Professional Documents
Culture Documents
Outline
► The security precautions related to computer information and access address four
major threats:
1. theft of data, such as that of military secrets from government computers;
2. vandalism, including the destruction of data by a computer virus;
3. fraud, such as employees at a bank channelling funds into their own accounts;
4. invasion of privacy, such as the illegal accessing of protected personal financial
or medical data from a large database.
Types of computer security
► Application security.
► Information security.
► Network Security.
► Endpoint Security.
► Internet Security.
Application Security
► Application security is the type of cyber security which adds security features
within applications to prevent from cyber threats.
► The threats can be SQL injection, denial of service (DoS) attacks, data breaches or
other cyber-attacks.
► There are some application security tools and techniques such
as firewalls, antivirus software, encryption, and web application firewall which
can help to prevent from cyber-attacks.
► A web application firewall is designed to protect web applications by filtering and
monitoring HTTP harmful traffic.
Information Security
► Information security (IS) is the type of computer security which refers to the
process and methodology to protect the confidentiality, integrity and availability
of computer systems from unauthorised access, use, modification and destruction.
► It focuses on the CIA triad model, which is applied to
ensure confidentiality, integrity, and availability of data, without affecting
organisation productivity.
CIA Triad
► Confidentiality, integrity and availability together are considered the three most
important concepts within information security.
► Confidentiality ensures that data is protected from unauthorised access
► Integrity ensures that data is/can only be modified by appropriate mechanisms
► Availability ensures that legitimate users can access information for legitimate
purposes
► Considering these three principles together within the framework of the "triad" can
help guide the development of security policies for organizations.
Network Security
► Human error is a major weak point which is easily exploited by cyber criminals.
► End users are the largest security risk in any organisation.
► However, this risk occurs mostly due to a lack of awareness of the ICT policy.
► They can unintentional open the virtual gates to cyber attackers.
► So, that’s why comprehensive security policies, procedures and protocols have to
be understood in depth by users who accessing the sensitive information.
Internet Security
► Internet security is an important type of computer security which has been defined
as the process to create a set of rules and actions to protect computers system that
are connected to the Internet.
► It is a branch of computer security that deals specifically with internet-based
threats
Privacy Act
► The purpose of the Privacy Act is to balance the Government’s need to maintain
information about individuals with the rights of individuals to be protected against
unwarranted invasions of their privacy resulting from the collection, maintenance, use,
and disclosure of personal information.
► In general, the Privacy Act focuses on four basic policy objectives:
► To restrict disclosure of personally identifiable records maintained by agencies
► To grant individuals increased rights of access to agency records maintained on them
► To grant individuals the right to seek amendment of agency records maintained on them upon
showing that the records are not accurate, relevant, timely, or complete
► To establish a code of “fair information practices” which requires agencies to comply with
statutory norms for collection, maintenance, and dissemination of records
► Different countries have their own Privacy Act.
► In Zimbabwe: The protection of privacy is a principal enshrined
in Zimbabwe's Constitution. The Access to Information and Protection
of Privacy Act (Chapter 10:27) contains the most provisions on data protection.
However, this generally only regulates the use of personal data by public bodies.
Data Protection Act
► A computer usage policy is a document that provides employees with guidelines on how
to appropriately use company equipment and the internet on your work computer
network.
► With such a policy, employees will be aware that browsing specific sites, downloading
certain files, and using the computer system for anything other than business purposes is
prohibited.
► It’ll also highlight how violation of the policy can lead to termination of employment and
other consequences.
► This way, you protect your business from various risks like losing or leaking important
information and computer files or getting your computers infected with malware.
► This kind of policy can minimize the risk of computer misuse – whether in the university
library or a business office.
Categories of policies
► When you compile a security policy you should have in mind a basic structure in
order to make something practical. Some of the main points which have to be
taken into consideration are −
► Description of the Policy and what is the usage for?
► Where this policy should be applied?
► Functions and responsibilities of the employees that are affected by this policy.
► Procedures that are involved in this policy.
► Consequences if the policy is not compatible with company standards.
► Types of Policies
Types of Policies