ICT

SECURITY
IT 101 - BSMA
 OBJECTIVES

1. Discuss Security Issues: Threats to Computers and Communication Systems

2. Distinguish Security Safeguards: Protecting Computer and Communications
3. Explain Privacy & Surveillance.
THREATS TO COMPUTERS AND COMMUNICATION SYSTEMS

What are some key threats to computers?

• Errors and accidents
• Natural hazards
• Computer crimes
• Computer criminals
1. ERRORS AND ACCIDENT

HUMAN ERRORS
• Humans often are not good at assessing their own information needs
• Human emotions affect performance
• Humans act on their perceptions, which may not be fast enough to keep up
PROCEDURAL ERRORS

Some spectacular computer failures have occurred because someone didn’t follow procedures. In
1999, the $125 million Mars Climate Orbiter was fed data expressed in pounds, the English unit of
force, panel 9.2 Threats to computers and communications systems The Challenges of the Digital Age
463 instead of newtons, the metric unit (about 22% of a pound). As a result, the spacecraft flew too
close to the surface of Mars and broke apart. A few years earlier, Nasdaq, the nation’s second-largest
stock market, was shut down for 2½ hours by an effort, ironically, to make the computer system more
user friendly. Technicians were phasing in new software, adding technical improvements a day at a
time. A few days into this process, technicians trying to add more features to the software flooded the
data storage capability of the computer system. The result was to delay the opening of the stock
market and shorten the trading day. In 2001, a failed software upgrade halted trading on the New York
Stock Exchange for an hour and a half.
SOFTWARE ERRORS

We are forever hearing about “software glitches” or “software bugs.” A software bug is an
error in a program that causes it not to work properly. For example, in 2008 experts found a
software glitch that would have allowed attackers to gain control of water treatment plants,
natural gas pipelines, and other utilities. Also in 2008, patients at Veterans Administration
health centers were given incorrect drug doses, were delayed in treatments, and experienced
other medical errors because of software glitches in health records.
“DIRTY DATA” PROBLEMS

When keyboarding a research paper, you undoubtedly make a few typing errors (which,
hopefully, you clean up). So do all the data-entry people around the world who feed a
continual stream of raw data into computer systems. A lot of problems are caused by this
kind of “dirty data.” Dirty data is incomplete, outdated, or otherwise inaccurate data. A
good reason for having a look at your records—credit, medical, school—is so that you can
make any corrections to them before they cause you complications. Although databases are
a timesaving resource for information seekers, they can also act as catalysts, speeding up
and magnifying bad data.
ELECTROMECHANICAL PROBLEMS: ARE “NORMAL
ACCIDENTS” INEVITABLE?

• Electrical problems: Power failures (brownouts and blackouts) can shut a system down. Power
surges can also burn out equipment. One major area of concern is that as information technology
spreads, lightning strikes that once simply made the houselights flicker will now burn out
computers, phones, web connections, and servers. Since some areas experience more electrical
hits than other areas do, lightning frequency could significantly affect regional economies.
• Voting machine breakdowns: As examples of how badly information technology can work, we
have only to consider failures in voting machines, when printers jammed, servers crashed, and
poorly designed touch-screen ballots led voters to make mistakes that invalidated their votes.
2. NATURAL HAZARDS

Whatever is harmful to property (and people) is harmful to

computers and communications systems. This certainly includes
natural disasters: fires, floods, earthquakes, tornadoes, hurricanes,
blizzards, and the like. If they inflict damage over a wide area, as
have ice storms in eastern Canada or hurricanes in the Gulf Coast
states, natural hazards can disable all the electronic systems we
take for granted. Without power and communications connections,
cellphones, automated teller machines, credit card verifiers, and
bank computers are useless.
3. COMPUTER CRIMES

A computer crime can be of two types.

(1) It can be an illegal act perpetrated against
computers or telecommunications, or
(2) It can be the use of computers or
telecommunications to accomplish an illegal act.
THE FOLLOWING ARE CRIMES OF BOTH
TYPES
THEFT OF HARDWARE
Hardware theft can range from shoplifting an accessory in a computer store to removing a
laptop or cellular phone from someone’s car. Professional criminals may steal shipments of
microprocessor chips off a loading dock or even pry cash machines out of shopping-center
walls.
THEFT OF SOFTWARE
Pirated software, is software obtained illegally, as when you make an illegal copy of a
commercial video game.
THE FOLLOWING ARE CRIMES OF BOTH
TYPES
THEFT OF ONLINE MUSIC & MOVIES
Many students may feel that illegally downloading music and movies is a victimless crime,
but to the entertainment industry it is just plain piracy or theft.
THEFT OF TIME & SERVICES
The theft of computer time is more common than you might think. Probably the biggest
instance is people using their employer’s computer time to play games, do online shopping,
or dip into web pornography. Some people even operate sideline businesses.
THE FOLLOWING ARE CRIMES OF BOTH
TYPES
THEFT OF INFORMATION
Clearly, information thieves are having a field day. They have infiltrated the files of the Social
Security Administration, stolen confidential personal records, and sold the information.
INTERNET-RELATED FRAUD
Internet or online service fraud is a runaway problem, accounting for 90% of all consumer fraud
complaints to the Federal Trade Commission in 2008. The most common complaints, according
to the Internet Crime Complaint Center, were non delivery of merchandise and/or payment
(32.9%), internet auction fraud (25.5%), and credit/debit card fraud (9.0%).
THE FOLLOWING ARE CRIMES OF BOTH
TYPES
TAKING OVER YOUR PC: ZOMBIES, BOTNETS, & BLACKMAIL
A zombie, or drone, a computer taken over covertly and programmed to respond to
instructions sent remotely, often by instant-messaging channels.
Botnet, short for “robot network,” a network of computers compromised by means of a
Trojan horse that plants instructions within each PC to wait for commands from the person
controlling that network.
THE FOLLOWING ARE CRIMES OF BOTH
TYPES
CRIMES OF MALICE: CRASHING ENTIRE SYSTEMS
Sometimes criminals are more interested in abusing or vandalizing computers and
telecommunications systems than in profiting from them. For example, a student at a
Wisconsin campus deliberately and repeatedly shut down a university computer system,
destroying final projects for dozens of students; a judge sentenced him to a year’s
probation, and he left the campus.
4. COMPUTER CRIMINALS

INDIVIDUALS OR SMALL GROUPS

These include individuals or members of small groups who use fraudulent email and websites to
obtain personal information that can be exploited, either for monetary gain or sometimes simply to
show off their power and give them bragging rights with other members of the hacker/ cracker
community.
EMPLOYEES
Workers may use information technology for personal profit or to steal hardware or information to
sell. They may also use it to seek revenge for real or imagined wrongs, such as being passed over for
promotion; indeed, the disgruntled employee is a principal source of computer crime.
4. COMPUTER CRIMINALS

OUTSIDE PARTNERS & SUPPLIERS

Suppliers and clients may also gain access to a company’s information technology and use it to
commit crimes, especially since intranets and extranets have become more commonplace. Partners
and vendors also may be the inadvertent source of hacker mischief because their systems may not be
as well protected as the larger partner’s networks and computers, and so a third party may penetrate
their security.
CORPORATE SPIES
Competing companies or individuals may break into a company’s computer system to conduct
industrial espionage—obtain trade secrets that they can use for competitive advantages.
4. COMPUTER CRIMINALS

ORGANIZED CRIME
Members of organized crime rings not only steal hard ware, software, and data; they also use spam,
phishing, and the like to commit identity theft and online fraud. Even street gangs now have their
own web sites, most of them perfectly legal, but some of them possibly used as chat rooms for drug
distribution. In addition, gangs use computers the way legal businesses do—as business tools—but
they use them for illegal purposes, such as keeping track of gambling debts and stolen goods.
CYBERWAR FIGHTERS
Cyberwarfare, or cyberwar, is the use of computers and the internet to attack an enemy’s information
systems.
SECURITY: SAFEGUARDING COMPUTERS &
COMMUNICATIONS

We consider five components of security

• Deterrents to computer crime
• Identification and access
• Encryption
• Protection of software and data
• Disaster-recovery plans
1. DETERRENTS TO COMPUTER CRIME

What are some ways to deter computer crime?

ENFORCING LAWS
Law enforcement agencies regularly cruise online bulletin boards and chat rooms looking
for pirated software, stolen trade secrets, child molesters, and child pornography.
TOOLS FOR FIGHTING FRAUDULENT &
UNAUTHORIZED ONLINE USES

Tools used to detect fraud are the following:

• Rule-based-detection software
• Predictive-statistical-model software
• Employee internet management (EIM) software
• Internet filtering software
• Electronic surveillance
2. IDENTIFICATION & ACCESS

There are three ways a computer system can verify that

you have legitimate right of access. Some security
systems use a mix of these techniques. The systems try
to authenticate your identity by determining
(1) what you have,
(2) what you know, or
(3) who you are.
WHAT YOU HAVE—CARDS, KEYS, SIGNATURES, &
BADGES

Credit cards, debit cards, and cash-machine cards all have magnetic strips or built-in
computer chips that identify you to the machine. Many require that you display your
signature, which may be compared with any future signature you write. Computer rooms
are always kept locked, requiring a key. Many people also keep a lock on their personal
computers. A computer room may also be guarded by security officers, who may need to
see an authorized signature or a badge with your photograph before letting you in. Of
course, credit cards, keys, and badges can be lost or stolen. Signatures can be forged.
Badges can be counterfeited.
WHAT YOU KNOW—PINS & PASSWORDS

To gain access to your bank account through an automated teller machine (ATM), you key
in your PIN. A PIN (personal identification number) is the security number known only to
you that is required to access the system. Telephone credit cards also use a PIN. If you carry
either an ATM or a phone card, never carry the PIN written down elsewhere in your wallet
(even disguised). As we stated earlier in the book, passwords are special words, codes, or
symbols required to access a computer system. Passwords are one of the weakest security
links, and most can be easily guessed or stolen.
WHO YOU ARE—PHYSICAL TRAITS

Biometrics is the science of measuring individual

body characteristics. Biometric authentication
devices authenticate a person’s identity by verifying
his or her physical or behavioral characteristics with
a digital code stored in a computer system.
3. ENCRYPTION

Encryption is the process of altering readable data into unreadable form to prevent
unauthorized access, and it is what has given people confidence to do online shopping and
banking. Encryption is clearly useful for some organizations, especially those concerned
with trade secrets, military matters, and other sensitive data.
PROTECTION OF SOFTWARE & DATA

CONTROL OF ACCESS
Access to online files is restricted to those who have a legitimate right to access—because
they need them to do their jobs.
AUDIT CONTROLS
Many networks have audit controls for tracking which programs and servers were used,
which files opened, and so on. This creates an audit trail, a record of how a transaction was
handled from input through processing and output.
PROTECTION OF SOFTWARE & DATA

PEOPLE CONTROLS
Because people are the greatest threat to a computer system, security precautions begin with
the screening of job applicants. Résumés are checked to see if people did what they said
they did. Another control is to separate employee functions, so that people are not allowed
to wander freely into areas not essential to their jobs. Manual and automated controls—
input controls, processing controls, and output controls—are used to check if data is
handled accurately and completely during the processing cycle. Printouts, printer ribbons,
and other waste that may reveal passwords and trade secrets to outsiders are disposed of
through shredders or locked trash barrels.
4. DISASTER-RECOVERY PLANS

A disaster-recovery plan is a method of restoring information-processing operations that

have been halted by destruction or accident.
PRIVACY & SURVEILLANCE

Surveillance, implies an agent who accesses (whether through discovery tools, rules or
physical/logistical settings) personal data. Privacy, in contrast, involves a subject who
restricts access to personal data through the same means.
Privacy is the right of people not to reveal information about themselves. Many people are
worried about the loss of their right to privacy—more than 90% of respondents to one
survey called online privacy a “really” or “somewhat” important issue—fearing they will
lose all control of the personal information being collected and tracked by computers.
BUSINESS & CYBERSPYING

1. Almost everything we do online is being scooped up and recorded for use by

marketers, and it’s difficult to know what parts of our own lives still belong to us.
2. Whatever the impact on your personal privacy, it seems unlikely that you can claim
ownership of a lot of data that’s being collected about you. At work, for instance, you
basically have no rights.
SPYING, HACKING, & CYBERWARFARE BY
FOREIGN GOVERNMENTS & GROUPS

The world is so interconnected that it is a constant struggle for technology managers to

keep us secure against cyber invasions of all sorts.
Governments get involved in cyberwarfare —warfare involving computers and the
Internet in which one nation attacks another’s information systems.