+254 723 86 86 77
hello@sqool.co.ke
Your cart is empty
Empty notifications
Login Register

Security threats and control measures

Lesson 2/4 | Study Time: 20 Min
Course: Data Security and Controls
Security threats and control measures

Viruses

A computer virus is a destructive program that attaches itself to other files and installs itself without permission on the computer when the files are opened for use. The virus may cause havoc on the computer system, for example, it may delete data on storage devices or interfere with the proper functioning of the computer system.


Types of computer viruses include:


1. Boot sector viruses - they destroy the booting information on storage devices.

2. File viruses - attach themselves to files.

3. Hoax viruses - Come as e-mail with an attractive subject and launches itself when e-mail is opened.

4. Trojans - they appear to perform necessary functions but perform other undesirable activities in the background without user knowledge.

5. Worms - viruses that stick in the computer memory.

6. Backdoors - may be a Trojan or a worm that allows hidden access to a computer system.


Control measures against viruses

1. Install the latest versions of anti-virus software on the computers. Make sure that you continuously update the anti-virus software with new virus definitions to counter the new viruses that are being manufactured on a daily basis.

2. Avoid foreign diskettes in the computer room. If they have to be used, they must first be scanned for viruses.

3. Avoid opening mail attachments before scanning them for viruses.


Unauthorized access

Data and information is always under constant threat from people who may want to access it without permission. Such persons will usually have a bad intention either to commit fraud, steal the information and destroy or corrupt the data. Unauthorized access may take the following forms:


Eavesdropping

This is tapping into communication channels to get information. Hackers mainly use eavesdropping e.g. to obtain numbers of credit cards.


Surveillance (monitoring)

This is where a person may keep a profile of all computer activities done by another person or people. The information gathered may be used for one reason or the other e.g. spreading propaganda or sabotage. Many websites keep track of your activities using special programs called cookies.


Industrial espionage

Spying on your competitor to get information that you can use to counter or finish the competitor. This is mostly done with an aim to get ideas on how to counter by developing similar approach or sabotage.


Also unauthorized access can be as follows:

1. An employee who is not supposed to view or see sensitive data by mistake or design gets it.

2. Strangers who may stray into the computer room when nobody is using the computers.

3. Forced entry into the computer room through weak access points.

4. Network access in case the computers are networked and connected to the external world.


Control measures against unauthorized access

1. Enforce data and information access control policies on all employees.

2. Encrypt the data and information during transmission (data encryption is discussed in details later in the chapter).

3. Keep the computer room closed when nobody is using it.

4. Reinforce the weak access points like doors and windows with metallic grills and burglar alarms.

5. Enforce network security measures.

6. Use files passwords to deter any persons who may get to the electronic files.


Computer errors and accidental access

Sometimes, threats to data and information come from people making mistakes like printing sensitive reports and unsuspectingly giving them to unauthorized person(s). Also, if end users have too much privilege that allows them to change or access sensitive files on the computer then accidental access mistakes may occur.

Errors and accidental access to data and information may be as a result of people experimenting with features they are not familiar with. For example, a person may innocently download a file without knowing that it is self-installing and it is dangerous to the system.


Control measures against computer errors and accidents

1. Give various file access privileges and roles to the end users and technical staff in the organization i.e. denies access permissions to certain groups of users for certain files and computers.

2. Set up a comprehensive error recovery strategy in the organization.


Theft

The threat of theft to data and information is a real one. Some information is so valuable that business competitors or some governments can pay a fortune to somebody who can steal the information for them to use. Therefore, the following control measures should be taken to prevent theft of hardware, software and information.


Control against theft

1. Employ guards to keep watch over data and information centers and Backups.

2. Burglar proofs the computer room.

3. Reinforce weak access points like the windows, door and roofing with metallic grills and strong padlocks.

4. Create backups in locations away from the main computing centre.

Previous Lesson Next Lesson
Anestar Group of Schools

Anestar Group of Schools

Product Designer
Faithful User
Mile Ten
Top Seller
Profile

Class Sessions

1- Introduction and definition 2- Security threats and control measures 3- Computer Crimes 4- Detection and protection against computer crimes

Your privacy matters

Cookies and similar technologies are used on our sites to personalise content and ads. You can find further details and change your personal settings below. By clicking OK, or by clicking any content on our sites, you agree to the use of these cookies and similar technologies.

GDPR

When you visit our Sqool Platform, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and manage your preferences. Please note, that blocking some types of cookies may impact your experience of the site and the services we are able to offer.

  • These cookies are necessary for our Sqool Platform to function properly and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms, or where they’re essential to providing you with a service you have requested. You cannot opt out of these cookies. You can set your browser to block or alert you about these cookies, but if you do, some parts of the site will not then work. These cookies do not store any personally identifiable information.
  • These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site, which helps us optimize your experience. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not be able to use your data in this way.
  • These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
  • These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.