Data Security and Control
Data Security and Control
It involves:
- Protection of data and information against access or modification
- Denial of data and information to unauthorized users
- Provision of data and information to authorized users.
Data control is the measure taken to enforce the security of programs and data.
Confidentiality
Sensitive data or information like employees details, business financial ,etc belonging to the
organization or government should not be accessed by or disclosed to unauthorized people.
Integrity
Means that data should not be modified with without owners authority.
Availability
Information must be available on demand.
Viruses
The term virus stands for: Vital Information Resource Under Siege
A virus is a program that will change the operation of the computer without the user’s information.
Viruses attach themselves to computer files called executable files such that any time such
programs are run a copy of the virus is sent out. So it duplicates itself continuously.
Therefore a computer virus can be defined as:
- A self -replicating segment of computer code designed to spread to other computers by sharing
“infected” software.
- A destructive program that attaches itself to other files and installs itself without permission on the
computer when the files are opened for use.
- A program that can pass a malicious code to other non-malicious programs by modifying them.
- A program or code that replicates itself and infects other programs, boot and partition sectors or
documents inserting itself or attaching itself to the medium.
1
A logic bomb – infects a computer’s memory, but unlike a virus it does not replicate itself. A logic bonb
delivers its instructions when it is triggered by a specific condition, such when a particular date or time
is reached or when a combination of letters is typed on a keyboard. A logic bomb has the ability to
erase a hard drive or delete certain files.
Note: The main difference between a virus and a worm is that a viruses attaches themselves to computer
executable files while a worm attaches it self on non-executable files in the computer.
2
Control measures
Use surge protectors and UPS to protect computer systems against brownout or black out which
causes physical damage or data loss.
Install a Fault Tolerant system which has the ability to preserve the integrity electronic data during
hardware or software malfunction.
Disaster recovery plans by establishing offsite storage of an organizations databases so that incase
of disaster or fire accidents, the backed up copies are used to reconstruct lost data.
Unauthorized access
Physical access to computer system should be restricted to ensure that no unauthorized person gets
access to the system
Control measures
1. Set up a comprehensive error recovery strategy in the organization.
2. Deny access permissions to certain groups of users for certain files and computers.
COMPUTER CRIMES
Physical theft
This involves the theft of computer hardware and software. It involves breaking into an office or firm and
stealing computers, hard disks, data and other valuable computer accessories by being taken away by
either an insider or an intruder. Most cases of theft are done within an organization by untrustworthy
employees of the firm {Inside job} or by an intruders (outsiders) for commercial, destruction to sensitive
information or sabotage resources.
Control measures
- Employ guards to keep watch over data and information centres and backup.
3
- Burglar proof the computer room.
- Reinforce weak access points
- Create backups in locations away from main computing centre.
- Motivate workers to feel sense of belonging in order to make them proud and trusted custodians of the
company resources.
- Insure the hardware resources with a reputable firm.
Trespass
This is the act of gaining access or entering into a computer system without legal permission.
Cracking
Refers to the use of guess work over and over again, by a person until he/she finally discovers a weak in
the security policies or codes of software. Alternatively refers to someone using his / her knowledge of
information systems to illegally or unethically penetrate computers systems for personal gain.
Hacking
Refers to when an individual intentionally breaks codes and passwords top gain unauthorized access into
a computer system, but without intent of causing damage.
Tapping
Tapping is when someone gains access to information that is being transmitted via communication links.
Any information that is transmitted across a network is at risk of being intercepted, if appropriate security
measures are not put in place.
Piracy
Is the act of making illegal copies of copyrighted software, information or data.
To eliminate piracy
- Make software cheap, enough to increase affordability
- Use licenses and certificate to identify originals
- Set installation password to deter illegal installation of software
- Enforce laws that protect the owners of data and information against piracy.
Fraud
Refers to leaking personal or organizational information using a computer with the intention of gaining
money or information.
Example of fraud is where one person created an intelligent program in the tax department that could
credit his account with cents from all the tax payers. He ended up becoming very rich before he was
discovered.
Alteration
Refers to illegal changing of data and information with the aim of gaining or misinforming the authorized
users. When a system is compromised the data lacks reliability, relevance and integrity. Example of data
alteration are when students break into system to alter exam results, or someone breaks into a banking
system to change account details or divert money.
Spam
A spam is unsolicited electronic junk mail, often commercial, message transmitted through the Internet
as a mass mailing to a large number of recipients. Is send by a person gaining access to a list of e-mail
addresses and redirecting the e-mail through the Mail Server of an unsuspecting host, making the actual
sender of the spam difficult to trace. Spam is annoying, but usually harmless, except in cases where it
contains links to web sites. Clicking on these links may sometimes leave your system open to hackers or
crackers.
Audit trail
Computer Audit Trails are used to keep a record of who has accessed a computer system and what
operations he or she has performed during the given period of time. Audit Trails are useful both for
4
maintaining security and for recovering lost transactions. Audit Trails help to detect trespassing and
alterations. Incase the system is broken into by a hacker; an Audit Trail enables their activities to be
tracked. Any unauthorized alterations can be rolled back to take the system back the state it was in
before the alterations were done
Data encryption
Data encryption is a means of scrambling (or ciphering) data so that it can only be read by the person
holding the encryption ‘Key or ‘algorithm’. The key is a list codes for translating encrypted data – a
password of some sort. Without the key, the cipher cannot be broken and the data remains secure.
Using the Key, the cipher is decrypted and the data remains secure. Using the Key, the cipher is
decrypted and the data is returned to its original value or state. Each time one encrypts data a key is
randomly generated. The same key is used by the data recipient to decrypt the data.
Data encryption is a useful tool against network snooping (or tapping).
Log files
They are special system files that keep a record (log) of events on the use of the computers and
resources of the information system. The information system administrator can therefore easily track
who accessed the system, when and what they did on the system.
Firewalls
A firewall is a program or hardware that filters information coming through the Internet and connection
into your personal computer or network. Firewalls can prevent unauthorized remote logins, limit or
stop Spam, and filter the content that is downloaded from the Internet. Some Firewalls offer virus
protection, but it is worth the investment to install Anti-Virus software on each computer.
Security monitors
These are programs that monitor and keep a log file or record of computer systems and protect them
from unauthorized access.
Biometric security – is unauthorized control measure that takes the user’s attributes such as voice,
fingerprints and facial recognition.
Authentication policies such as signing users log on accounts, use of smart cards and Personal
Identification Number (PIN).
5
Computer manufacturers are also avoiding excessive use of harmful chemicals such as
chlorofluorocarbons and nickel cadmium and other heavy metals in their productions.