Distinguish Security Safeguards: Protecting Computer and Communications

Security: a system of safeguards for protecting information technology against disasters, system failures, and unauthorized
access that can result in damage or loss.

Computer security’s five components:

1. Deterrents to computer crime

2. Identification and access
3. Encryption
4. Protection of software and data
5. Disaster recovery plans

Deterrents to computer crime

 Enforcing laws
 CERT (The Computer Emergency Response Team): provides round-clock info on international computer
security threats.
 Tools to fight fraudulent and unauthorized online uses include: rule-based detection software,
predictive-statistical-model software, employee Internet management software, and Internet filtering
software (filtering out unsafe content, used for families with younger children).

Identification and access

 Verify legitimate right if access by what you have (cards, keys, signatures, badges), what you know
(PIN’s and password; call back provision), and who you are (biometrics, such as fingerprint scans, face
recognition, voice recognition).

Encryption
 Encryption is the process of altering readable data into unreadable form to prevent unauthorized
access.
 Advantage: encrypting data that is available over the Internet keeps thieves and hackers from reading
it.
 Disadvantage: encrypting data may prevent law-enforcement officials from reading the data criminals
are sending to one another

Protection of software and data

 Restrict access to online files; use transaction logs
 Use audit controls to track who used what programs and servers, which files were opened, and so on…
 Use people controls (screen applicants; to background checks; monitor internet, email, and computer
usage; use shredders for discarded documents and materials.

Disaster-Recovery Plans
 Method of restoring information-processing operations that have been halted by destruction or
accident
 Must back up everything (put mainframes in different locations)
 Plans to backup range in price and complexity
 Automatically store data redundantly in two or more places
 Have an off-site computer-based data storage center with independent power supply.
 Discuss Security Issues: Threats to Computers and Communication Systems

There are many threats to computer and the communication system which are error, accident and natural hazards.
1. Human Errors
 Humans often are not good at assessing their own information.
 Humans emotions effect their performance.
 Humans perceptions are slower compared to the equipment.
 Information overload to humans can sometimes be a problem.

2. Procedural Errors
 When people fail to follow the steps and instruction prepared, error tends to occur.

3. Software Errors
 Software malware or bug : causes a program or software to not run properly.

4. Dirty Data problems

 incomplete, outdated or inaccurate source of data

5. Electromechanical problems
 Mechanical system can wear out or become damaged after a period of usage
 They can sometimes be badly designed or constructed
 Power surges and failures can damage the equipment connected

6. Natural hazards
 Unpredictable and often lead to disaster when occurs

7. Computer Crimes
 Computer crimes can be categorized into two which is illegal act perpetrated against computer or
telecommunications and use of computer and telecommunications to accomplish illegal acts by using the
computer as a tool.
 Other examples of computer crimes are theft of hardware, theft of software, theft of intellectual properties,
theft of time and services, theft of information and many more
 Explain Privacy Surveillance: Data Collectors and Spies

At the most basic level, surveillance is a way of accessing data. Surveillance, implies an agent who accesses (whether through
discovery tools, rules or physical/logistical settings) personal data. Privacy, in contrast, involves a subject who restricts access to
personal data through the same means.

People may ask “what is the difference between someone monitoring, surveilling or spying on me?” A simplified explanation is
that monitoring refers to the active or passive observation of people for commercial reasons or to perform activities authorized
by law. Most monitoring is not secret and can be observed. Surveillance is a targeted form of monitoring, usually conducted to
obtain specific data or evidence and usually occurs without the person knowing they are being watched such as data being
collected from apps without a person’s knowledge.

Spying combines monitoring and surveillance with active intelligence gathering and data analysis to discover what is occurring
relative to government or corporate interests. Spying can be used in the interest of national security, by unscrupulous
corporations to discover trade secrets, or has the media discovered, to sway individual’s opinions about political candidates,
high-profile individuals, or national interests.

Not all surveillance is negative, a constructive way surveillance is being used is by a company named PLANET which was profiled
in a recent National Geographic article. PLANET has only been around for a few years but they have found a way to map and
monitor the entire planet by sending roughly 200 satellites into orbit that constantly take pictures of the entire globe. Their
mission is to provide scientists with up-to-date information about things like deforestation, ice melt in the Arctic and the illegal
expansion of palm oil plantations in Africa.

To do this they track changes daily so that these problems can be addressed. They are not tracking individuals but can spot
trends and deliver insights into how populations are behaving.

Meanwhile governments are using surveillance drones for everything from tracking their security forces, monitoring weather
patterns, surveilling their borders and yes–watching us. Local police departments initially used drones for traffic control but
their usefulness has expanded to search and rescue operations and to tracking criminal activity in high-crime areas. This all
sounds great but what about when a drone flies over your neighborhood and captures images of your backyard or looks into
your windows?

Would gathered images be subjected to facial recognition software or studied for evidence of criminal activity? Would any video
be subject to the same disclosure as a video collected by officer body cams or patrol car dash cams? These are all privacy issues
we need to think about before we wholeheartedly endorse drones and government security cameras. For example, in London
there are over 500,000 CCTV cameras, or 1 for every 14 people. Are American’s willing to give up that much privacy for security?

As privacy and data security issues increasingly permeate the activities of companies, we data people need to think about how
the data we handle and manage affects our companies and our customers. Data is being closely studied as something
organizations can monetize but with these opportunities comes risk.

Are we positive that the ways our corporations want to sell personal data meet current privacy laws and regulations? Are there
security practices in place to guard against unauthorized use of the data? As data is sold, companies must consider their
customers desire for data privacy and what it would mean to a company’s stock value if there was a loss of good-will.

As companies sell their customer’s personal data, breach litigation will become a necessary cost of doing business. Any loss of
data could result in an expansion of what is considered injury in those cases. A relatively modest litigation cost can become a
huge expenditure for companies with a breach where “stolen” data was used to obtain false mortgages, open bank accounts or
file fraudulent tax returns.

Data Modelers and Data Governance experts need to work with the company’s security experts to create policies and
procedures designed to handle confidential data within the organization and to decide which data can be safely exposed to
vendors and others outside the firm.