You are on page 1of 4

COMPUTER SECURITY IN ORGANIZATIONS TODAY

According to (Center for Internet Security, 2010), cyber security involves protecting the information and
systems we rely on every day-whether at home, work or school. There are three core principles of cyber
security:
a) Confidentiality: Information that is sensitive or confidential must remain so and should be
accessible to authorized users only.
b) Integrity: Information must retain its integrity and not be altered from its original state.
c) Availability: Information and systems must always be available to authorized users when needed.
IMPORTANCE OF COMPUTER SECURITY IN ORGANIZATIONS TODAY
a) To Protect Companys Assets- The assets involve the information that is stored in the computer
networks, which are as crucial and valuable as the tangible assets of the company. The computer
and network security is concerned with the integrity, protection and safe access of the confidential
information ( Courtney , 2014).
b) To Comply with Regulatory Requirements and Ethical Responsibilities- Every organization
develops procedures and policies addressing the security requirements of every organization.
These policies work for the safety and security of any organization and are compulsory for any
organization working on computers ( Courtney , 2014).
c) For Competitive Advantage- In the arena of Internet financial services and e-commerce,
network security assumes prime importance. The customers would avail the services of internet
banking only if the networks are secured ( Courtney , 2014).
d) To help curb the increasing volume and sophistication of cyber security threats-including
targeting phishing scams, data theft, and other online vulnerabilities (Center for Internet Security,
2010).

Threats
According to (Center for Internet Security, 2010), threats may be due to improper cyber security controls,
manmade or natural disasters, or malicious users wreaking havoc. They include:
a) Denial-of-service: refers to an attack that successfully prevents or impairs the authorized
functionality of networks, systems or applications by exhausting resources.
b) Malware, worms, and Trojan horses: These spread by email, instant messaging, malicious
websites, and infected non-malicious websites. Some websites will automatically download the
malware without the user's knowledge or intervention
c) Botnets and zombies: A botnet, short for robot network, is an aggregation of compromised
computers that are connected to a central "controller." The compromised computers are often
referred to as "zombies." These threats will continue to proliferate as the attack techniques evolve

and become available to a broader audience, with less technical knowledge required to launch
successful attacks. Botnets designed to steal data are improving their encryption capabilities and
thus becoming more difficult to detect.
d) "Scareware" - fake security software warnings: This type of scam can be particularly profitable
for cyber criminals, as many users believe the pop-up warnings telling them their system is
infected and are lured into downloading and paying for the special software to "protect" their
system.
e) Social Network Attacks: Social networks can be major sources of attacks because of the volume
of users and the amount of personal information that is posted. Users' inherent trust in their online
friends is what makes these networks a prime target. For example, users may be prompted to
follow a link on someone's page, which could bring users to a malicious website.
HANDLING SECURITY ISSUES
Scams and Frauds
a) Training employees to recognize social engineering- Social engineering, also known as
"pretexting," is used by many criminals, both online and off, to trick unsuspecting people into
giving away their personal information and/or installing malicious software onto their computers,
devices or networks (Federal Communications Commission).
b) Protecting against online fraud- It is helpful to maintain consistent and predictable online
messaging when communicating with your customers to prevent others from impersonating your
company.
c) Protecting against phishing- Phishing is the technique used by online criminals to trick people
into thinking they are dealing with a trusted website or other entity, (Center for Internet Security,
2010).
d) Dont fall for fake antivirus offers- Fake antivirus, "scareware" and other rogue online security
scams have been behind some of the most successful online frauds in recent times. Make sure
your organization has a policy in place explaining what the procedure is if an employee's
computer becomes infected by a virus.
e) Protecting against malware- Businesses can experience a compromise through the introduction
of malicious software, or malware. Malware can make its way onto machines from the Internet,
downloads, attachments, email, social media, and other platforms.
f) Be aware of spyware and adware- Spyware and adware, when installed will send pop-up ads,
redirect to certain websites, monitor websites that you visit and track what keys are typed. To
avoid being infected with spyware, limit cookies on your browser preferences, never click on
links within pop-up windows, and be wary of free downloadable software from unreputable
sources.

Network Security
a)

Using Strong Passwords and Changing Them Regularly- A password should always be
required to log in. Strong passwords are ones that are not easily guessed. Although a strong
password will not prevent attackers from trying to gain access, it can slow them down and
discourage them, (Health IT.gov, 2014).

b) Using a Firewall- Firewall protects against intrusions and threats from outside sources. It can

take the form of a software product or a hardware device. In either case, its job is to inspect all
messages coming into the system from the outside (either from the Internet or from a local
network) and decide, according to pre-determined criteria, whether the message should be
allowed in.
c) Securing and encrypting your companys Wi-Fi- It is important that such a WLAN be kept
separate from the main company network so that traffic from the public network cannot traverse
the companys internal systems at any point. The companys internal WLAN should only employ
Wi-Fi Protected Access 2 (WPA2) encryption, (Federal Communications Commission).
d) Encrypting sensitive company data- Encryption should be employed to protect any data that
your company considers sensitive, in addition to meeting applicable regulatory requirements on
information safeguarding.
e)

f)

Installing and Maintain Anti-Virus Software- The primary way that attackers compromise
computers in the small office is through viruses and similar code that exploits vulnerabilities on
the machine. It is important to use an Anti-Virus product that provides continuously updated
protection against these exploits, (Health IT.gov, 2014).
Setting safe web browsing rules- Your companys internal network should only be able to
access those services and resources on the Internet that are essential to the business and the needs
of your employees. Use the safe browsing features included with modern web browsing software
and a web proxy to ensure that malicious or unauthorized sites cannot be accessed from your
internal network.

g) Controlling Physical Access- Not only must assets like files and information need to be secured,

the devices themselves that make up an information system must also be safe from unauthorized
access. The single most common way that protected information is compromised is through the
loss of devices themselves, whether this happens through theft or accidentally.
h) Controlling Access to Information- For many situations in small practices, setting file access

permissions may be done manually, using an access control list. This can only be done by
someone with administrative rights to the system, which means that this individual must be fully
trusted

Website Security

1. Carefully planning and addressing the security aspects of the deployment of a public web server.
Businesses are more likely to make decisions about configuring computers appropriately, consider the
human resource requirements for the deployment and continued operation of the web server and
supporting infrastructure, (Federal Communications Commission).
2. Implementing appropriate security management practices and controls when maintaining and
operating a secure web server.
These include the identification of your companys information system assets and the development,
documentation and implementation of policies, and guidelines to help ensure the confidentiality, integrity
and availability of information system resources.
3. Ensuring that web server operating systems meet your organizations security requirements.
This involves securing the underlying operating, hardware and software configurations.
4. Ensuring the web server application meets your organizations security requirements.
The overarching principle is to install the minimal amount of web server services required and eliminate
any known vulnerabilities through patches or upgrades.
5. Ensuring that only appropriate content is published on your website.
Company websites are often one of the first places cyber criminals search for valuable information.
6. Ensure appropriate steps are taken to protect web content from unauthorized access or modification.
8. Use authentication and cryptographic technologies as appropriate to protect certain types of sensitive
data.
Bibliography
Courtney , H. (2014, May 7). Importance Of Network Security For Business
Organization. Retrieved September 26, 2014, from AvaLAN Wireless:
http://info.avalanwireless.com/blog/bid/385189/Importance-Of-NetworkSecurity-For-Business-Organization
Center for Internet Security. (2010, October). Cyber Security Tips NEWSLETTER.
Retrieved September 30, 2014, from MULTI-STATE Information, Sharing &
Analysis Center: http://msisac.cisecurity.org/newsletters/2010-10.cfm
Federal Communications Commission. (n.d.). Cyber Security. Federal
Communications Commission.
Health IT.gov. (2014, March 28). Security Risk Assessment. Retrieved September 30,
2014, from Health IT.gov: http://www.healthit.gov/providersprofessionals/cybersecurity