Professional Documents
Culture Documents
Specific Objective 15: explain the meaning of terms related to the security of Information
Technology Systems;
Content: For example, data security, passwords, authentication, encryption, data
corruption.
Computer Security
General Risks
Human Error – The mistakes staff and other people make are a treat. E.g. inputting a
transaction to the wrong account, key an incorrect value, forgetting to check if a back up
has completely properly. Incorrect data prevents the system from operating, as it should.
Technical Error – Hardware, software, and storage media faults. Hardware failure has
the potential to prevent the system from operating. A software fault (bug) may slow down
the system. A major software fault must be corrected. A faulty disk is likely to prevent
the system retrieving data held on it.
Virus – A virus is a small piece of software that performs unauthorized actions and
which replicates itself. They may damage files or attempt to destroy files and damage
hard disks.
Natural Disasters – In some areas flooding is a natural risk, e.g. towns near rivers or
coasts. Wind and rain can cause substantial damage to buildings. Flooding and lightning,
pose a treat to power supplies. Power surges may occur when services are restored which
may affect computer operations. Earthquakes may damage buildings that house
computers.
Theft and Vandalism – Computer theft may be carried out by staff or intruders. Other
theft risks includes: chip theft, theft of storage media e.g. CD-Rs, theft or unauthorized
copying of company software, theft of commercially valuable data (either by hackers or
unauthorized users).
Risk Management
Risk management involves putting in place measures and controls to ensure computer
security is maintained. Organizations should take steps to minimize or control the
possible impact of risks to computer systems.
Access codes and passwords (Logical Access Controls) – Prevents actual entry to
computer system software and data. Examples include:
Audit Trails – A record showing who has accessed a computer system and what
operations he/she has performed during a given period of time. Audit trails are useful
both for maintaing security and for recovering lost transactions. Most accounting systems
and database management systems include audit trail component. In addition, there are
separate audit trail software products that enable network administrators to monitor use of
network resources.
Log Systems – A file that lists actions that have occurred. For example, web servers
maintain log files listing every request made to the server. With log file analysis tools,
it’s possible to get a good idea of where visitors are coming from, how often they return,
and how they navigate through a site.
Encryption – This involves scrambling the data at one end of the line, transmitting the
scrambled data, and unscrambling it at the receiver’s end of the line. Thus, the person
intercepting the scrambled message is less likely to make sense of it. Data that is sent
across telecommunication lines is exposed to the risk of being intercepted or read during
transmission. Encryption is used to reduce this risk.
Loss of, or damage to, data or program file can severely disrupt computerized systems.
Files can be physically deleted, and it is also possible for a file to become corrupted
(changed in unintended way). A file may also be physically damaged and become
unreadable. It is important, therefore that a usable copy of a file can be restored from
back up.
Most operating systems include back up utility for creating back ups. There is also
specialized back up software available to allow easy establishment and performance of
back up routines.
With networks and larger systems back-up utility can be set to back up everything or
certain selected files, automatically, at a regular time each day e.g. midnight.
At least some back up copies should be stored off site. In the case of a fire or a burglary
at business premises the back up copies will not be damaged. Some organizations keep
Some organizations Archive data. This is the process of moving (by copying) data from
the hard disk, to tape or other portable media for long term storage.
Making duplicate copies of files (back up) reduces the risk of loss of data from natural
disasters, theft of data, corrupted data, human error, deletion of files.
Exercise
1. Identify three computer risks, apart from the risks identified on this lecture sheet.
2. Analyze the following situation and propose appropriate risk management solutions
where needed.
(i). Your department is located in an open-plan office. The office contains five
networked desktop PCs and two laser printers.
You have just read an article suggesting the best form of security is to lock hardware
away in fireproof cabinets, but you feel this is impractical. Make three (3)
suggestions of alternative security measures that you may adopt to protect the
hardware and data held on the system.
3. Create a private file. Create a password to open and another password to modify the
document.
Assignment
1. Your company is reviewing all areas of computer operations and the associated risks.
You realize that no one has considered the risks of fire or flooding. Make
recommendations of the risk management techniques you consider relevant to these
areas.