by
standard search engines such as Google and
Bing. Suspect activities such as hacking and
fraud take place on Dark Net websites.
Parts of the World Wide Web
 Data Theft
 Criminals target computers that store personal
or commercial data because this data,
especially in large volumes, has significant
economic value in the criminal underworld.

 In many cases, data stolen during these

breaches is offered for sale in places such as
the Dark Net.
 Data Theft
 Data theft may be instigated internally, by an
employee, or externally, by hackers
exploiting poor security or lost/stolen storage
devices/media.

 The effects on an organisation of data theft

include reputational loss and loss of
customers, possibly leading to reduction in
profits, and in extreme cases the organisation
may be forced to cease operations.
 Denial-Of-Service-Attack
 Denial-of-service-attack (DOS attack) is a
cyber-attack where the intent is to prevent a
service being delivered by the target system.

 The attack could be by an individual hacker

exploiting a vulnerability in the target system
to gain unauthorized access and so crash the
system from within.
Distributed Denial-Of-Service-
Attack
 A distributed denial-of-service-attack (DDOS
attack) is a cyber-attack during which the
target system is flooded with requests that
overload the targeted system.

 A DDOS attack is often staged by activists and

blackmailers. It can be as simple as sending
thousands or millions of emails to the same
address at the same time to swamp an
organisation’s email service, causing it to fail.
Computer Misuse that Impacts
Organizations
 Malware, malicious software, is software
designed to disrupt, damage or gain
unauthorized access to a computer system.
Viruses, worms, trojans, ransomware and
spyware are all types of malware.
 THANK YOU

FOR WATCHING