Ict Security.
Ict Security.
Ict Security.
Definition of terms
Threats-These are dangers which can occur if the system is not secured
Private Data/Information-Data which belongs to an individual and must not be accessed by any other
person without direct permission from the owner
Information Security-Refers to the processes and tools designed and deployed to protect sensitive
business information from modification, disruption, distraction or inspection.
1. CONFIDENTIALITY
Involves ensuring that the data is accessible by those who are allowed to use it and blocking access
to others.
2. INTEGRITY
It ensures data is authentic, accurate and safeguarded from unauthorized modification by threat
actors or accidental user modification.
3. AVAILABILITY
It makes the information to be available and useful for its authorized people always.
It ensures that the access is not hindered by the system malfunction or cyber-attacks.
VULNERABILITY ASSESSMENT
Is a process of evaluating security risks in software system to reduce the probability of threats?
Scope
Information Gathering
Vulnerability detection
a. Identification
Assets include physical equipment like servers, laptops and mobile devices and digital assets like
data, software and intellectual property.
b. Assessment
c. Treatment
Once you have assessed the risk you can develop and implement risk treatment plan.
Types of treatment
Protecting sensitive Data-It protects the sensitive data from illegal access ensuring its
privacy and legal access
Compliance with regulation-All industries have regulations and all legal requirements for
data protection and privacy. The correct strategy for data security help businesses to comply
with these regulations.
Preserving customer Trust-Data security breaches result in financial losses
Safeguard intellectual Property-Intellectual property forms a valuable asset for business.
These include patents, trademarks, copyrights and trade secrets. Information security
protects these intellectual properties from theft and illegal access.
Ensuring business Continuity-Cyber-attacks can disturb business operations. It can also
process interruptions, loss of productivity and financial challenges.
Employee awareness and Accountability-Employees should be trained and made more
aware of security risks. They need to be accountable for security focused actions.
Types of vulnerabilities
Medium vulnerabilities
They have the potential to Impact security but are typically less severe than critical and high
vulnerabilities.
Characteristics
Low Vulnerabilities
Are the least severe and have minimal impact on the system security.
Characteristics
i. Data Backup-Is a process of putting an archive of files and data on a separate storage
device which is different from primary storage for retrieval in case of data loss.
ii. Firewall-Network security tools that monitor incoming and outgoing network traffics
iii. Data Encryption-Process of changing the plain text into cypher text so that you limit
access during transmission over a network.
iv. Use of strong password
v. Use of antivirus software’s-It is used to prevent, detect, and fix the destruction caused
by the virus.
vi. Educate your employees
Questions
Theft
Accidental damage
Hardware failure
3.State three ways you can use to prevent boot force attack.
Use strong password which include letters, numbers and special characters.
5.List three ways data from within the organization may be exposed or accessed by unauthorized
entity.
Phishing
Weak passwords
Unauthorized
i. Firewall-Network security tool that monitors incoming and outgoing network traffics
ii. Hacking-Activity of identifying weakness in a computer system to exploit the security to gain
access to personal data.
iii. Threat-Dangers that can occur if system is not secured.
iv. Vulnerability-These are weaknesses which may be caused by security threats
White Hackers-Security experts authorized to access and identify, fix security vulnerabilities
in a system.
Black Hackers-Exploit vulnerabilities for personal gain or to cause harm.
Grey Hackers-Exploit vulnerabilities without proper authorization.
8. Outline four important functions that information security performs for an organization
9. Outline two reasons why it’s important to use VPN when accessing internet using public network.
1.Computer Virus
This is a destructive program that attaches itself to other files when the files are open for use and
install itself in a computer without the knowledge of the user
It is a program designed specifically to damage other program or interfere with the proper
functioning of the computer system.
2. Unauthorized Access
Control Measures
Control Measures
Restrict files access to the end user and technical staff in the organization.
Setup a comprehensive error recovery strategy in the organization.
4.Theft
Some information is so valuable such that business competitors or some government can decide to
pay somebody to steal the information for them.
Control measures
Create backup and store them in a location different from the original storage location.
Reinforce work access points
Employ guards to keep watch
5.Computer Crimes
Is committing of illegal act using a computer or against a computer system or the use of computer
hardware, software or data for illegal activities.
Trespass
Is an illegal physical entry to a restricted area where computer hardware, software and backup data
is kept
Hacking
Is an attempt to invade the privacy of system either by tapping message being transmitted along a
public telephone line or through breaking a security code and password to gain unauthorized access
to the system data and information files in a computer.
Tapping
Listening to a transmission line to gain a copy of the message being transmitted over a network.
Cracking
Is the use of guess work by a person trying to look for a weakness in the security codes of a software
in order to get access to data and information?
Piracy
Making illegal copies of copy write software data or information either for personal use or for resale.
Fraud
Sabotage
It is the illegal destruction of the system data or information by employees or other people with the
grudge aiming at crimpling services delivery or causing great loss to an organization.
Alteration
Illegal changing of stored data and information without permission with the aim of gaining or
misinforming the authorized user.
Is a careful study of an information system by experts in order to establish or find out all the
weaknesses in a system that could lead to security threat or act as weak access points to criminals
It is mixing up the messages transmitted over a network in a form that only sender and the receiver
can be able to understand by reconstructing the original message from the mix.
Black
Black
Black Panther
Kcalb Panther
Panther
rethnap
These are special system files that keep a record of events on the use of computers and resources of
information system.
The information system administrator can therefore easily track who accessed the system, when
and what they did in the system.
4.) Firewall
Fire
Fire can physically damage hardware components, destroy data stored on the device and
disrupt power supplies.
It can render the system into data loss and potential financial loss
Water can cause malfunction of short circuits and damage to electronic components. It
can cause hardware damage, data loss and downtime due to the need of replacements.
Lightning strikes and electrical storms can cause power outrage leading to damage or
destruction of hardware components which can lead to data loss.
Excessive heat/temperature
Smoke and dust can accumulate on hardware components impeding airflow and causing
overheating.
Terrorist attack
Intentional attacks can involve physical damage, cyber-attacks aiming to disrupt or compromise
computer information system.
Hard devices can fail due to mechanical issues or wear and tear over time
2.Natural disasters
Flood, fires and earthquakes can physically damage the storage devices leading to data loss
3.Theft
Theft of computers or storage devices can lead to data loss especially if there is no backup
4.Power failures
5.Improper shutdowns
Turning off the computer without following proper shutdown procedures can lead to data loss
6.Human Errors
Accidental deletion where user may delete important files or directories unknowingly.
Failure to importantly backup data increases the risk of permanent data loss in the event of system
failure.
Monitoring tools
Firewall Tools
Questions
Ping command is a versatile utility used to test network connectivity and diagnose issues.
Testing reachability
Diagnosing issues
Network troubleshooting
DNS Testing
Will help in decision making when choosing an internet provider or a plan that fits your household
or your business needs.
4.N-Map
It gathers and interpret data using easy to read visualization that accurately reflect the status of
enterprise network and linked devices.
5.Explain Wireshark
Is a powerful network protocol analyzer that captures and examine network traffic
Is an advanced form of security testing designed to provide a deep technical analysis of a target
environment vulnerability to exploitation and attack.
Is an action plan for making sure that all your systems from IT infrastructure to software applications
are protected against malware and other cyber threats.
Secure Socket Layer-Is a protocol for creating a secure connection for user-server interaction.
All web interactions involve both a server and users. Users often enter or have sensitive information
on sites that have people and system vulnerable.
Multifactor Authentication-Is a multi-step account login process that requires users to enter more
information than just a password Example, along with password, users might be asked to enter a
code sent to their emails, answer a secret question or scan fingerprint.
1. Camera: -
You have two camera options when installing a CCTV camera system:
Analog
Internet protocol (IP).
2. Monitoring Station: -
You will require supporting technologies, such as routers and cables, to be integrated into
your system for a seamless connection, depending on the types of cameras and
surveillance systems you prefer.
4. Video Recorders: -
Video recorder will help in recording footage that is processed for storage and viewing.
Video recorders come in two different varieties. DVR(Digital Video
Recorders). and NVR (Network Video Recorders)
4. Storage: -
Cameras should be aimed to capture the necessary area of view without focusing on bright areas
like windows, doors, or lights. Although adequate lighting is necessary, too much light might
diminish image quality. For this reason, the placement of your cameras and DVR is of
paramount importance when setting up a CCTV system. It helps to maximize your camera
coverage while also reducing cable length.
Get the camera in position, then mark your drilling spots with a reference point. Make pilot holes
and tap in the screw moldings. Make sure the camera is securely fastened in place. Plug the
camera’s power cord into an outlet.
After you’ve drilled the necessary holes for the cameras, you can start running the cables to
them. To get cables where they need to go, you will have to make holes in the walls or ceiling.
Connectors for Ethernet cables are not always pre-installed, so you may need to crimp some on
yourself.
Establish a strategy for the routing of cables connecting the cameras to the DVR. A pre-
terminated cable should be connected from each camera’s location to the DVR’s control point. It
is recommended that the male power plug be situated on the side of the camera. Power outlets
are typically found on the side of control panels. Each camera’s black BNC cable plug should be
connected to the DVR’s corresponding video input socket.
Whether or not you choose to use a wall mount for the DVR box is up to you. Like wall outlets
and surge protectors, most will have mounting holes on the back. It can also be placed on a flat
surface like a desk or table.
First, attach the camera to the end of the cable that emerged from the opening. Then, shove the
surplus back into the opening. Get out your power drill and attach the camera to your building
using the included screws. After the camera has been installed, the adjustment screws can be
loosened to make quick, rough adjustments, and then tightened again once the fine tuning is
complete.
Connecting the cables to the DVR can begin once you have successfully routed the other end of
the cables throughout your home or business. Connect the external monitor, keyboard, and
mouse to the DVR box, with each cable going into its corresponding port. An external USB drive
can be kept permanently connected in case you ever need to transfer footage to it. Important
information to keep in mind is that the DVR and the cameras share a common power source.
Connect the DVR, monitor, and camera to the mains electricity.
The completion of this step concludes the CCTV installation process. To finish setting up your
DVR, refer to the manual for further instructions. In some cases, the manual will instruct you to
install the hard disc before you can use it, while in others, the hard drive will already be installed
and you may get started right away.