SECURITY

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

DATA SECURITY

Data Security-Refers to protective digital privacy measures that are applied to prevent
unauthorized access to computers, databases and websites which may lead to loss of data
confidentiality or integrity
Data Privacy-Is the relationship between collection and dissemination of data, technology, the
public expectation to confidentiality, and the legal issues surrounding them
It is simply the right of an individual to have his or her information to be considered confidential

Security threats and Possible Control Measures


A threat is a possible danger that might abuse the weakness in a system to breach security
A threat could be intentional whereby a person or organization cracks people’s confidential data
Threat can also be accidental where there is a possibility in of a computer malfunctioning or
natural disaster occurring like earthquakes
Security threats to a computer system is also called malware
Some of the Possible threats are:
1) Computer Virus
2) Unauthorized access
3) Computer error
4) Accidental erasures
5) Theft
6) Natural calamities
7) Crashing of hard disk
8) Power failure
1) Computer Viruses
It refers to a destructive program designed by a malicious person with the intention of
destroying computer files, programs or even the entire computer system
They are copied to the computers without the owners or users’ knowledge

Characteristics of computer virus


i). Attaches itself to the target program or commonly used files
ii). Automatically replicates itself
iii). Automatically executes itself

Types Of Computer Virus


a) Worm-It is a malware that replicates itself in order to occupy a large space in the
computer memory. It affects only the computer memory
b) Hoax-Its is sent as an email message. Sometimes it contains fake announcements
claimed to originate from reputable organizations as streaming media
c) Trojans-Are non-replicating programs that work in the background and perform
unauthorized actions like deleting, modifying, copying or blocking data.
Examples are backdoor, exploit and rootkit
d) Boot sector-This virus infects the computer by modifying the contents on the boot
sector program
e) File Virus-This virus affects the executable files. When the infected files are
launched, the virus overwrites the file resulting in permanent damage to the
content of the file

Sources Of Computer viruses


a) Programs downloaded from the internet
b) Email attachments
c) Pirated Software
d) Software updated through the internet
e) Infected secondary storage devices

Symptoms of a virus infected computer


a) The processing speed of the computer becomes slower than usual. This is because
the virus runs tasks on the background that consume a lot of computer resources
b) The computer either shuts down or restarts itself without the user initiating the
command
c) Unfamiliar graphics appear on the screen
d) Some computer files disappear mysteriously
e) An application program fails to run
f) The drive lights automatically turn on for non-referenced drive

Control measures against Computer Viruses


a) Install Updated antivirus software such as Kaspersky, MacAfee, Avast
b) Scan removable storage devices for viruses before use
c) Regularly backup important files to avoid loss of data in the event of infection
d) Avoid buying pirated software
e) Educate all computers users on the danger of viruses and precautions that should
be taken against virus infections
f) Install a firewall to filter information coming through the network
g) Avoid visiting unfamiliar links or opening ails from unknown sources

2) Unauthorized access
Refers to the illegal access to information a data with the intention of altering or deleting
it

Possible Control measures against unauthorized access


The control measures can be categorized into Logical and physical control measures
a) Logical Control Measures-This refers to control measures which use software
means
They Include:
i). Use of passwords
ii). Encryption of data transmitted through network
iii). Enforce network security so as to grant different levels of user’s
permission to only access the information within their level
iv). Use of biometric devices to authorize a person into an electronic system
v). Use of firewalls to control the incoming and outgoing traffic and prevent
unauthorized data access
b) Physical control measures-This refers to control measures which use the
physical means
Example are:
i). Employing security guards to guard computers with data
ii). Locking doors when not in use
iii). Fitting a bugler proof door
iv). Fitting metallic grills on windows
v). Fitting security alarms in the doors

3) Computer errors and Accidental Erasures


Occurs when the user mistakenly executes command that causes deletion of data without
saving, accidentally shuts down the computer or corrupts data

Control measures used to recover lost data and information


i). Use of error recovery tools-Most applications software like MS office have auto
recovery options which automatically recover data that had not been saved when
the computer shut down
ii). The autos save automatically saves files as data is being typed
iii). Backup-refers to a copy of computer data that is stored on either secondary
storage devices or cloud-based storage facility
iv). Use of the Recycle bin-in the event a user deletes file accidentally he can restore
the file from the recycle bin to its original location by clicking restore option
v). Undo Commands-This command is used to restore data that has been deleted or
modified before saving
vi). Unformat utilities-Are utilities that help to recover data and information from
formatted computer secondary storage device. Examples include data scavenger

4) Theft
Computer Hardware and software are prone to theft

Control measures used to Curb Theft


i). Ensure that all the software and data are backed up frequently and the copies are
stored in a different location
ii). Employ security personnel to guard over the computer laboratories
iii). Use secure padlocks to lock the room when they are not in use
iv). Fit security alarms in the computer laboratory or room
5) Crashing Of the Hard Disk
This is the sudden failure of a computer hard disk to function, leading to loss of data

Control measures Prevent Crashing of The Hard Disk


i). Frequently and regularly update an antivirus in the computer
ii). Frequently service the computer systems
iii). Ensure the computer is shutdown properly
iv). Make use of the Uninterrupted Power Supply (UPS) to avoid power surge

6) Power Failure
This is sudden disconnection of power to the computer systems from the main supply
This can lead to the crashing of the hard disk and subsequent loss of data

Control measures Prevent Data loss on power failure


i). Install Uninterrupted Power Supply Unit to ensure that the user has enough time to
save the document in case of power failure
ii). Always ensure the work is saved frequently
iii). Install standby power backups such as generators

7)Natural Calamities
These are natural phenomenon which may cause physical damage to computers
They include floods, earthquake, fire etc.
Control measures
i). Build computers in areas that are not prune to floods
ii). Fit rooms with smoke detectors
iii). Build strong laboratories with adequate reinforcement to avoid breakdown in case
of earthquakes

Detection and protection against Computer Crime


Computer crimes refers to illegal operation done on an information system
Its also called Cyber terrorism
They come in different forms including:
1) Trespass-This is unauthorized access to a computer system with ill motive
2) Hacking-Refers to gaining unauthorized access to computer system by breaking codes
and passwords
3) Tapping-Refers to gaining unauthorized access to information that is in transit. Its also
called eaves dropping. This data is intercepted using intelligent programs that spy on the
operation of the system
4) Cracking-This is malicious breaking into computer systems. It can be done by trying
different combination of characters in order to figure out passwords or entry code
5) Software Piracy-Is the act of stealing legally protected software. Occurs when copyright
protected software is copied, distributed, modified or sold without the authority of the
owner
6) Fraud-It is the use of computers to create fake documents, hide information or cheat
unsuspecting public with intention of gaining money sending someone email
congratulating them to have won lottery which they have not participated
7) Sabotage-It is deliberate destruction of data and information with the aim of disrupting
service delivery or causing loss to the organization
8) Phishing-refers to malicious acts of tricking individuals to reveal their confidential
information using official like emails (pretending to originate from a bank or a service
provider)
9) Pharming-Refers to attempt of collecting personal information from users when they log
onto a legitimate website. It can be done through the use of software that records any
information entered by the user while connected to a legitimate website
10) Spamming-This is the process of sending unsolicited email which is equivalent of junk

Detection and prevention of Compute Crimes


1) Audit Trail-Refers to record showing who has access to a computer system and what he
or she has performed during a given duration of time to provide documentary evidence
2) Data Encryption-refers to action of scrambling data through the use of a particular key.
To access data the user must use the same key to allow decryption. An example could be
shifting 3 letter that transform letter sequence IE A=D, B=E, C=F……Z=C, then BAD
Wiil be encrypted to EDG.The encrypted text is referred to as cipher text while the
process of encrypting is ciphering
3) Log Files-Thes are system files installed in a computer to maintain record of how the
system is being used i.e., when the user logs in a website the system records the time and
all the activities done
4) Fire walls-Refers to type of hardware or software that are installed on a computer which
filters the all information coming through the internet or Local Area Network
5) Patch-A patch is a line of code which repairs defects in a software without interrupting
its proper operation. It’s written by software vendors and is meant to ad new features to
the software

Laws governing the Protection of ICT


Laws related to information systems deals with:
i). Safeguarding of code and data including copyright
ii). Safeguarding of access to programs by unauthorized personnel
iii). Safeguarding ICT against terrorism and vandalism
iv). Safeguarding of confidential data about individuals i.e., financial status
Laws governing ICT In Kenya:
1) Kenya science and Technology act Cap 250 of 1977
2) The Kenya Broadcasting Act of 1998
3) Kenya communication Act of 1998

Some of the ICT related areas covered in the Kenya communication Act of 1998 and Kenya
communication Act of 2009 bill include:
i). Text Messages
ii). E-Governance
iii). E-Transactions
iv). Promotion of ICT skills
v). Information, data, programs in digital form
vi). Promotion of digital villages and schools
vii). Laying in ICT infrastructure in the country

You might also like