Computer Skills (CCS 321/22/M10)

Lecture 4

1.3. COMPUTER SECURITY

 Define the following terms
-Computer security
-Data integrity
Computer security is the protection of computer and information systems from
unauthorised access, harm, misuse, theft and information loss
Data integrity is the assurance that digital information is safe, accurate, reliable and
consistent, that it has not been altered in unauthorized manner.

 Describe the measures to ensure data security

Data security measures are techniques developed to safeguard data and information stored
on computers.
1. Back up your data
You should back up your data regularly. If you’re using an external storage device, keep it
somewhere other than your main workplace – encrypt it, and lock it away if possible. That
way, if there’s a break-in, fire or flood, you’ll minimise the risk of losing all your data. Check
your back-up. You don’t want to find out it’s not worked when you need it most. Make sure
your back-up isn’t connected to your live data source, so that any malicious activity doesn’t
reach it.
2. Use strong passwords and multi-factor authentication
Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and
any other devices or accounts where personal information is stored. Where possible, you
should consider using multi-factor authentication. Multi-factor authentication is a security
measure to make sure the right person is accessing the data. It requires at least two
separate forms of identification before access is granted. For example, you use a password
and a one-time code which is sent by text message.
3. Put up a strong firewall
4. Install anti-virus and malware protection And keep it up-to-date.

COMPUTER SKILLS (CCS 321/22/M05)

LECTURER: L.S.T/G.C Page 1
You must make sure the devices you and your employees use at home, or when you’re
working away, are secure. Anti-virus software can help protect your device against malware
sent through a phishing attack.
5. Make sure your Wi-Fi connection is secure
Using public Wi-Fi, or an insecure connection, could put personal data at risk. You should
make sure you always use a secure connection when connecting to the internet. If you’re
using a public network, consider using a secure Virtual Private Network (VPN).
6. Limit access to those who need it
Different workers may need to use different types of information. Put access controls in
place to make sure people can only see the information they need. For example, payroll or
HR may need to see workers’ personal information, but your sales staff won’t. If someone
leaves your company, or if they’re absent for a long period of time, suspend their access to
your systems.
7. Take care when sharing your screen
Sharing your screen in a virtual meeting may show your device to others exactly as you see
it, including any open tabs or documents. Before sharing your screen, you should close
anything you don’t need and make sure your notifications and pop-up alerts are switched
off.
8. Dispose of old IT equipment and records securely
You must make sure no personal data is left on computers, laptops, smartphones or any
other devices, before you dispose of them. You could consider using deletion software, or
hire a specialist to wipe the data
9. Data Masking
Data masking is important types of data security measures in which hiding original data
with modified content (such as characters or other data). It is the process of
interchanging or modifying certain elements of the data, enabling security and ensures
confidentiality of data.

10. Have a Data recovery plan

11. Secure the building

COMPUTER SKILLS (CCS 321/22/M05)

LECTURER: L.S.T/G.C Page 2
 Describe the major threats to Information Systems/Computers
1. Unauthorized Access − One of the most common security risks regarding
computerized information systems is the hazard of unauthorized access to confidential
information .The main concern appears from unwanted intruders, or hackers, who use
the current technology and their skills to divide into supposedly secure computers or to
exhaust them. A person who gains access to data system for malicious reason is often
termed of cracker instead of a hacker.
2. Malware attacks - Computer Viruses, worms, spyware
3. Social engineering attacks – is the art of manipulating people so that they give up their
confidential information like bank account details, password etc. phishing, malvertising
4. Theft of intellectual property - copyright infringement,
5. man in the middle attack(MitM) – eaves dropping attack
6. Vandalism − Deliberate damage cause to hardware, software and data is treated as
serious threat to information system security. The threat from destruction lies in the fact
that the organization is temporarily refused access to someone of its resources. Even
relatively minor damage to an element of a system can have an essential effect on the
organization as a whole.
7. Accidents − Accidental misuse or damage will be influenced over time by the attitude
and disposition of the staff in addition to the environment. Human errors have a higher
impact on information system security than do manmade threats caused by purposeful
attacks. But most accidents that are serious threats to the security of information
systems can be diminished.
8. Hardware theft
9. Information extortion
10. ….. add more

 Define computer crime / fraud and describe the different types of computer crime/fraud

Computer Crime
Computer crime definition: an illegal activity committed on or requiring the use of
computers.
Computer Crime pertains to criminal acts that are committed through the use of a computer.
Cyber-crime involves the use of a computer and the Internet or cyber space. All
cybercrimes are also computer crimes
COMPUTER SKILLS (CCS 321/22/M05)
LECTURER: L.S.T/G.C Page 3
Examples of computer crime:
 Hacking
 Internet Fraud
 Pornography
 Cyber stalking
 Phishing and scamming
 Denial of service (DOS) - attach a denial-of-service attack is a cyber-attack in which the
perpetrator seeks to make a machine or network resource unavailable to its intended
users by temporarily or indefinitely disrupting services of a host connected to a network.
Distributed Denial of Service Attack is where multiple compromised systems are used to
flood the network bandwidth or network resources of a
 Identity theft
 Theft of computer system components

Homework 4
 Describe the measures to combat computer crime
 Describe a Disaster Recovery Plan (DRP)
A DRP is an organisations method of regaining access and functionality of its computer and
information systems after unplanned events occur such as natural disasters, cyber-attacks
or disruptions. It contains procedures to be followed as well as a disaster recovery team. It
includes risk evaluation, back up of files, asset identification, testing and optimisation.
[ADD MORE….]

COMPUTER SKILLS (CCS 321/22/M05)

LECTURER: L.S.T/G.C Page 4