DIGITAL LITERACY

TOPIC 2: APPLY SECURITY MEASURES TO DATA, HARDWARE AND SOFTWARE

IN AUTOMATED ENVIRONMENT
Data security: This is the process of making sure data is available only to those who need it for
legitimate purpose.

Data: This is the information that has been translated into a form that is efficient for movement
or processing.

Privacy refers to the fundamental right and concept that individuals have the authority to control
their personal information, limiting who has access to it and how it is used

Privacy is a critical aspect of personal freedom, autonomy, and human dignity, and it is essential
for maintaining trust in both physical and digital interactions.

Data privacy /Information privacy: It is the aspect of information technology that deals with
the ability of an organization or individual to determine what data in a computer system can be
shared with third parties.

Security threats: This is the process of an illegal entity gaining access to a company’s data or
information.

Control measures: This is any measure taken to eliminate or reduce the risk of security threats.

Cyber criminals: These are illegal users who use many different methods to lure you into
parting with your confidential personal or business information.
Data security in an automated environment refers to the measures and practices implemented
to protect data, both in digital form (software) and physical storage (hardware), from
unauthorized access, disclosure, alteration, or destruction.
Challenges to big data security and privacy
 Securing and protecting data in real time: Due to large amounts of data generation, most
organizations are unable to maintain regular checks. However, it is most beneficial to
perform security checks and observation in real time or almost in real time.
 Data provenance: To classify data, it is necessary to be aware of its origin in order to
determine the data origin accurately, so that authentication, validation and access control
can be gained.
 Protecting access control method communication and encryption: A secured data storage
device is an intelligent step in protecting the data. Yet, because most often data storage
devices are vulnerable, it is important to encrypt the access control methods as well.
Security Threats Are Identified and Control Measures Used
A threat is a possible danger that might exploit a vulnerability to breach security and therefore
cause possible harm. A threat can either be intentional (e.g. hacking by an individual or criminal
organization) or accidental (the possibility of a computer malfunctioning OR the possibility of
natural disasters such as fires or otherwise a circumstance, capability, action or event).

Classification of security threats

 Classification according to type
 Physical damage: For example, fire, floods
 Natural events: For example, climate, volcanic
 Compromise of information: Via eavesdropping, theft of media
 Technical failures: For example, equipment, software
 Compromise of functions and errors in use, abuse of rights
 Classification according to origin
 Deliberate: Aiming at information asset e.g. spying, illegal processing of data
 Accidental: For example, equipment failure, software failure
 Environmental: For example, natural event, loss of power supply
 Negligence: Known but neglected factors compromising the network safety and
sustainability.

Categories of the risk of security threats

 Damage: How bad would an attack be?
 Reproducibility: How easy it is to reproduce the attack?
Exploitability: How much work is it to launch the attack
 Affected users: How many users will be impacted?
 Discoverability: How easy it is to discover the threat?
Counter measures to security threat
A counter measure is an action, device, procedure or technique that reduces a threat, a
vulnerability or an attack by eliminating or preventing it, by minimizing the harm it can cause or
by discovering and reporting it so that corrective action can be taken.

Counter measures against physical attacks

If a potential malicious actor has physical access to a computer system, they have a greater
chance of inflicting harm upon it. We can use the following counter measures:
i. Electronic destruction devices: Devices such as USB killer may be used to damage or
render completely unusable anything with a connection to the motherboard of a
computer. Without paper destruction, these devices may result in the destruction of ports
and anything physically connected to the device attacked e.g. monitors.
 ii. Hard drives and storage: If the data of a storage device is in use and must be secured,
one can use encryption to encrypt the content of a storage device or even encrypt the
whole storage device. The device can be unlocked by a password, biometric
authentication, a network interchange or any combination thereof. The process of adding
physical barriers to the storage device is not to be neglected. Locked cases or physically
hidden drives with a limited number of personnel with knowledge and access to the keys
or locations may prove to be a good first line against physical theft.

2.1 CLASSIFICATION OF DATA SECURITY AND PRIVACY IMPLEMENTATION

IN ACCORDANCE WITH PREVAILING TECHNOLOGY
This is through a layered approach that adapts to the evolving landscape of threats and
innovations. These classifications can vary based on the technology, but generally, they include
the following categories:
1. Access Control
- Physical Access Control: This involves restricting physical access to data centers, servers,
and storage facilities using technologies like biometric scanners, keycards, and surveillance
systems.
- Logical Access Control: This includes technologies like user authentication (e.g., usernames
and passwords, biometrics), authorization (e.g., role-based access control), and multifactor
authentication (MFA) to ensure that only authorized users can access data.
2. Encryption
- Data Encryption: Encryption technologies, such as Advanced Encryption Standard (AES)
and public key infrastructure (PKI), are used to protect data both in transit (e.g., during
transmission over the internet) and at rest (e.g., on storage devices).
3. Network Security
- Firewalls: Firewall technologies monitor and control network traffic to prevent unauthorized
access and protect against threats like malware and hackers.
- Intrusion Detection and Prevention Systems (IDS/IPS): These technologies detect and
respond to suspicious network activities, including potential security breaches and attacks.
4. Endpoint Security
- Antivirus and Anti-malware Software: These technologies scan and protect individual
devices (endpoints) from malicious software and malware threats.
- Mobile Device Management (MDM): MDM solutions help secure and manage mobile
devices by enforcing security policies, encryption, and remote wipe capabilities.
5. Data Loss Prevention (DLP):
- DLP technologies monitor and prevent unauthorized data transfers or leaks, both inside and
outside an organization. They use content inspection and policy enforcement to safeguard
sensitive information.
6. Cloud Security
- Cloud Access Security Brokers (CASBs): CASBs provide security and compliance controls
for data stored and accessed in cloud environments, including SaaS, PaaS, and IaaS platforms.
- Identity and Access Management (IAM): IAM solutions help manage user access and
permissions to cloud services and resources.
7. Privacy Enhancing Technologies
- Anonymization and Pseudonymization: These technologies protect individual privacy by
replacing or obscuring personally identifiable information (PII) in datasets.
- Privacy-Preserving Cryptography: Techniques like homomorphic encryption allow
computations on encrypted data without revealing the data itself.
8. Blockchain and Distributed Ledger Technology
- Blockchain can be used to enhance data security and privacy through its immutable and
decentralized nature, making it suitable for applications like secure data sharing and identity
management.
9. Biometrics
- Biometric technologies, such as fingerprint scanning, facial recognition, and iris scanning,
enhance security and privacy by using unique physical or behavioral characteristics for
authentication.
10. AI and Machine Learning
- AI and machine learning are increasingly used to detect anomalies and potential security
breaches by analyzing large datasets in real-time.
11. Regulatory Compliance Technologies
- Technologies and tools are developed to help organizations comply with data privacy
regulations like GDPR, HIPAA, and CCPA. These may include data mapping and consent
management solutions.
12. Incident Response and Security Information and Event Management (SIEM)
- SIEM solutions and incident response technologies help organizations monitor and respond
to security incidents in real-time, providing threat detection, analysis, and remediation
capabilities.
The classification of data security and privacy technologies is dynamic, with new solutions
emerging to address emerging threats and regulatory requirements. Organizations must
continuously assess their technology stack and adapt their security and privacy strategies to stay
ahead of evolving risks and vulnerabilities in the digital landscape.

2.2 IDENTIFITING SECURITY THREATS AND HOW TO APPLY CONTROL

MEASURES IN ACCORDANCE WITH LAWS GOVERNING PROTECTION OF ICT
Identifying security threats and applying control measures in accordance with laws governing the
protection of Information and Communication Technology (ICT) involves a structured and
proactive approach to safeguarding data and systems. Here's a step-by-step explanation of the
process:
1. Risk Assessment:
- Start by conducting a comprehensive risk assessment. This involves identifying assets (data,
hardware, software), potential threats (e.g., hackers, malware, natural disasters), vulnerabilities
(weaknesses in your systems), and the potential impact of security incidents.
2. Legal and Regulatory Compliance
- Understand the relevant laws and regulations that pertain to ICT security in your industry and
location. These may include data protection laws (e.g., GDPR, HIPAA), industry-specific
regulations, and local cybersecurity laws.
3. Threat Identification
- Continuously monitor for emerging threats and vulnerabilities through threat intelligence
sources, security forums, vendor notifications, and government alerts.
- Implement intrusion detection systems (IDS), intrusion prevention systems (IPS), and
security information and event management (SIEM) solutions to detect and analyze potential
threats in real-time.
4. Control Measures
- Develop and implement control measures to mitigate identified risks.
These measures can include:
- Access controls: Implement role-based access control (RBAC), strong authentication, and
least privilege principles to restrict unauthorized access to systems and data.
- Encryption: Use encryption techniques to protect data both in transit and at rest.
- Patch management: Keep software, operating systems, and firmware up to date with
security patches and updates.
 - Firewalls: Employ network and host-based firewalls to filter traffic and prevent
unauthorized access.
- Security awareness training: Educate employees about security best practices and how to
recognize social engineering attacks.
- Incident response plan: Develop a documented plan for responding to security incidents,
including data breaches, and regularly test it through tabletop exercises.
- Backup and disaster recovery: Implement regular data backups and disaster recovery
plans to ensure business continuity in case of a breach or system failure.
5. Security Policy and Procedures
- Develop and document security policies and procedures that align with legal requirements
and control measures. Ensure that employees are aware of and adhere to these policies.
6. Auditing and Monitoring
- Implement continuous monitoring solutions to detect security incidents and compliance
deviations.
- Conduct regular security audits and assessments to identify weaknesses in your security
controls.
7. Incident Response
- Establish an incident response team and plan to effectively manage and contain security
incidents. Report incidents as required by law and regulations.
8. Documentation and Record-Keeping
- Maintain records of security incidents, risk assessments, control measures, and compliance
efforts. This documentation may be necessary to demonstrate compliance with laws and
regulations.
9. Regular Updates and Training
- Stay informed about changes in laws and regulations related to ICT security and adjust your
control measures accordingly.
- Provide ongoing training and awareness programs to keep employees informed about the
latest security threats and compliance requirements.
10.Third-Party Assessments
- If necessary, engage with third-party security auditors or assessors to validate your security
measures and compliance with relevant laws.
11. Reporting and Notifications
- Comply with legal requirements for reporting security incidents to authorities, affected
individuals, and regulatory bodies within the specified timeframe.
12. Review and Continuous Improvement
- Regularly review and update your security measures based on changes in the threat
landscape and regulatory requirements. Continuously improve your security posture.
In summary, identifying security threats and applying control measures in accordance with ICT
protection laws involves a proactive and systematic approach that begins with risk assessment,
complies with legal requirements, and continuously adapts to evolving threats and regulations.
Effective security measures require collaboration between IT, legal, and compliance teams to
ensure that the organization's ICT environment remains secure and compliant with relevant
laws.
COMPUTER THREATS AND CRIMES AND HOW THEY ARE DETECTED
-Detecting computer threats and crimes is crucial for maintaining the security and integrity of
computer systems and networks.
- Detection involves identifying suspicious or malicious activities and behaviors that could
potentially harm systems, steal data, or disrupt operations.
Malware (malicious software may be described as a variety of forms of hostile, intrusive or
annoying software or program code. Malware could be computer viruses, worms, Trojan horses,
dishonest spyware and malicious rootkits. Here is a quick explanation on some of the common
computer threats you may come across:
i. Computer viruses: This is a small piece of software that can spread from one infected
computer to another. The virus could corrupt, steal or delete data in your computer, or
even erase everything on your hard drive.
ii. Trojan horse: Users can infect their computers with this software simply by
downloading an application they thought was legitimate but was infect or malicious.
Once in your computer, it can do anything from recording your passwords by logging
keystrokes to hijacking your webcam so as to watch and record you’re every move.
iii. Malicious spyware: It is used to describe a Trojan application that was created by cyber
criminals to spy on their victims. An example would be a key logger software that
records a victim’s every stroke on his/her keyboard. The recorded information is
periodically sent back to the originating cybercriminal over the internet.
iv. Computer worm: This is a software program that can copy itself from one computer to
another without human interaction. A worm can send copies of itself to every contact in
your email address book and then send itself to all the contacts in your contact address
book.
 v. Spam: In the security context, it is primarily used to describe unwanted messages in your
email box. Spam is a nuisance as it can clutter your mailbox as well as taking up space on
your mail server. However, spam messages can contain links that when clicked could go
to a website that installs malicious software on to your computer.
vi. Pursing: Pursing scams are fraudulent attempts by cybercriminals to obtain private
information. Pursing scams often appear in the guise of email messages designed to
appear as though they are from legitimate sources.
vii. Rootkit: This is a collection of tools that are used to obtain administrator-level access to
a computer or a network of computers. A rootkit could be installed on a computer by a
cyber-criminal exploiting a vulnerability or security hole in a legitimate application on
your PC and may contain spyware that monitors and records keystrokes.
These are perhaps the most common computer threats and crimes you will encounter that
describe methods cyber-criminals use to access data, computer hardware and software.

Methods to Protect Yourself from Computer Crimes

i. Using strong passwords: Don’t repeat your passwords on different data and software
Change your passwords regularly. Make them complex. That means using a combination
of at least 10 letters, numbers and symbols.
ii. Keep your software updated: This is especially important with your operating systems
and internet security systems. Cyber criminals often use known exploits in your software
to gain access to your system. Patching those exploits and flaws can make it less likely
that you will become a cyber-criminal target.
iii. Strengthen your network: It is a good idea to start with a strong encryption as well as a
virtual private network. A VPN will encrypt all traffic leaving your devices until it
arrives to its destination.
iv. Keep up to date on major security breaches: If your data has been impacted by a
security threat, find out what information the hackers accessed and change your
passwords immediately.
v. Know that identity theft can happen anywhere: It is important to protect your data for
example, by using a VPN when accessing the internet over a public Wi-Fi network.
Here's an explanation of how computer threats and crimes are detected:
1. Antivirus and Anti-Malware Software
- Antivirus and anti-malware software scan files, programs, and data for known patterns and
signatures of malicious code. When a match is found, these tools can quarantine or remove the
malicious software.
2. Intrusion Detection Systems (IDS)
- IDS monitors network traffic and system activity for unusual patterns or behaviors. It can
detect signs of intrusion, such as unauthorized access attempts, unusual data transfers, or
repeated failed login attempts.
3. Intrusion Prevention Systems (IPS)
- IPS is an extension of IDS that not only detects suspicious activity but can also take
automated actions to block or prevent potential threats. This includes blocking IP addresses or
terminating malicious processes.
4. Firewalls
- Firewalls filter incoming and outgoing network traffic based on predefined security rules.
They can detect and block unauthorized access attempts, unusual traffic patterns, and known
attack signatures.
5. Security Information and Event Management (SIEM)
- SIEM solutions collect and analyze log data from various sources, such as servers, firewalls,
and applications. They correlate this data to identify potential security incidents and generate
alerts.
6. Behavioral Analytics
- Behavioral analytics tools analyze user and system behavior over time to detect anomalies. If
a user suddenly accesses resources they don't typically use or exhibits unusual behavior patterns,
it can trigger alerts.
7. Network Traffic Analysis
- Deep packet inspection and network traffic analysis tools examine the content and behavior
of network packets.
They can detect malicious activity, including data exfiltration and suspicious command-and-
control traffic.
8. Email Filtering and Phishing Detection
- Email filtering solutions scan incoming emails for known phishing attempts and malware-
laden attachments. They can also analyze email headers and content for suspicious elements.
9. User and Entity Behavior Analytics (UEBA)
- UEBA tools monitor user and entity behavior within an organization's network to identify
unusual patterns that could indicate insider threats or compromised accounts.
10. Vulnerability Scanning
- Vulnerability scanning tools scan systems and applications for known vulnerabilities and
misconfigurations. Detecting these weaknesses can help prevent exploitation by attackers.
11. Honeypots and Deception Technologies
- Honeypots are decoy systems designed to attract attackers.
- When an attacker interacts with a honeypot, it can signal a security incident.
-Deception technologies create fake assets that, when accessed, alert administrators to potential
threats
12. Endpoint Detection and Response (EDR)
- EDR solutions monitor and analyze activity on endpoints (computers and devices). They can
detect and respond to suspicious behavior, such as unauthorized file access or system changes.
13. User Reporting and Threat Intelligence
- Encouraging employees and users to report suspicious activity is crucial. They may notice
phishing emails, unusual system behavior, or unauthorized access.
14. Threat Intelligence Feeds
- Subscribing to threat intelligence feeds provides real-time information about emerging
threats and attack trends, allowing organizations to proactively protect against new threats.
15. Forensic Analysis
- In the event of a security incident, forensic analysis involves examining system logs,
memory dumps, and other data to determine the scope of the attack and identify the responsible
parties.
16. Continuous Monitoring
- Ongoing, real-time monitoring of systems and networks is essential to detect threats as they
happen, rather than after the fact.
17. Machine Learning and AI
- Machine learning and artificial intelligence techniques can analyze large datasets and
identify anomalies or patterns indicative of threats, even if they don't match known signatures.
SUMMARY
Detection of computer threats and crimes is an ongoing and evolving process. Organizations
must employ a combination of these techniques, regularly update their detection methods, and
collaborate with cybersecurity professionals to stay ahead of emerging threats and protect their
digital assets effectively.
PROTECTION AGAINST COMPUTER CRIMES IS UNDERTAKEN IN
ACCORDANCE WITH LAWS GOVERNING PROTECTION OF ICT
-Protection against computer crimes is a critical aspect of maintaining the security and integrity
of Information and Communication Technology (ICT) systems. -Ensuring compliance with laws
governing the protection of ICT is essential for both legal and ethical reasons.
Here's how protection against computer crimes is undertaken in accordance with these laws:
1. Understand Applicable Laws and Regulations
- The first step in protecting against computer crimes is to understand the relevant laws and
regulations that apply to your organization. These may include data protection laws (e.g., GDPR,
CCPA), cybersecurity laws (e.g., NIST Cybersecurity Framework), and industry-specific
regulations (e.g., HIPAA for healthcare, PCI DSS for payment card industry).
2. Develop Comprehensive Security Policies and Procedures
- Create and document comprehensive security policies and procedures that align with the
specific legal requirements applicable to your organization. These policies should cover areas
such as data protection, access control, incident response, and encryption.
3. Risk Assessment
- Conduct regular risk assessments to identify potential vulnerabilities and threats to your ICT
systems. This includes evaluating the potential impact of security incidents on your organization
and its stakeholders.
4. Implement Security Controls
- Deploy security controls and measures to mitigate identified risks and comply with relevant
laws. These controls may include:
- Access controls to restrict unauthorized access to sensitive data and systems.
- Encryption to protect data at rest and in transit.
- Intrusion detection and prevention systems to monitor and respond to security threats.
- Regular patch management to address vulnerabilities.
- Security awareness training for employees to promote good security practices.
- Incident response plans to handle security incidents in compliance with legal requirements.
5. Data Protection and Privacy Compliance
- If applicable, implement measures to ensure data protection and privacy compliance. This
includes obtaining consent for data processing, providing individuals with the right to access and
delete their data, and notifying authorities and affected individuals in the event of a data breach
as required by data protection laws.
6. Third-Party Vendors and Suppliers
- Ensure that third-party vendors and suppliers who have access to your ICT systems also
comply with relevant laws and regulations. This may involve contractual agreements, audits, and
due diligence.
7. Regular Audits and Assessments
- Conduct regular security audits and assessments to verify that your security measures are in
line with legal requirements. These audits can help identify gaps and areas for improvement.
8. Incident Response and Reporting
- Develop and document an incident response plan that outlines how your organization will
respond to security incidents. Ensure that it complies with legal requirements for reporting
incidents to authorities and affected parties.
9. Legal Counsel and Compliance Experts
- Engage legal counsel and compliance experts who specialize in ICT and cybersecurity to
provide guidance on ensuring compliance with relevant laws. They can also assist in interpreting
and addressing legal requirements effectively.
10. Continuous Monitoring and Improvement
- Continuously monitor your ICT systems for security threats and vulnerabilities, and adjust
your security measures as necessary to stay compliant with evolving legal requirements.
11. Documentation and Record-Keeping
- Maintain thorough records of your security policies, risk assessments, compliance efforts,
incident response activities, and any other relevant documentation. This documentation may be
necessary to demonstrate compliance in the event of legal inquiries or audits.
12. Training and Awareness
- Train employees and stakeholders about the legal requirements and their roles in complying
with them. Ensure that they understand the implications of non-compliance.
13. Engage with Regulatory Authorities
- When necessary, engage with regulatory authorities to seek guidance, report incidents, and
ensure ongoing compliance with applicable laws and regulations.
In summary,
protection against computer crimes in accordance with laws governing ICT involves a holistic
and proactive approach that includes legal compliance, comprehensive security measures, risk
assessments, ongoing monitoring, and continuous improvement. It is essential to stay informed
about changes in laws and regulations to adapt security practices accordingly and to foster a
culture of compliance throughout the organization.
This unit dealt with application of security measures to data, hardware, and understanding and
listing the computer threats and crimes, classifications of security threats and the counter
measures and methods of protecting data, software and hardware from security threats.