LABUAN MATRICULATION

COLLEGE
COMPUTER SCIENCE
SEMESTER 1
SESSION 2023/2024

WRITTEN ASSIGNMENT

NAME : MOHAMAD ANISYAM BIN SYAMSUDDIN

MATRIC NUMBER : MS2315113198
TUTORIAL CLASS : K05
LECTURER : MADAM RAFIAH BINTI ISHAK

1
TABLE OF CONTENT

NO CONTENT PAGE

PART A (i)

1.1. INTRODUCTION TO SECURITY RISKS 3

1.
1.2. THREE (3) TYPES OF SECURITY RISKS AND DESCRIPTION 3-5

OF EACH RISK

PART A (ii)

2.1. INTRODUCTION TO SECURITY MEASURES 6

2.
2.2. ONE (1) TYPE OF SECURITY MEASURES FOR EACH 6-7

SECURITY RISK MENTIONED IN PART A (i) AND

DESCRIPTION OF EACH MEASURE

PART B

3.1. NEWS ARTICLE 1 8

3.
3.2. NEWS ARTICLE 2 9

4. CONCLUSION 10

5. REFERENCES 11

2
 COMPUTER SECURITY RISK

INTRODUCTION :

Computer security encompasses the measures and practices aimed at safeguarding

computer systems and the data they house or interact with. Any element within a user's
computer environment that poses a threat of data compromise, theft, or unauthorized
access, often without the user's consent or awareness, falls under the category of
computer security risks. In recent years, the frequency of security-related computer
incidents has seen a significant upsurge. This increase can be attributed to the growing
complexity of the computing landscape. The proliferation of networks and the Internet has
expanded the array of potential entry points for computer attacks, further complicating the
security landscape. Consequently, multiple factors contribute to the diverse spectrum of
computer risks faced today. (Choudary, A. (2023). What is Computer Security and Its
Types? Introduction to Computer Security. Edureka.

https://www.edureka.co/blog/what-is-computer-security/#ComputerSecurityThreats)

TYPES OF COMPUTER SECURITY RISK

A system failure can occur because of a hardware failure or a severe software

issue, causing the system to freeze, reboot, or stop functioning altogether. A system failure
may or may not result in an error being displayed on the screen. The computer may shut
off without warning and without any error message. If an error message is displayed, it
often is displayed as a Blue Screen of Death error on Windows computers. System failures
may result from a hard drive with bad sectors, causing the operating system to not be able
to read data from the hard drive. A failing motherboard can cause a system failure because
the computer is not able to process requests or operate in general. A bad processor can
and usually causes a system failure because the computer cannot operate if the processor
is not working properly or at all.System failures due to software issues can occur if the
issue in the software,such as a bad line of code, is severe enough. The system failure and
subsequentcomputer shut down occurs as an attempt to prevent damage to other software
or the operating system. (What is System failure ? Retrieved from
https://www.lawinsider.com/dictionary/system-failure)

3
 Next, data theft or information theft is the act of stealing digital information stored on
computers, servers, or electronic devices to obtain confidential information or compromise
privacy. The data stolen can be anything from bank account information, online passwords,
passport numbers, driver's license numbers, social security numbers, medical records,
online subscriptions, and so on. Once an unauthorized person has access to personal or
financial information, they can delete, alter, or prevent access to it without the owner’s
permission.Data theft usually occurs because malicious actors want to sell the information
or use it for identity theft. If data thieves steal enough information, they can use it to gain
access to secure accounts, set up credit cards using the victim’s name, or otherwise use
the victim’s identity to benefit themselves. Data theft was once primarily a problem for
businesses and organizations but, unfortunately, is now a growing problem for
individuals.While the term refers to 'theft', data theft doesn't literally mean taking
information away or removing it from the victim. Instead, when data theft occurs, the
attacker simply copies or duplicates information for their own use.The terms 'data breach'
and 'data leak' can be used interchangeably when discussing data theft.A data leak occurs
when sensitive data is accidentally exposed, either on the internet or through lost hard
drives or devices. This enables cybercriminals to gain unauthorized access to sensitive
data without effort on their part.By contrast, a data breach refers to intentional
cyberattacks.(What is Information Theft ? Retrieved from
https://www.kaspersky.com/resource-center/threats/data-theft)

4
 Last but not least, Unauthorized access is the use of a computer or network without
permission.Unauthorized use is the use of a computer or its data for unapproved or
possibly illegal activitiy. Guessing passwords is a common entry vector for unauthorized
access. Manual password guessing is done using social engineering, phishing, or by
researching a person to come up with information that could be the password. In scaled
attacks, software is used to automate the guessing of access information, such as user
names, passwords, and personal identification numbers (PIN). Next,Cybercriminals often
gain unauthorized access by taking advantage of human vulnerabilities, convincing people
to hand over credentials or sensitive data. These attacks, known as social engineering,
often involve some form of psychological manipulation and utilize malicious links in email,
pop-ups on websites, or text messages. Common social engineering tactics used to gain
unauthorized access include phishing, smishing, spear phishing, ransomware, and
impersonation. (What is Unauthorized Access and Use ? Retrieved from
https://digiten.weebly.com/unauthorized-access-and-use.html)

5
COMPUTER SECURITY MEASURE

INTRODUCTION :

Computer security measures refer to the set of policies and procedures established
to protect computer networks, systems, and data from a wide range of potential threats.
These threats can include viruses, unauthorized access attempts, data breaches, and
various forms of cyber attacks. The ultimate goal of these measures is to ensure the
confidentiality, integrity, and accessibility of digital information. To achieve this objective,
it is imperative to implement robust and effective computer security mechanisms. These
mechanisms play a crucial role in safeguarding sensitive information and maintaining the
overall security of computerized systems. (Kelley, K. (2023). What is Cybersecurity and
Why It is Important? Simplilearn.com. https://www.simplilearn.com/tutorials/cyber-
security-tutorial/what-is-cyber-security)

SUITABLE COMPUTER SECURITY MEASURE

First, data backup is a duplication of a file,program,or disk that can be used if the
original is lost,damaged,or destroyed.In the case of a system failure or the discovery of
corrupted files,we restore the files by copying the backed up files to their original location
on the computer. The modern alternative to tape backup is cloud storage. With this
solution, you subscribe to a specific storage capacity in the cloud vendor's or service
provider's data center. You do not need any hardware as you do with tape drives (unless
you rely on private cloud storage), but you do need an internet connection to send
backups to the cloud. Your vendor may have ways to eliminate the problems with
uploading large amounts of data by offering physical data shipping or an initial seeding
program.(What is Data Backup ? Definition of Data Backup ,retrieved from
https://digiten.weebly.com/system-failure.html)

6
 Next, cryptography is the process of hiding or coding information so that only the person
a message was intended for can read it.The art of cryptography has been used to code
messages for thousands of years and continues to be used in bank cards,computer
passwords,and ecommerce. Modern cryptography techniques include algorithms and
ciphers that enable the encryption and decryption of information, such as 128-bit and 256-
bit encryption keys. Modern ciphers, such as the Advanced Encryption Standard (AES),
are considered virtually unbreakable. A common cryptography definition is the practice of
coding information to ensure only the person that a message was written for can read and
process the information. This cybersecurity practice, also known as cryptology, combines
various disciplines like computer science, engineering, and mathematics to create
complex codes that hide the true meaning of a message. (What is Cryptography?
Definition of Cryptography ,retrieved from
https://www.fortinet.com/resources/cyberglossary/what-is-cryptography)

Last but not least, firewall is a computer network security system that restricts
internet traffic in to,out of, or within a private network.This software functions by selectively
blocking or allowing data packets. It is typically intended to help prevent malicious activity
and to prevent anyone inside or outside a private network from engaging in unauthorized
web activities. Firewalls are typically used to gate the borders of a private network or its
host devices. As such, firewalls are one security tool in the broader category of user access
control. These barriers are typically set up in two locations on dedicated computers on the
network or the user computers and other endpoints themselves (hosts). A firewall decides
which network traffic is allowed to pass through and which traffic is deemed dangerous.
Essentially, it works by filtering out the good from the bad, or the trusted from the untrusted.
(What is Firewall ? Definition of Firewall ,retrieved from
https://www.kaspersky.com/resource-center/definitions/firewall)

7
ARTICLE 1:

Kaspersky: Phishing attacks on the rise in Malaysia, SE Asia | Malay Mail

The article highlights a significant increase in phishing incidents across Southeast

Asia, with a specific focus on targeting Kaspersky users in Malaysia, the Philippines, and
Vietnam. Phishing attacks involve cybercriminals using deceptive tactics to manipulate
individuals into revealing sensitive information, primarily through deceptive emails and
fraudulent websites, with the primary aim of stealing personal and financial data and
potentially gaining unauthorized access to confidential networks. The surge in these attacks
is attributed to the growing sophistication of cybercriminals and their ability to create
convincing phishing emails and websites. Additionally, the article underscores the
concerning trend of advanced persistent threat (APT) groups in the Asia Pacific region
increasingly using targeted phishing (spear phishing) as their preferred method to infiltrate
secure networks, often focusing on high-value targets like nation-states and large
corporations. The consequences of phishing attacks extend beyond monetary losses to
include data breaches, identity theft, stock price manipulation, corporate espionage, and the
formation of botnets for denial-of- service attacks, with the potential to harm the reputation
of organizations and government agencies. The recommended solutions to combat these
threats include employee education, robust email security technology, incident response
readiness, and the incorporation of threat intelligence services, all vital components for
navigating and safeguarding against the evolving phishing threat landscape in Southeast
Asia.

8
ARTICLE 2:

15 men armed with baseball bats rob computer store in Cheras | Free Malaysia Today (FMT)

The article details an alarming armed robbery incident that occurred at a computer
store in Bandar Damai Perdana, Cheras. In this security threat, 15 individuals, armed with
baseball bats, forcibly entered the premises, violently assaulted the security guard, and
made off with computer equipment valued at RM70,000. The primary cause of this incident
lies in the criminal intent of the 15 individuals, driven by the goal of stealing valuable
computer equipment, underlining economic motives and their willingness to employ
violence. The impact of this armed robbery is substantial, encompassing a significant
financial loss for the computer store and physical harm to the security guard. Beyond these
immediate consequences, such incidents contribute to community fear and insecurity. To
mitigate and prevent similar threats in the future, suggested measures include enhanced
security measures such as surveillance systems and security personnel, community
vigilance through prompt reporting of suspicious activities, close collaboration with law
enforcement for investigation, and the establishment of crime prevention programs aimed
at enhancing safety within the community and among businesses.

9
CONCLUSION:

The two articles highlight distinct but critical security threats faced in Malaysia and
Southeast Asia. The first article emphasizes the alarming surge in phishing attacks, with
cybercriminals targeting individuals and organizations, leading to significant financial and
data security risks. The second article reports an armed robbery at a computer store,
underlining the physical threat to individuals and businesses. In both cases, proactive
security measures, including education, technology, and collaboration with law
enforcement, are essential to mitigate these threats. These incidents serve as a reminder
of the diverse security challenges faced in the region and the need for a multifaceted
approach to safeguard individuals, businesses, and communities from both digital and
physical threats.

10
REFERENCES:

1. Sadiq, A., Anwar, M., Butt, R. A., Masud, F., Shahzad, M. K., Naseem, S., &
Younas, M. (2021, October 21). A review of phishing attacks and
countermeasures for Internet of Things-based smart business applications in
Industry 4.0. Human Behavior & Emerging Technologies.
https://doi.org/10.1002/hbe2.301

2. Serwadda, A., Phoha, V. V., Wang, Z., Kumar, R., & Shukla, D. (2016).

Toward Robotic Robbery on the Touch Screen. ACM Transactionson

Information and System Security, 18(4),ArticleNo.

14,1-25.https://doi.org/10.1145/2898353

3. Alsharnouby, M., Alaca, F., & Chiasson, S. (2015). Why phishing still works:
User strategies for combating phishing attacks. International Journal
of Human-Computer Studies,82,69-82.
https://doi.org/10.1016/j.ijhcs.2015.05.005

11
Name: Mohamad Anisyam bin Syamsuddin Matric Number: MS2315113198 Tutorial: K05

Assignment Rubrics (Mark Sheet) Computer Science SC015

Missing Item Low Average Excellent Mark
Criteria Weightag Total
0 1 2 3 e Examiner Moderator
Introduction No introduction. The introduction is The introduction The introduction
not clear to the clearly states the clearly states the main
main topic and main topic and topic and previews
does not preview preview the the structure of the
the structure of structure of the writing. Also 1
the writing but does not encourage readers to
writing. attract reader to continue reading the
the writing content.
Content No correct Correctly discuss Correctly discuss Correctly discuss
(Computer point is only one type of only two types of three or more types
Security Risk) discussed. computer security computer security of computer security 2
risk related to the risk related to the risk related to the
situation selected. situation selected situation selected
Content No correct Correctly discuss Correctly discuss Correctly discuss
(Computer point is only one type of only two types of three or more of
Security discussed. computer computer security computer security
Measures) security measures measures related measures related 2
related to to computer to computer
computer security risks security risks
security risks discussed. discussed.
discussed.
Conclusion No conclusion Conclusion not Conclusions are Conclusions are
provided. organized and not organized but organized and tied up
tied up to partially tied up to to all contents 1
contents contents discussed.
discussed. discussed.
Coherently Not able to Able to write Able to write ideas Able to write ideas
written write ideas ideas with coherently and systematically with
academic coherently limited systematically but excellent 1
discourse and coherence but require minor coherence.
systematically. require further improvements.
improvements.
Originality There is Only a few parts of Most of the writing The writing shows
evidence that the writing show shows original substantial
shows the the original thought. originality.
writing is totally thought.
a copy of other 1
people’s ideas
(from any
source).

Format Writing without Writing follows Writing follows the Writing follows the
following the the format given format given format given
format given. minimally. partially. totally. 1

Bibliography Not state Refers three Refers three Refers three or more
(APA Styles) any reference reference reference sources
bibliography. sources without sources according to APA 1
following and minimally citation format.
APA following APA
citation citation format.
format. Total
 Lampiran/Attachment
PB/PTP

STUDENT’S DECLARATION
MINISTRY OF EDUCATION MALAYSIA MATRICULATION PROGRAMME

Student’s Name: Course: COMPUTER SCIENCE Matric No.: MS2315113198

Mohamad Anisyam bin Syamsuddin Code: SC015

Assignment’s Title: 3.3 SECURITY RISK & SECURITY MEASURES

Student’s Declaration

I declare that this task is my own work except for the citations and summaries of which I acknowledged the source.

Signature: Nisyam Date: 18 September 2023

(Mohamad Anisyam bin Syamsuddin)

1
 PB/MTP
MAKLUM BALAS TUGASAN PELAJAR
PROGRAM MATRIKULASI KEMENTERIAN PENDIDIKAN
MALAYSIA
CONTINUOUS ASSESSMENT FEEDBACK
MINISTRY OF EDUCATION MALAYSIA MATRICULATION PROGRAMME

Tugasan / Task
Perincian / Details
Ujian Amali/ Practical
Tugasan/ Assignment Ujian Amali/ Practical Test
Test

Kekuatan attribut/
Attribute’s strength

Attribut yang boleh

diperbaiki/ Attribute
that can be improved

Lain-lain/ Others

Nama & Tandatangan

Pemeriksa / Examiner
Name & Signature

Tarikh/ Date
Pengesahan Pelajar/ Student’s confirmation

Saya mengesahkan bahawa maklum balas yang diberikan oleh pensyarah telah saya fahami.
I declare that I understand the feedback given by the lecturer.

Catatan (tarikh
perjumpaan
susulan, jika perlu)/
Note (follow-up
session if
necessary)

Tandatangan
Pelajar/ Student’s
Signature

Tarikh/ Date

Nota: Borang maklum balas ini perlu diserahkan kepada pelajar pada awal semester. Pelajar dikehendaki menyerahkan borang maklum balas ini kepada
pensyarah setiap kali selesai melaksanakan setiap tugasan penilaian berterusan.