SECURITY THREATS AND CONTROLS MEASURES

- Security threats to computer base information system, private or confidential data

include:
 unauthorized access,
 alteration,
 malicious destruction of hardware, software, data or network resources,
 sabotage
- The goal of data security control measures is to provide security, ensure integrity and
safety of an information system hardware, software and data.

Computer crime and criminals

Computer criminals can be classified into four main groups:
• Hackers and crackers — A hacker is a person who gains unauthorised
access to an information just for fun while a Cracker gains unauthorized access
for malicious reasons.
• Fraudsters — These are mostly former employees of the company or
outsiders who use their knowledge to cheat or defraud with the intension of
acquiring goods, services or cash.

• Terrorist—A person or an organization that works towards crippling the

information infrastructure by attacking expensive installations like satellite
stations, server rooms and buildings in order to wage an economic warfare or to
hurt people.
• Thieves and trespassers — These are people who physically break into a
room with the intention of stealing hardware and software resources such as
storage devices.
INFORMATION SYSTEM FAILURE
information system failure is a system that either does not perform as expected, is not
operational at a specified time, or cannot be used in the way it was intended.

Some of the causes of the computerized system failure include;

1. Hardware failure due to improper use.
2. Unstable power supply as a result of brownouts or blackouts and vandalism
3. Network breakdown
4. Natural disaster
5. program failure
6. user error/ inadequate user training

Control measures against hardware failure

- Protect computer against brownout or blackouts which may cause damage or data loss by
using surge protectors and UPS (uninterruptible power sources).
 - For critical systems, most organizations have put into place fault tolerant systems. A
fault tolerant system has a redundant or duplicate storage, peripheral devices and
software that provide a fail-over capability to back up components in the events of
system failure.

Disaster recovery plans

It is a documented or structured approach that describes how an organization can quickly
resume work after an unplanned incident. A DRP aims to help an organization resolve data
loss and recover system functionality so that it can perform in the aftermath of an incident,
even if it operates at a minimal level.

Disaster recovery plan involves establishing offsite storage of an organization’s databases so

that incase of disaster or fire accidents; the company would have a backup copy to
reconstruct lost data form.

What to be included in a disaster recovery plan

 Establish the range and scope of the recovery
 gather relevant network infrastructure
 identify the most serious threats and vulnerabilities as well as the most critical
asset.
 Review the history of unplanned incidents and outages and how they were
handled.
 Identify the current disaster recovery strategy
 Have an incident response team
 Review with the management before approving the disaster recovery plan.
 The approved plan should be put to test
 Constantly updating the plan
 Implement the plan

NB communication plan is an important part of the disaster recovery plan e.g. how the
communication is passed within the organization and outside the organization.

Threats that cause information system failure/Data loss

a. Threats from malicious programs

- Malicious programs may affect the smooth running of a system or carry out illegal
activities such as, secretly collecting information an unknowing user. Some of
common types malicious programs include:

1. Boot sector viruses- they destroy the booting information on storage media
2. file viruses- attach themselves to files
3. hoax viruses- come as e- mail with attractive messages and launch themselves when
e-mail is open
4. Trojan horse- they appear to perform useful functions but instead they perform other
undesirable activities in the background.
5. Worms- this is a malicious programmed that self – replicates hence clogs the system
memory and storage media.
6. Backdoors- May be Trojan or a worm that allows hidden access to a computer system.
 Viruses are shared offline on downloaded files using gadgets like flash disks while worms
spread on internet files throughout networks by replicating itself.
A virus remains dormant until the infected file is activated while a worm does not need
the activation of their host file. Once it has entered the network, it activates itself and self-
replicate and spreads through internet connection.

Control measures against viruses

1. Install the latest versions of anti-virus software on the computers.

2. Always scan removable storage media for viruses before using them.
3. Scan mail attachments for viruses before opening or downloading an
attachment.

b. Physical theft

- One the widespread computer related crimes, especially in developing countries,

is the physical theft of the computer hardware and soft ware
- Now and then, we hear of people breaking into an office or firm and stealing
computers, hard disks and other valuable computer accessories. In most cases
such theft may be done by untrustworthy employees of firm (an inside job) or by
outsiders. The reason behind such an act may be commercial, destruction to
sensitive information or sabotage.

Control measures against theft

1. Employee security agent to keep watch over information centre and restricted back up
sites.
2. Reinforce weak access points like the window, door and roofing with metallic grills
and strong padlocks.
3. Motivate workers so that they feel a sense of belonging in order to make them proud
and trusted custodians of the company resources.
4. Insure the hardware resources with a reputable insurance firm.

c. Piracy

- Piracy is a form of intellectual property theft which means illegal copying of soft ware,
information or data. Software, information and data are protected by copyright and
patent laws

Control measures against piracy

There are several ways of reducing piracy:

1. Enforce laws that protect the owners of data and information against piracy.
2. Make software cheap enough to increase affordability.
3. Use licenses and certificates to identify original software.
4. Set installation password that deter illegal installation of software.
 d. Fraud

- With the dynamic growth of internet and mobile computing, more sophisticated cyber
crimes like fraud are on the rise. Fraud is stealing by false pretence. Frauds can be either
employees in accompany, non-existent company that support to offer internet services
such as selling vehicles etc. Other forms of frauds may also involve computerized
production and use of counterfeit documents

e. Sabotage

- Sabotage refers to illegal destruction of data and information with the aim of crippling
service delivery, or causing great loss to an organization. Sabotage is usually carried by
disgruntled employees or by competitors with the intention of causing harm to an
organization.
f. Human error
Deleting data by a mistake which may cost the organization, or hard drive damage leading to
loss of important files, liquid spills, hard drive formatting and software corruption.
Prevented by:
Proper training
Software automation/ machine automation
g. Natural disasters
Such as Fire outbreaks, earthquakes, flooding,

Threats to piracy and confidentiality

- Piracy means that data or information belonging to an individual should not be accessed
by or disclosed to other people. It is an individual’s right to determine for themselves
what should be communicated to others.

- Confidentiality in the other hand means that sensitive data or information belonging to
an organization or government, should not be accessed by or disclosed unauthorized
people.

- Private and confidential data must be protected against unauthorized access or

disclosure.
- The following are some example of computer – related crimes that compromise data
privacy or confidentiality:

a. Eavesdropping

- Eavesdropping refers to tapping into communication channel to get information.

Hackers mainly use eavesdropping to access private or confidential information from
internet users or from poorly secured information system.

b. Surveillance (monitoring)

- Surveillance refers monitoring use of computer systems and network using

background programs such as spy ware and cookies. The information gathered may be
used for one reason or the other e.g. spreading propaganda or sabotage.
c. Industrial espionage

- Industrial espionage involves spying on a competitor to get information that can be

used to cripple the computer

d. Accidental access

- Sometime, threats to and information comes from people unknowingly giving out
information to strangers is or unauthorized persons.

e. Hacking and cracking

- A hacker is a person who gains unauthorized access just for fun, while a cracker gains
unauthorized access for malicious reasons. Hackers and crackers violate the security
measures put in place such as by passing passwords or finding weak access points to
software.

- There are various motivations for hacking. One is that, some people like the challenge
and feel great after successfully hacking a system, while some do it commercially for
software manufacturers test the security status of a new software system.

f. Alteration

- Alteration is the illegal modification of private or confidential data and information

with the aim of misinforming users. Alteration is usually done by people who wish to
conceal the truth or the sabotage certain operation. alteration compromises the
integrity of the data and information making it unreliable

CONTROL MEASURES AGAINST UNAUTHORIZED ACCESS

- To safeguarded data and information against unauthorized access, the following

measures should be put in place:

a. Firewall

- A firewall is a device or software system that filters the data and information
exchange between different networks by enforcing the horst network access control
policy. The main aim of a fire is to monitoring and control to or from protected
networks. People who do not have permission (remote requests) cannot access the
network and those within cannot access firewall restricted sites outsides their network.

b. Data encryption
 - Data on transit over a network faces many dangers of being tapped, listen or copied to
unauthorized destinations. Such data can be protected by mixing it up into a form that
only the sender and the receiver are able to understand.
- This is by reconstructing the original message from the mix which is called data
encryption.
- The message to be encrypted is called the plain text document. After encryption, using
a particular order called algorithm or key, this is sent as cipher text on the network.
The recipient receives it and descript it using a reverse algorithm to the one used
during encryption called decryption key, to get the original plain text document
Therefore, without the decryption key nobody can be able to reconstruct the initial
message.

c. Security monitors

- Security monitors are programs that monitor and keep a log fie or record of computer
system and protect them from unauthorized access.

d. Biometric security

- Biometric security is a growing form of unauthorized control measure that takes the
user attributes such as voice, finger prints and facial recognition. For example, you can
log on swap a finger on fingerprint swap window.

e. Other access control measures

- Access control can be also enhanced by implementing multi- level authentication

policies such as:
 assigning users log on account,
 use of smart card and
 personal identification number (PIN)

GENERAL DATA PROTECTION MEASURES

i. Encryption. This refers to the coding of data or information so that only a person with
decrypting key can read it.
ii. Enforcing data and information access control policies on all employees and outsiders.
iii. Reinforce the computer room security.
iv. Assign user accounts in a networked environment.
v. Install firewalls. A firewall acts as a security buffer or wall between a private network
and other networks. Access to the private and external networks must first be
authenticated by the firewall and the proxy server.
vi. Install security and antivirus software, which should be updated regularly to protect
the computer against the malicious programs.
vii. Put in place disaster recovery plan. Natural forces including floods, fire, hurricanes,
tornadoes and earthquakes are beyond our control. To avoid losing data and
information, an organization should put in place a disaster recovery plan which entails
backing up data, creating of emergency facilities and installing fire extinguishers.
viii. Avoid downloading programs, games, screen savers and themes you are not
sure of.
ix. Keep computer clean and dry
x. Properly train employees handling data
xi. Enable write protection on removable disks.
xii. Protect computers against brownout or blackout which may cause physical damage or
data loss by using surge protectors and UPS.
xiii. Cloud storage
xiv.