UNIT-5

INFORMATION
AND COMPUTER
SECURITY
 Security:
• Being safe and protected
• Freedom from danger
• Freedom from fear or worry.
 In General Security is
Protection and
measures to prevent
sabotage, crime,
attacks.
• Information Network Security
Agency (INSA) የመረጃ መረብ
ደህንነት አስተዳደር)-
Protects national interests by
securing the country's
information and information
infrastructure.
• INSA: National agency
focused on cyber security.
Computer Security: Protects
systems and data from harm,
theft, or misuse.
• Unauthorized Use: Accessing
a system or data without
permission.
Types of computer security
 Information Security:
• Protects data from unauthorized
access, changes, or deletion.
Example:-
What if someone changed your
marks using your teacher’s laptop?
 Computer Security
• (also called Cybersecurity)
refers to the protection of
computer systems and
networks from information
disclosure, theft, damage, or
disruption.
Application security:
• Protecting apps by
adding features to
prevent cyber threats.
 Mobile and Computer
Security:
•Protecting devices by
keeping them
updated.
 Network security
Protects software and
hardware using tools like
firewalls. Includes cloud
and IoT security.
Cybersecurity
• Protecting computer
systems connected
through networks.
Principles of Computer
Security (CIA):-
• Confidentiality
• Integrity
• Availability
Confidentiality
Keeping data private.
Information is accessed
and modified only by
authorized users,
preventing unauthorized
third-party access.
 Integrity
Ensuring data is accurate and
unchanged.
• Protects against unauthorized data
changes or destruction.
• Ensures authenticity, non-repudiation,
and data trustworthiness.
• Data must remain accurate, authentic,
and reliable.
 Availability
Making data accessible when
needed.
Ensuring information is available
to authorized users whenever
they require it.
Ensuring timely and reliable
access to and use of information.
 5.3 Computer Security
Threats
•Ethiopia is becoming more
connected through mobile
phones and data.
•This interconnection exposes
users to various computer
security threats.
 Cont.……
•Computer threats can be natural
(like disasters) or manmade (like
hacking), and come from internal
(within an organization) or
external (outside) sources.
•Understanding these risks is
essential for staying safe in today’s
digital world.
 INTERNAL THREATS
Threats emerging within an institution, company, or
business.
• Examples:
– Employee misconduct
– Data breaches by insiders
– Poor internal controls
– System failures
• Causes:
– Environmental: Power outages, building issues
– Technical (Manmade): Human error, sabotage,
misconfigured systems
 EXTERNAL THREATS
• Threats coming from outside the organization.
Examples:
– Cyberattacks (hackers)
– Competitor actions
– Natural disasters
– Supply chain disruptions
• Causes:
– Environmental: Earthquakes, floods, storms
– Technical (Manmade): Malware, phishing,
infrastructure attacks.
Types of computer security attacks
• Types of Computer Security Attacks
• Malicious (Harmful) Attacks
– Intentional attacks meant to damage, steal, or
disrupt.
– Examples:
• Viruses, worms
• Ransomware
• Phishing
• Denial of Service (DoS) attacks 9C1
• Non-Malicious Attacks (No
Damaging Effect)
–Not intended to harm; often
unintentional.
–Example:-
• Testing systems without harmful
intent
• Accidental Attacks (Due to
Mistake)
–Caused by human error or lack of
knowledge.
–Examples:
• Deleting critical files accidentally
• Misconfiguring security settings
• Sending data to the wrong person
Aspect Malicious Non-Malicious

Intentional harm, theft, or

Intent No harmful intent
damage

Mistaken deletion,
Hacking, viruses, phishing,
Examples misconfiguration,
ransomware
unintentional data leak

Often legal but may still

Legality Illegal and punishable by law
violate policy

High risk to security, data, and May cause problems but

Impact
systems often due to human error

Cybercriminals, hackers, Employees, users,

Actor
attackers administrators
5.3.1 Natural Threats in Computer
Security
• Environmental events that can physically
damage computer systems and
infrastructure.
• Examples:
– Earthquakes – Can destroy hardware,
buildings, and data centers.
– Flooding – Damages electrical equipment
and leads to data loss.
 –Lightning Storms – Can cause:
• Fires
• Extreme temperatures
• Electric shocks
• Impact:
–Physical destruction of IT assets
–Power outages
–Data loss and system downtime
• Cyber-Attack:-
-An attempt to damage,
steal, or disrupt computer
systems or networks.
• It is the main threat to
computer security.
 Common Types of Cyber-Attacks:
– Malware – Malicious software like viruses and
worms.
– Phishing – Tricking users to reveal sensitive
information.
– Ransomware – Locking data and demanding
payment.
– Denial of Service (DoS) – Overloading a system
to make it unavailable.
– Man-in-the-Middle (MinM) – Intercepting
communication between two parties.
• Eavesdropping (Sniffing)
– Unauthorized listening to private communication.
– Attacker intercepts data as it travels over a
network.
– Can lead to data theft (e.g., login credentials,
personal info).
• SQL Injection
– Attack on databases through malicious SQL code.
– Exploits vulnerabilities in web applications.
– Can give attackers access to read, modify, or
delete database contents.
• Password Attack
– Attempt to crack or steal user passwords.
– Methods: brute force, dictionary attacks,
keyloggers.
– Weak passwords increase the risk.
• Social Engineering
– Manipulating people into revealing confidential
information.
– Often involves tricking users via phone, email, or
messages.
– Example: phishing, baiting, pretexting.
• Purpose of Cyber
Security:
–Protect data and systems.
–Ensure privacy.
–Prevent financial loss and
system downtime.
 Trojan Horse –
A type of malicious software (malware) that disguises
itself as a harmless or useful program.
• How it Works:
– Hides malicious code inside legitimate-looking software.
– When the user runs the program, the malware activates.
• Purpose:
– To take control of the system.
– Steal data, spy on users, or damage files.
• Key Features:
– Does not replicate like viruses.
– Relies on user to install or open it.
– Often used to create backdoors for hackers.
 Virus:-
• Malicious code that replicates and
alters computer program
functioning.
Melissa Virus:
• Self-replicates and spreads via email.
• Infects systems without user
consent.
• Often hides in Word documents.
 Keylogger:
• Records keystrokes made on a keyboard.
• Often used to steal passwords and
personal account details.
Worm:
• A self-replicating malware program.
• Spreads through networks without user
intervention.
• Infects computers via network
connections.
Adware (Advertising Software)
• Software that displays unwanted pop-up
ads on your device (computer or mobile).
• Purpose: Mainly used for advertising; can
track user behavior to display targeted ads.
• Risks:
– Slows down your device.
– Hijacks web browsers (changes
homepage/search engine).
– Can install malware, spyware, or viruses.
 Cont.…
• Becomes Malicious:
– May secretly collect personal data.
– May lead to phishing or harmful websites.
• Prevention:
– Avoid downloading unknown/free
software from untrusted sources.
– Use antivirus and ad-blockers.
– Keep software and operating systems
updated.
 Botnets
• A botnet is a network of infected computers
controlled by a cybercriminal.
• Combines the words "robot" and "network".
• How It Works:
– Cybercriminals use Trojan viruses to infect users'
computers.
– Once infected, each computer becomes a bot (robot).
– All bots are linked into a network.
– The criminal can remotely control this network.
• Purpose: Botnets are often used for sending spam,
launching cyberattacks (like DoS), stealing data, or
spreading malware.
 Spyware:
• Spyware is a hidden software that secretly monitors
a user's activities.
• Function: It tracks actions like browsing history,
keystrokes, and personal data.
• Purpose: Collected information is often used
without consent for malicious purposes (e.g.,
stealing passwords, spying, blackmail).
• Risk: Poses threats to privacy, security, and personal
information.
• Prevention: Use antivirus software, avoid suspicious
downloads, and keep systems updated.
 Ransom ware:
• A type of malware that locks or encrypts files on a
system.
• Demands a ransom to unlock or restore access.
• Threatens to delete or permanently lock data if
ransom is not paid.
• Often spreads through phishing emails, malicious
links, or infected software.
• Prevention:
– Keep software updated.
– Use antivirus and firewalls.
– Avoid suspicious emails or links.
– Regularly back up important data.
 Man-in-the-Middle (MITM) Attack
• An Attacker secretly intercepts and possibly alters
communication between two parties.
• Steal sensitive data (e.g., passwords, credit card
info).
• Common Target: Public/open Wi-Fi networks.
• Prevention:
– Use HTTPS
– Avoid public Wi-Fi for sensitive tasks
– Use VPN
– Enable firewalls and antivirus
• Example: Attacker captures login credentials over
unsecured Wi-Fi.
 Phishing and Scams:
• Phishing:
– Fraudulent messages pretending to be from trusted
sources.
– Commonly sent via email.
– Goal: Steal personal or financial information.
• Scam:
– Fake online profiles used to deceive people.
– Often aims to trick users into giving personal details or
money.
• Key Point:
– Both phishing and scams rely on deception to steal
information or commit fraud.
• Phishing
• Goal: To steal sensitive information (e.g.,
credit card details, login credentials) or install
malware.
• Method: Often done through fake emails,
websites, or messages that appear legitimate.
• Prevention:
– Don’t click on suspicious links.
– Verify the sender.
– Use antivirus software and two-factor
authentication.
 Eavesdropping (Sniffing/Snooping)
• Definition: Unauthorized interception of
data during transmission between
devices.
• Also Known As: Sniffing or Snooping.
• Actions Involved: Intercepting, deleting,
or modifying data.
• Goal: Steal sensitive information like
passwords, messages, or credit card
details.Common in: Unsecured networks (e.g., public
Wi-Fi).
• SQL Injection
• Attacker inserts unauthorized input into
SQL queries.
• Exploits vulnerabilities in websites where
database access uses user ID and
password.
• Can manipulate or access database
without proper authorization.
 Password Attack
• Methods to obtain passwords
include:
–Dictionary Attack: Tries passwords
from a list of common words.
–Brute Force Attack: Attempts all
possible combinations via trial and
error; effective but time-consuming.
• Goal: Gain unauthorized access to
accounts, systems, or networks.
 Social Engineering
• Creating fake social situations to trick
users into giving sensitive information
• Example: A caller pretending to be
from a mobile company warning
"Your device is in danger."
• Users often trust blindly and share
private info without verifying identity.
• Password Cracking (Trial and Error
Method)
• Technique used to gain unauthorized
access to accounts and systems.
• Involves trying many possible passwords
or keys repeatedly until the correct one
is found.
• Time-consuming and requires patience
and computing resources.
 Cyber bullying
• Ridiculing or humiliating young kids on
social media and online gaming platforms.
• Occurs via digital devices: cell phones,
computers, tablets.
• Methods: SMS, texts, apps, social media,
forums.
• Includes sending, posting, or sharing
negative, harmful, false, or mean content.
 cont.…
• Sharing personal/private info to
embarrass or humiliate others.
• Sometimes involves trial and error to
decode passwords (time-consuming).
• Others can view, participate in, or
share the harmful content/game.
• Some cyberbullying can be unlawful
or criminal.
 Cyber Predators:
• Use Internet to exploit mainly young
people.
• Often pretend to be someone else.
• Lie about personal details to gain
trust.
• Aim for sexual or other harmful
purposes.
 Posting private info online
Be careful with sharing personally identifiable
information (PII).
• Social boundaries:
You might not fully grasp what info should stay
private.
• Risks:
Sharing private data on social media can expose to
privacy breaches or identity theft.
• Advice:
Think twice before posting sensitive details
publicly.
5.3.3 Who is behind cyber attacks?
• Online criminals:
–Skilled at identifying valuable targets
–Steal and sell sensitive data
–Hold systems/information for ransom
• Hackers:
–Varying expertise levels
–Often act untargeted
–Test skills or cause disruption for fun
5.4 Potential Losses Due to Security
Attacks
• Destruction or loss of information:
–Damage to system components
–Data loss (e.g., hard disk failure)
• Corruption of information:
–Unauthorized changes to files
–Example: altering student marks in a
school database or teacher’s computer
Corruption of Information:
• Posting illegal or unacceptable school
documents on social media (e.g.,
Telegram, Facebook).
Theft of Services:
• Unauthorized use of computer or
network services.
• Example: Using school Internet access,
meant for education, for unrelated
activities like online marketing.
 Illegal Usage
• Using system’s normal functions for harmful
purposes.
• Example: Sending videos promoting conflicts via
school internet.
• Considered illegal and possibly criminal.
Disclosure of Information
• Sharing information with unauthorized people.
• Example: Taking photos of school notices meant for
internal use and posting them on social media.
• This is unethical.
• Schools display warnings or appreciation
letters on noticeboards for school community
awareness.
• These notices are intended for internal
viewing only.
• Taking photos of these notices and posting on
social media breaches privacy.
• Sharing such information publicly is
considered unethical.
• Protecting school privacy and respecting
confidentiality is important.
 Denial of Service (DoS):
• Intentional attack that degrades or blocks access to
computer/network resources.
• Makes resources unavailable to intended users.
Elevation of Privilege:
• Exploiting system weaknesses to gain unauthorized
higher access rights.
• Example: Student accessing teacher’s account with
higher privileges.
• Causes: weak passwords, theft, hijacking, keystroke
logging.
• Keystroke logging: recording keyboard inputs to
steal credentials.
 5.5 How to Secure yourself and
your Computer Systems
• Have strong security awareness.
• Install reliable security and antivirus
software.
• Activate firewall.
• Keep software updated regularly.
• Avoid opening email attachments
from unknown sources.
• Change passwords regularly; use at least
15 characters with mixed letters and
numbers.
• Use different passwords for different
accounts.
• Be cautious online; ignore pop-ups and
drive-by downloads.
• Perform daily full system scans.
• Schedule regular system backups to
protect data.
 Security Measures
• Firewalls – Filter incoming/outgoing traffic.
• Antivirus Software – Detects and removes
malicious software.
• Encryption – Scrambles data to protect it
during transmission or storage.
• Authentication – Passwords, biometrics, 2-
factor authentication.
• Updates/Patches – Regularly fixing system
vulnerabilities.
 Good Practices
• Use strong, unique passwords.
• Do not click on unknown links or
attachments.
• Back up data regularly.
• Keep software up to date.
• Use secure networks (avoid public
Wi-Fi for sensitive tasks).
Test your self on this by doing
Unit 5.7 Unit Review Exercises

THE END
 UNIT -6
FUNDAMENTALS
OF PROGRAMMING
6.1 Defining a Problem and Computational Problem
• A problem is a challenge or difficulty we face in everyday
life.
• It can be something hard to understand, difficult to solve,
or involves doubt and uncertainty.
• Problems exist in both personal and business activities.
• A computational problem is a type of problem that can
be solved using computers or software.
• It involves defining the input, process, and output clearly
so that a computer can help solve it.
• Examples:
– Sorting a list of names
– Calculating a budget
– Searching for information online
6.1 Defining a Problem and Computational Problem
• Importance
• Computers and application software
help make solving daily problems
easier and faster.
• Without software, many tasks would
be more time-consuming and
complicated.
 Cont.…

• Computational problems:
– Problems solvable step-by-step by a computer.
– Have well-defined inputs, constraints, and
output conditions.
– Require clear instructions and rules for a
solution.
• Key point:
– Some problems need human engagement and
leadership, while computational problems can
be handled algorithmically by computers.
 Decision problem

–Answer is Yes or No.

–Example: Is an integer n even?
• Search problem
–Find one or more values satisfying
a condition.
–Example: Find a path between two
locations on a map; find a name in
a list.
 Decision problem

• Counting problem
– Find the number of solutions to a search
problem.
– Example: Count female students in Grade 9.
• Optimization problem
– Find the best possible solution based on criteria.
– Example: Compute the fastest route between
locations.
– Related to network routers that find best routes
for sending data.
 Computational problem:

–Solvable step-by-step by a computer.

–Has well-defined inputs.
–Has specific constraints.
–Output must satisfy given conditions.
 6.2 Steps in Problem Solving
George Polya’s Four-Step Problem Solving Method
1. Understand the Problem
Identify what is given and what is unknown
Restate the problem in your own words
Visualize or draw diagrams if needed
2. Make a Plan
Think of possible strategies to solve the problem
Choose the most promising approach
Break the problem into smaller parts if necessary
 6.2 Steps in Problem Solving
3. Execute the Plan
Carry out the chosen steps carefully
Keep track of your progress and calculations
Be persistent and adjust if you encounter difficulties
4. Review and Extend
Check your solution for accuracy and completeness
Reflect on the process: What worked? What didn’t?
Explore extensions or similar problems
Note: The steps are iterative — you may need to
revisit earlier steps based on what you learn along
the way.
 Adjusted Problem-Solving Steps in
Computer Science
1. Understand the Problem
Comprehend the problem requirements and inputs/outputs.
2. Develop an Algorithm
Create a clear, step-by-step plan (algorithm) to solve the
problem.
• An algorithm is a finite, unambiguous sequence of
instructions with a clear start and end.
3. Write the Program
Translate the algorithm into a programming language.
4. Test the Program
• Run the program to verify it works correctly and fixes
errors if any.
 About Algorithms
• An algorithm is a precise sequence of
instructions to solve a problem.
• Useful for explaining processes to people or
machines.
• Example: Calculating the average of 10
numbers:
1. Obtain the 10 numbers (if unknown).
2. Calculate SUM by adding the numbers.
3. Calculate AVERAGE by dividing SUM by 10.
4. Report the AVERAGE as the result.
 From Algorithm to Program
• Algorithms must be converted into a computer
program to be executed.
• Computers cannot understand human languages
like English, Amharic, or Afan Oromo.
• Computers use programming languages to
communicate instructions.
• A computer program is a sequence of instructions
written in a programming language.
• The program is run by the computer to solve
problems or perform tasks.
 Cont.…
• Understanding the information-processing
model of computers is important because
algorithms run on computer systems.
• A simplified single-CPU information-
processing model is illustrated in Figure 6.1
below
 Computer Problem Solving Model
• Problems are solved by:
– Input: Getting user data (e.g., keyboard, mouse, game controls).
– Processing: Computing or manipulating the input data.
– Output: Producing results (e.g., images, text, sound).
• Input/output can also come from or go to devices like hard
drives or networks.
• In problem solving, input data is used to produce the
desired output solution.
• Example: Average of 10 Numbers
Step 1 (Get numbers) = Input (e.g., via keyboard).
Steps 2 & 3 (Calculate sum and average) = Process.
Step 4 (Report average) = Output (e.g., display on screen).
 Collaborative Software Development
• Large software (e.g., Microsoft Office, Adobe
Photoshop) involves hundreds of developers
worldwide.
• Collaboration is possible through protocols and
communication standards.
• Algorithm Representation Methods
• Flowcharts
– Use special shapes for different actions or steps.
– Lines and arrows indicate sequence and relationships.
• Pseudocode
– Written in English-like instructions.
– Provides a simple and concise way to describe how to solve
 Flowcharts vs. Pseudocode
• Flowcharts:
– Visually appealing
– Easier to understand for beginners
• Pseudocode:
– Closer to actual programming instructions
– More suitable for code translation
• Interchangeability
• Algorithms can be converted between flowcharts and
pseudocode using standard symbols and structures.
Standard graphical symbols and most commonly used
symbols for simple flowcharts are below…..
 Flowchart Symbols and Their
Functions
• Terminator (Oval):
– Marks the start or end of an algorithm.
• Parallelogram (Input/Output):
– Indicates data input (e.g., from keyboard) or output
(e.g., display result).
• Rectangle (Process):
– Represents processing steps like calculations or actions
(e.g., sum or average).
• Diamond (Decision):
– Represents a decision point (e.g., Yes/No) that affects
the next step.
 Flowchart Symbols and Their
Functions
• Arrow (Flowline):
– Shows the direction and sequence of the flow.
• Circle (Connector):
– Used to link flowcharts across different sections or
pages.
• Predefined Process (Subroutine):
– Represents a separate module or specific task handled
elsewhere in the flowchart.
 6.3.1 Developing Flowcharts
• Flowcharts can represent both computational and non-
computational activities.
• Example of non-computational activity:
– Maintaining peace in school by reducing absenteeism,
avoiding abuse, and promoting collaboration.
• School Policy Example (Non-Computational Flowchart)
• Policy Rules:
– Physical attack (1st time): Bring parents + warning letter.
– Physical attack (2nd time): Suspension for one year.
– Non-physical attack: Isolation for one period.
 6.3.1 Developing Flowcharts
• Flowchart Features (Figure 6.2)
• Terminals (Ovals): Represent the start and end of
the process.
• Decision Diamonds: Used for conditional checks
(Yes/No branches).
• Parallelograms: Indicate input and outputs (3
outputs in total).
• Connector (Circle): Links parts of the flowchart.
• Rectangle: Represents a process step.
 Here are step-by-step text-based
flowchart descriptions for both exercises.
You can use these to draw the actual flowcharts using flowchart
symbols (terminator, parallelogram, rectangle, diamond, and arrows).
Exercise 1: Driving Speed Check
Flowchart Structure:
Start (Terminator)
Input speed (Parallelogram)
Is speed ≤ 40? (Diamond)
If Yes → Output: "Reasonable speed" (Parallelogram) → Go to End
If No → Next step
Is speed > 60? (Diamond)
If Yes → Output: "Excessive speed, you are at high risk for traffic accident"
(Parallelogram) → Go to End
If No → Output: "You are in medium speed limit. Be careful!"
 Cont.…
End (Terminator)
Exercise 2: Sum and Product of Two Numbers
Flowchart Structure:
Start (Terminator)
Input number1, number2 (Parallelogram)
Calculate sum = number1 + number2 (Rectangle)
Calculate product = number1 × number2 (Rectangle)
Output sum (Parallelogram)
Output product (Parallelogram)
End (Terminator). If you'd like, I can also generate visual
diagrams for these flowcharts. Would you like to see
them in image form?