Professional Documents
Culture Documents
LESSON 7
IT Security Incidents
INTRODUCTION
“At the end of the day, the goals are simple:
safety and security.” -Jodi Rell
In addition to providing a useful classification of computer crimes and their perpetrators, this
lesson outlines both how to implement trustworthy computing to manage security vulnerabilities
and how to respond to specific security incidents to quickly resolve problems and improve ongoing
security measures. A process for performing an assessment of an organization’s computers and
network from both internal and external threats is presented. It discusses the need for a corporate
security policy and offers both a process for establishing a security policy and several security-
related policy templates that can help an organization to quickly develop effective security policies.
OBJECTIVES
At the end of the module, you should be able to:
UNLOCKING OF DIFFICULTIES
1. ransomware an attack that encrypts valuable information to extort funds from the
victim in exchange for the data’s release
2. phishing malicious email disguised as coming from a colleague, customer or
financial institution to gain access to assets
3. DOS Denial-of-service attack; an attack that cripples an organization’s online
operations, preventing it from doing business
4. perpetrators someone who has committed a crime — suspect until it has been
proven that he or she carried out the offense.
PRE-ASSESSMENT
Direction: Read and analyze each statement and identify what is asked or described in each item.
Encircle the letter of the correct answer.
1. What is a piece of programming code usually disguised as something else that causes a
computer to behave in an unexpected and usually undesirable manner?
A. Virus C. Trojan Horse
B. Worms D. Rootkit
2. This attack is a set of programs that enables its user to gain administrator-level access to
a computer without the end user’s consent or knowledge.
A. Virus C. Trojan Horse
B. Worms D. Rootkit
5. It is also known as “Junk Email” which causes the abuse of email systems to send
unsolicited email to large numbers of people.
A. SPAM C. Love bug
B. Logic Bomb D. Virus
10. It is one in which a malicious hacker takes over computers on the internet.
A. Virus C. DOS attack
B. Worms D. Malware infection
LEARNING TASKS
Directions: List down seven (7) computer problems you have encountered in school, offices and even
at home.
MAIN CONTENT
Things to Ponder! Read and Understand. (Individual)
Directions: Read, understand, and analyze the text below and accomplish the following activities.
I T S E C U R I T Y I N C I D E N T S: A M A J O R CONCERN
Types of Exploits
✓ Computer virus has become an umbrella term for many types of malicious
code. Technically, a virus is a piece of programming code, usually disguised as
something else, that causes a computer to behave in an unexpected and usually
undesirable manner.
✓ Often a virus is attached to a file, so that when the infected file is opened, the
virus executes. Other viruses sit in a computer’s memory and infect files as the
Viruses computer opens, modifies, or creates them. Most viruses deliver a “payload,” or
malicious software that causes the computer to perform in an unexpected way.
✓ For example, the virus may be
programmed to display a certain message on the
computer’s display screen, delete or modify a
certain document, or reformat the hard drive. A
true virus does not spread itself from
computer to computer.
✓ A virus is spread to other machines
when a computer user opens an infected email
attachment, downloads an infected program, or visits infected Web sites. In other
words, viruses spread by the action of the “infected” computer user.
✓ Unlike a computer virus, which requires users to spread infected files to other
users, a worm is a harmful program that resides in the active memory of the
computer and duplicates itself. Worms differ from viruses in that they can propagate
without human intervention, often sending copies of themselves to other computers
by email.
✓ The negative impact of a worm attack on an organization’s computers can be
Worms considerable—lost data and programs, lost productivity due to workers being unable
to use their computers, additional lost productivity as workers attempt to recover data
and programs, and lots of effort
for IT workers to clean up the
mess and restore everything to
as close to normal as possible.
✓ The cost to repair the
damage done by each of the
Code Red, SirCam, and
Melissa worms was estimated to exceed $1 billion, with that of the Conficker, Storm,
and ILOVEYOU worms totaling well over $5 billion.16,17
✓ A Trojan horse is a program in which malicious code is hidden inside a
seemingly harmless program. The program’s harmful payload might be designed to
enable the hacker to destroy hard drives, corrupt files, control the computer remotely,
launch attacks against other computers, steal passwords or Social Security numbers,
or spy on users by recording keystrokes and transmitting them to a server operated
by a third party.
• If it is determined that the calls are originating from within the United States,
companies should report the scam to the Federal Bureau of Investigation (FBI).
• Institutions can also try to notify the telecommunications carrier for the phone
number that victims are requested to call, to request that they shut down that number
Types of Perpetrators
The people who launch these kinds of computer attacks include thrill seekers
wanting a challenge, common criminals looking for financial gain, industrial spies trying to
gain a competitive advantage, and terrorists seeking to cause destruction to further their
cause.
Each type of perpetrator has different objectives and access to varying resources,
and each is willing to accept different levels of risk to accomplish his or her objective.
Each perpetrator decides to act in an unethical manner to achieve his or her own
personal objectives.
Prevention
No organization can ever be completely secure from attack. The key is to implement a layered
security solution to make computer break-ins so difficult that an attacker eventually gives up. In a
layered solution, if an attacker breaks through one layer of security, there is another layer to overcome.
These layers of protective measures are explained in more detail in the following sections.
ANALYSIS
Directions: List down 5 cyber-attacks issues from the internet and its corresponding action/s that must
be taken in response to the incident.
✓
2.
✓
3.
✓
4.
✓
5.
ABSTRACTION
Overview: Do you know how much data about yourself is freely online? If someone were to research you, what
would they be able to find? What could they know about you from a simple search? Put on your
detective hat and go digging for the data you can find about yourself.
Directions: Begin by typing in your name. Then, try your name + your school or the name of your city.
Even try your name + a sport you play! You can look at search engines, your school
website, social networks, or any other frequently used website! You can even include posts
from social media sites if you can find them.
___________________________________
___________________________________
___________________________________
___________________________________
___________________
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
____________________
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
___________________________
APPLICATION
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
✓ ___________________________________________________________________________
___________________________________________________________________________
REFLECTION
Direction: Share some learning insights/reflection about the knowledge and skills gained from the
present lesson. Do the following activities.
POST-ASSESSMENT
Direction: Identify whether the following statements are true or false. Write T if the statement is correct
otherwise F and change the underlined word/s to make the statement true.
___________________1. According to the 2010/11 CSI Computer Crime and Security Survey,
issues.
___________________3. There are many kinds of people who launch computer attacks, including
curiosity—to see whether they can gain access and how far they can go.
a Web site.
undesirable manner.
GLOSSARY
GLOSSARY
The following terms used in this module are defined as follows:
a network security system that monitors and controls over all your incoming and
firewall outgoing network traffic based on advanced and a defined set of security rules.
REFERENCES