Security measures to data, hardware, and software in automated environment Apply

Data security is certainly a hot topic these days. Controlling access to data helps ensure
privacy and is required according to federal agency policies and regulations. Data security is
a process of making sure data are available only to those who need to use it for a legitimate
purpose. We have found that data security is not very different from other forms of security.
The same concepts used to design castles apply to the construction of servers that offer
access to a corporate database. The details are different, and the technical pieces are quite
different, but the same approaches, rules and lessons apply. Below are some important
maxims to keep in mind. Most of them have stood the test of time for thousands of years:
i. There is no such thing as absolute security: We can raise the attacker’s cost of
breaching our data security to a very high level, but absolute guarantees are
not possible.
ii. Data security is always a question of economics: What is the value of what you
are protecting? How much time, effort, and money are your opponent’s willing to
spend to get through your defenses?
iii. An attacker doesn’t go through security, but around it: Their goal is to find
and exploit the weakest link.
iv. Don’t underestimate the value of your asset: Often common everyday data
is underestimated. Mundane data can be very important.
 Definition of terms
Data security: This is the process of making sure data is available only to those who need it for
legitimate purpose.

Data: This is the information that has been translated into a form that is efficient for movement
or processing.

Data privacy /Information privacy: It is the aspect of information technology that deals with
the ability of an organization or individual to determine what data in a computer system can
be shared with third parties.

Security threats: This is the process of an illegal entity gaining access to a company’s data or
information.

Control measures: This is any measure taken to eliminate or reduce the risk of security threats.

Cyber criminals: These are illegal users who use many different methods to lure you into
parting with your confidential personal or business information.
2.1 Data Security and Privacy Are Classified in Accordance with the
Prevailing Technology
As discussed earlier, data security is the process of making sure data is available only to those
who need to use it for legitimate use. Data security privacy on the other hand is the aspect of
information technology that deals with the ability of an organization or individual to
determine what data in a computer system can be shared with third parties. As more of our
daily lives go online and the data we share is used in new and innovative ways, privacy and
security have become important trust and reputation issues. The growing volume and
sensitivity of information being shared, stored and used is driving demand for greater
transparency about how such information is being protected (security) and managed
(privacy). As a result, data security and privacy have moved from the backroom to the
boardroom. Data breaches and privacy missteps now regularly make headlines and are a
focal point for discussions and legislation worldwide. Failure to communicate on these
important issues can damage business by eroding trust, tarnishing brand and reputation as
well as undermining competitiveness.
Data security ensures that the data is accurate and reliable, and it is available when those with
authorized access need it. A data security plan includes facets such as collecting only the
required information, keeping it safe, and destroying any information that is no longer
needed.
These steps will help any business meet the legal obligations of possessing sensitive data.
Companies need to enact data security policy for the sole purpose of ensuring data privacy,
or the privacy of their customers’ information. More so, companies must ensure data
Privacy because the information is an asset to the company. A data security policy is simply
the means to the desired end which is data privacy. However, no data security policy can
overcome the willing sale or soliciting of the consumer data that was entrusted to an
organization.

Challenges to big data security and privacy

 Securing and protecting data in real time: Due to large amounts of data generation,
most organizations are unable to maintain regular checks. However, it is most
beneficial to perform security checks and observation in real time or almost in real
time.
 Data provenance: To classify data, it is necessary to be aware of its origin in order
to determine the data origin accurately, so that authentication, validation and
access control can be gained.
 Protecting access control method communication and encryption: A secured data
storage device is an intelligent step in protecting the data. Yet, because most often
data storage devices are vulnerable, it is important to encrypt the access control
methods as well.

2.2 Security Threats Are Identified and Control Measures Used

A threat is a possible danger that might exploit a vulnerability to breach security and
therefore cause possible harm. A threat can either be intentional (e.g. hacking by an
individual or criminal organization) or accidental (the possibility of a computer
malfunctioning OR the possibility of natural disasters such as fires or otherwise a
circumstance, capability, action or event).

Classification of security threats

 Classification according to type
 Physical damage: For example, fire, floods
 Natural events: For example, climate, volcanic
 Compromise of information: Via eavesdropping, theft of media
 Technical failures: For example, equipment, software
 Compromise of functions and errors in use, abuse of rights
 Classification according to origin
 Deliberate: Aiming at information asset e.g. spying, illegal processing of data
 Accidental: For example, equipment failure, software failure
 Environmental: For example, natural event, loss of power supply
 Negligence: Known but neglected factors compromising the network safety and
sustainability.

Categories of the risk of security threats

 Damage: How bad would an attack be?
 Reproducibility: How easy it is to reproduce the attack?
 Exploitability: How much work is it to launch the attack?
  Affected users: How many users will be impacted?
 Discoverability: How easy it is to discover the threat?

Counter measures to security threat

A counter measure is an action, device, procedure or technique that reduces a threat, a
vulnerability or an attack by eliminating or preventing it, by minimizing the harm it can
cause or by discovering and reporting it so that corrective action can be taken.

Counter measures against physical attacks

If a potential malicious actor has physical access to a computer system, they have a greater
chance of inflicting harm upon it. We can use the following counter measures:
i) Electronic destruction devices: Devices such as USB killer may be used to damage or
render completely unusable anything with a connection to the motherboard of a computer.
Without paper destruction, these devices may result in the destruction of ports and anything
physically connected to the device attacked
E.g. monitors.
ii) Hard drive and storage: If the data of a storage device is in use and must be secured,
one can use encryption to encrypt the content of a storage device or even encrypt the whole
storage device. The device can be unlocked by a password, biometric authentication, a
network interchange or any combination thereof. The process of adding physical barriers to
the storage device is not to be neglected. Locked cases or physically hidden drives with a
limited number of personnel with knowledge and access to the keys or locations may prove
to be a good first line against physical theft.

Computer Threats and Crimes Are Detected

Cyber criminals may use many different ethos to lure you into parting with your confidential
information. Malware (malicious software may be described as a variety of forms of hostile,
intrusive or annoying software or program code. Malware could be computer viruses,
worms, Trojan horses, dishonest spyware and malicious rootkits. Here Isa quick explanation
on some of the common computer threats you may come across:
i) Computer viruses: This is a small piece of software that can spread from one infected
computer to another. The virus could corrupt, steal or delete data in your computer, or
even erase everything on your hard drive.
ii) Trojan horse: Users can infect their computers with this software simply by downloading
an application they thought was legitimate but was infect or malicious. Once in your
computer, it can do anything from recording your passwords by logging keystrokes to
hijacking your webcam so as to watch and record you’re every move.
iii) Malicious spyware: It is used to describe a Trojan application that was created by cyber
criminals to spy on their victims. An example would be a key logger software that records a
victim’s every stroke on his/her keyboard. The recorded information is periodically sent
back to the originating cybercriminal over the internet.
 iv) Computer worm: This is a software program that can copy itself from one
computer to another without human interaction. A worm can send copies of
itself to every contact in your email address book and then send itself to all the
contacts in your contact address book.
v) Spam: In the security context, it is primarily used to describe unwanted
messages in your email box. Spam is a nuisance as it can clutter your mailbox
as well as taking up space on your mail server. However, spam messages can
contain links that when clicked could go to a website that installs malicious
software on to your computer.
vi) Pursing: Pursing scams are fraudulent attempts by cybercriminals to obtain
private information. Pursing scams often appear in the guise of email
messages designed to appear as though they are from legitimate sources.
vii) Rootkit: This is a collection of tools that are used to obtain administrator-
level access to a computer or a network of computers. A rootkit could be
installed on a computer by a cyber-criminal exploiting a vulnerability or
security hole in a legitimate application on your PC and may contain spyware
that monitors and records keystrokes.
These are perhaps the most common computer threats and crimes you will
encounter that describe methods cyber-criminals use to access data, computer
hardware and software.

Methods to Protect Yourself from Computer Crimes

i) Using strong passwords: Don’t repeat your passwords on different data and software
Change your passwords regularly. Make them complex. That means using a combination
of at least 10 letters, numbers and symbols.
ii) Keep your software updated: This is especially important with your
operating systems and internet security systems. Cyber criminals often use
known exploits in your software to gain access to your system. Patching those
exploits and flaws can make it less likely that you will become a cyber-
criminal target.
iii) Strengthen your network: It is a good idea to start with a strong
encryption as well as a virtual private network. A VPN will encrypt all traffic
leaving your devices until it arrives to its destination.
iv) Keep up to date on major security breaches: If your data has been
impacted by a security threat, find out what information the hackers accessed
and change your passwords immediately.
vi) Know that identity theft can happen anywhere: It is important to protect
your data for example, by using a VPN when accessing the internet over a
public Wi-Fi network.