COLLEGE OF INFORMATION TECHNOLOGY

Divine Word College of Vigan, Vigan City, 2700, Ilocos Sur

IT 112
Subject: Information Assurance and Security 1
(Zareena A. Dimaano)

Instructions: Discuss and explicate each question, before you begin writing, read the passage
carefully and plan what you will say. Your essay should be well organized
and carefully written as you make it.

1. What Is Computer Security?

In this digital era, we all want to keep our computers and our personal
information secure and hence computer security is important to keep our
personal information protected. It is also important to maintain our computer
security and its overall health by preventing viruses and malware which
would impact the system performance. So, my understanding of computer
security is that it involves preventing damage, theft, and unauthorized use of
computer systems and data. It involves both identifying and preventing the
use of your computer system without authorization. There are also other
types of computer security that are frequently used to protect an
organization's important data.

2. Some important terms used in computer security Give at least 10 and

explain each briefly by giving real life example.

Malware - is any harmful software that is put on your device as a result

of a user accidentally clicking on a dangerous link or opening an
attachment. Malware is available in a variety of forms, with viruses and
trojans being two of the most prevalent.
An example of this is in July 2016, a Japanese travel agency, JTB Corp,
suffered a data breach compromising almost 93 million user records.
The data breach was a result of an employee opening a malicious
document that he received via a phishing email. The malicious document
included a trojan horse, that is designed to steal user information. It
was reported that 7.93 million user records from Japanese Travel
Agencies were compromised.
Spyware - is a program or software component that resides on an
infected computer and gathers data without the users' knowledge or
permission. Many methods, including keyboard logging, capturing
Internet web surfing history, and scanning documents on the
computer's hard drive, are used to covertly record this private
information. There are many motives, for example from the criminal
(stealing passwords and financial information) to the downright
bothersome (recording Internet search history for targeted advertising,
while consuming computer resources).

1|Page
 COLLEGE OF INFORMATION TECHNOLOGY
Divine Word College of Vigan, Vigan City, 2700, Ilocos Sur

Distributed Denial of Service (DDoS) - The objective of this cyber-

attack is to overload the system you would put in place, such as a
website, server, or other devices, with traffic. The system will often crash
or shut down, as a result, causing downtime. Usually, information is not
stolen in these kinds of attacks. The majority of the time, these attacks
are a cybercriminal's onslaught designed to shut down your system,
resulting in lost revenue from downtime and file recovery.
A real-life example of this is on Sept. 9, 2021, there was a huge cyber-
attack on the Russian Tech powerhouse, Yandex, which is believed to be
the biggest DDoS attack ever seen. Yandex reported that their “experts
did manage to repel a record attack of nearly 22 million requests per
second (RPS). This is the biggest known attack in the history of the
internet.
Adware - Adware and spyware have extremely slight differences from one
another. Without the user's consent, both adware and spyware are
installed on the computer. The main goal of an adware program is to
show targeted advertisements based on the user activity it is monitoring.
People frequently conflate "adware" with "spyware" and "virus," especially
given how closely these ideas relate to one another. For instance, if one
person installs "adware" on a computer and authorizes a tracking
feature, the "adware" turns into "spyware" when another user accesses
that computer, interacts with the "adware," and is tracked by it without
their permission.
Personally Identifiable Information (PII) - The information which can
be used to distinguish or trace an individual’s identity, such as their
name, social security number, biometric records, etc. alone, or when
combined with other personal or identifying information that is linked or
linkable to a specific individual, such as date and place of birth, mother’s
maiden name, etc.
Denial-of-service attack - A denial-of-service attack (DoS attack) is an
attempt to make a computer resource unavailable to its intended users.
Typically, the targets are high-profile web servers, and the attack
attempts to make the hosted web pages unavailable on the Internet.
Trojan Virus - A Trojan virus is designed to look like a helpful program,
but when used, it opens a door for a hacker to access a computer's
system. The Trojan virus can locate and activate other malware on the
network, steal data, or delete files.
Hacker: Originally used to describe a computer enthusiast who pushed a
system to its highest performance through clever programming, the term
hacker through media portrayal has evolved and is often confused with
“cracker” as someone who tries to access a computer or a network
without prior approval of the owner of the system. For example, a person
who tries and exploits a computer system for a reason which can be
money, a social cause, fun, etc.
Ports - A port is a logical component of the TCP connection. Learning
more about ports will help you better defend your network by closing off
ports and services which are not required. For example, if a port is open,
even something like port 80 which you use to access the internet, if you

2|Page
 COLLEGE OF INFORMATION TECHNOLOGY
Divine Word College of Vigan, Vigan City, 2700, Ilocos Sur

Ping-of-Death attack - A computer attack known as a "ping of death"

(abbreviated "POD") is sending a computer a ping that is malicious or
otherwise flawed. The standard ping size is 64 bytes, and many
computers cannot process pings greater than the 65,535-byte limit of
an IP packet. This size of ping usually causes the target machine to
crash.
Traditionally, it has been rather simple to take advantage of this
problem. A packet of such size can be sent if it is fragmented, even
though networking protocol prohibits transmitting packets larger than
65,536 bytes in general. When the target computer reassembles the
packet, a buffer overflow can happen, which frequently results in a
system crash.

3. What motivates the security violators? Justify your answer.

According to my research, there are six factors drive security

breaches: (Financial Gain, Recognition & Achievement, Insider Threats,
Political Motivation, State Actors, and Corporate Espionage). But in my
opinion, one of the main motivations for targeting a group or person is
financial. I think that a hacker or someone who violates data security is
primarily motivated by money, and there are many ways to do this. They
can gain direct access to a bank or investment account, steal passwords to
your financial websites, move assets to one of their own, use sophisticated
spear phishing to mislead an employee into sending money or even attack
your entire company with ransomware. Because of their interest,
conviction, passivity, anger, greed, hope, and honor. The possibilities are
unlimited, but the majority of hackers seek to gain money. Like individuals,
organizations of hackers can range from good to malicious.

REFERENCE

Archana Choudary (2022). What is Computer Security and Its Types? Introduction to Computer
Security. What is Computer Security? | Introduction to Computer Security (edureka.co)
Corey Evans (2021).   7 Types of Cyber Security Attacks with Real-Life Examples. 7 Types of
Cyber Security Attacks with Real-Life Examples | E-Tech (etechcomputing.com)

Ajit Gaddam (2008). Important Computer Security Terms and Terminology. Important Computer
Security Terms and Terminology - Ajit Gaddam (root777.com)

Camrym Mottl (2022). 6 Motivations of Cyber Criminals. 6 Motivations of Cyber Criminals

(coretech.us)

3|Page