Introduction to Information and

Communication Technology
(CIS-ICT-111)

BEEE1, BETE1 & BBME1

Computer safety, security and controls

By:

Mwamvani Kaunde
Computer Science and Information Systems Department
Computer Security

´ Computer security is the protection of computer systems from the

theft and damage to hardware, software or information as well as
from disruption or misdirection of the services they provide.
´ The protection of computing systems and the data that they store
or access.
Key Principles of Computer Security

´ The key principles are:

´ Confidentiality
´ Integrity
´ Availability
Confidentiality

´ Confidentiality is concerned with preventing the unauthorized disclosure of

sensitive information.
´ The disclosure could be intentional, such as breaking a cipher and reading
the information, or
´ It could be unintentional, due to carelessness or incompetence of
individuals handling the information.
Integrity

´ There are three goals of integrity:

 Prevention of the modification of information by unauthorized users
 Prevention of the unauthorized or unintentional modification of information
by authorized users
 Preservation of the internal and external consistency
• Internal consistency ensures that internal data is consistent.
• External consistency ensures that the data stored in the database is
consistent with the real world.
Availability

´ Availability assures that a system’s authorized users have timely and

uninterrupted access to the information in the system and to the network.
What to secure

HARDWARE SOFTWARE
• Laptops • Application
• Desktops software
• Storage devices • Operating system

INFORMATION COMMUNICATION
• Personal information • Emails
• Corporate • Browsing activities
information • Networks
• Passwords etc
Threat , vulnerability and risk

 Threat -Anything that can disrupt the operation, functioning,

integrity, or availability of a system
 Vulnerability - An inherent weakness in the design, implementation
or management of a network or system that renders it susceptible to
a threat.
 Risk – the likelihood of a threat agent taking advantage of the
systems vulnerability and the corresponding business impact
Example

Scenario: a company has antivirus software which is outdated

´ Having an outdated antivirus is a vulnerability. The company is
vulnerable to virus attacks
´ Threat: a virus might show up and attack the company's computer
systems
´ Likelihood of the virus showing up is the risk.
Types of security threats

´ Virus attacks
´ Theft of valuable data
´ ‘Hacking’ attempts from outside the organisation (outside attacks)
´ Physical threats – theft of data media, vandalism, power loss
´ Equipment malfunction – failure of systems and peripheral devices
Malware

 Malicious software is any program designed to secretly enter a

computer, gain unauthorized access to data, or disrupt normal
processing operations.
 Malware Include:
a. Virus
´ A computer virus is a set of program instructions that attaches
itself to a file, reproduces itself, and spread to other files.
Malware (Cont’d)

b. Worm
´ A computer worm is a self-replicating program designed to carry
out some unauthorized activity on a victim’s computer. They do
not affect other programs.
c. Trojan Horse
´ Is a computer program that seems to perform one function while
actually doing something else.
´ Trojan are standalone program that appear as useful utilities or
application, which victim download and install unaware of their
destructive nature.
Malware (Cont’d)

d. Spyware
´ Is a type of program that secretly gathers personal information
without the victim’s knowledge, usually for advertising and other
commercial purposes.
e. Adware
´ Is a program that uses collected data about a user in order to
display advertisements in a way regarded as intrusive.
´ It usually manifests itself in the form of many pop-up windows
that display ads
Malware (Cont’d)

f. Hoax
´ Is a false message being spread by e-mail in order to deceive
users.
´ Their goal is to obtain data of, for instance, a bank account
g. Spam
´ Spam is an unsolicited e-mail message or newsgroup posting
sent to many recipients or newsgroups at once.
´ Spam is Internet junk mail
Malware Activities

Once Malware enter computer, it can carry out a variety of

unauthorized activities such as:
i. Deleting or modifying Data
ii. Upload and download unwanted files
iii. Disable antivirus and firewall software
iv. Cause response time on the system deteriorate
v. Cause Network traffic jams
Hardware Theft and Vandalism

´ Hardware theft is the act of stealing computer equipment.

´ Hardware vandalism is the act of defacing or destroying computer
equipment.
Software Theft

’ Software theft occurs when someone steals software media, intentionally

erases programs, illegally copies a program, or illegally registers and/or
activates a program.
’ Software piracy is the unauthorized and illegal duplication of copyrighted
software.
’ Illegally obtaining registration numbers can be done with keygens, short for
key generators.
Information Theft

´ Information theft occurs when someone steals personal or

confidential information.
´ It has potential of causing more damage than hardware or
software theft.
´ Information transmitted over networks offers a higher degree of risk.
Computer security controls

´ Security controls are safeguards or countermeasures to avoid,

detect, counteract, or minimize security risks to information and
computer systems.
´ Computer security controls often divided into three categories:
´ Physical
´ Technical
´ Administrative
Identifying and Authenticating Users

’ An access control is a security measure that defines who can access a

computer, when, and what actions they can take.
’ The computer should maintain an audit trail that records in a file both
successful and unsuccessful access attempts.
’ Identification verifies that an individual is a valid user.
’ Authentication verifies that the individual is the person he or she claims to
be.
User Names and Passwords

’ A user name, or user ID, is a unique combination of characters (letters,

numbers) that identifies a specific user.
’ A password is a private combination of characters associated with the
user’s name that allows access to certain computer resources.
’ A CAPTCHA, which stands for Completely Automated Public Turing test to
tell Computers and Humans Apart, is a program developed at CMU to
verify that user input is not computer generated.
Possessed Objects

´ A possessed object is any item that you must carry to gain access to a
computer or computer facility (badges, cards, keys).
´ A personal identification number (PIN) is a numeric password, either
assigned by a company or selected by a user.
Biometric Devices

’ A biometric device authenticates a person’s identity by translating a

personal characteristic, such as a fingerprint, into digital code that is
compared with a digital code stored in the computer verifying a physical
or behavioral characteristic.
◦ Ex. Biometric payment is used, where a customer’s fingerprint is read and their
account is charged.
Security Software

 Is designed to protect computers from various forms of destructive

software and unauthorized intrusions.
 Security software can be classified into:
i. Antivirus
ii. Anti-spyware
iii. Anti-spam
iv. Firewalls
 Each type focuses on specific security threat
Protection against Malware

In order to protect a computer and information against Malware, the

following aspects must be considered :
i. Install and activate security software on every computing device
ii. Keep Software and OS Pack up to date.
iii. Do no open suspicious e-mail attachments
iv. Obtain software from reliable source and before running it scan it
for malware.
v. The entire computer file system must be scanned on a regular
basis by the antivirus programme or peripheral programmes.
Safeguards against Hardware Theft and
Vandalism
’ Some labs attach physical security devices such as cables that lock the
equipment to a desk.
’ Installing alarm systems
’ Some businesses use real time location system (RTLS) to track and identify
the location of high-risk or high-value items.
’ Mobile devices require extra security, such as logon passwords, encrypted
data, and even software to photograph the thief.
Safeguards against Information Theft

´ Most organizations attempt to prevent information theft by implementing

the user identification and authentication controls discussed earlier.
´ Using encryption algorithms to encrypt the data
Firewalls

´ A firewall is hardware and/or software that protects a network’s resources

from intrusion by users on another network such as the Internet.
´ All networked and online computer users should implement a firewall
solution.
´ Organizations use firewalls to protect network resources from outsiders and
to restrict employees’ access to sensitive data
END