ICT Lesson 2 - Data Security and Control

ICT and Ethics Lesson 2 – Data security and control
Data security and control
Information systems
Information system is an arrangement of people, hardware and software, data, processes and
procedures that work together to support and improve the day to day operations of an organization and
its decision making processes.
Components of an information system
An information system is essentially made up of four components hardware, software and data
network and people. These components integrate and co-ordinate so as to process data into
information. Hardware consists of input/output devices, the processor, media devices and any other
tangible part of the computer system. Software consists of various programs and procedures. Database
consists of data organized in the required structure while network consists of data equipment,
communication devices and communication media. People consist of device operators, network
administrators, system analysts and any other user of the information system.
Purpose of an information system
Information systems are a foundation for conducting business today. In many industries, survival and
even existence is difficult without extensive use of information technology. Organizations are trying to
become more competitive and efficient by transforming themselves into digital firms where nearly all
core business processes and relationships with customers, suppliers, and employees are digitally
enabled. Organizations today use information systems for:
 Data processing: Organizations use information systems to support data processing by

enhancing tasks such as data collection, processing and communication.
 Decision making: Organizations use information systems to support business decision making
by collecting operational data, analyzing it and generating reports that can be used in the
decision making process.
 Information sharing: Organizations use information systems to support facilitate sharing and
disseminating information.
1 Complied by Mr. P.K Munene

Types of information systems
An organization has different levels of management which include:
 Senior management or strategic level: This is the management level that makes long term
strategic decisions about products and services as well as ensures financial performance of the
firm. Professionals like Chief Executive Officer (CEO), Directors, and Chairmen etc. are found
at this level.
 Middle management or tactical level: This is the management level that enforces the
programs and plans (strategies) of senior management. Professionals like managers, Head of
Departments (HODs) etc. are found at this level.
 Operational management or operational level: This is the management level that is
responsible for monitoring the daily activities of the business. Professionals like such as
engineers, scientists, architects, lectures who are also known as knowledge workers, are found
at this level and design products or services and create new knowledge for the firm and do the
actual work in line the strategic level strategic plan.
There are information systems to support different groups or levels of management and they include
 Transaction Processing Systems (TPS)

 Management Information Systems (MIS)
 Decision Support System (DSS)
 Executive support systems (ESS)
The value of data

There is no organization worth its name that does not have an ICT backbone no matter how small it is.
This means that organizations cannot function without information systems. Consequently,
organizations have become dependent on data for the daily operations and thus making data a very
value asset.
Many organizations have invested heavily in protecting and safe guarding data because business
would not run properly if anything was to happen to it. The value of data comes from it being used to
run the daily business activities and the fact that it is used to make decisions.

Information systems have vulnerabilities or weaknesses within them, in terms of procedures, design
or implementation, e.g. a system may be vulnerable to unauthorized data manipulation because the
system does not verify a user’s identity before allowing data access, which could cause loss or harm
and hence are not a hundred percent secure. The presence of vulnerability exposures the information
system to a threat.
A threat agent is an entity that can exploit a vulnerability, e.g. a cracker. It takes advantage of a
vulnerabilities or weaknesses within an information system. A threat is the danger of a threat agent
exploiting a vulnerability. A risk is the likelihood that a threat agent will exploit a vulnerability. It is
the probability of a threat agent exploiting a vulnerability and the associated impact. Risk analysis on
the other hand is the process of identifying, assessing, and reducing risks to an acceptable level. It
enables an organization to define and control threats and vulnerabilities as well as to successful
implement risk reduction measures. It is an analytic discipline with three parts:
 Risk assessment: This is the process of determining what the risks are, the damage that would
result from an attack and the likelihood that the vulnerability is a risk to the organization. This
is achieved by using the vulnerability impact scale that categorises vulnerability depending on
the level of impact it has on an asset and anticipating losses. The different categories are as
described in the table below:
i. No impact: This is the kind of vulnerability that cannot affect the organisation, e.g. a weakness
within an information system or organisation that allows the theft of a mouse attached to a
desktop computer would not affect the operations of the organisation.
ii. Small impact: This is the kind of vulnerability that produces limited periods of inconveniences
which may result in changes to a procedure, e.g. a weakness within an information system that
causes a network interface adapter card to fail, to be replaced and all other cards be
periodically tested.
iii. Significant: This is the kind of vulnerability that results in a loss of employees’ productivity
due to downtime or causes a capital expense to alleviate, e.g. a weakness within an information
system or organisation that allows malware to be injected into the network.
iv. Major: This is the kind of vulnerability that has a considerably negative impact on revenue.,
e.g. a weakness within an information system or organisation that causes the theft of the latest
product research.

v. Catastrophic: This is the kind of vulnerability that cause the organisation to cease functioning
or be seriously crippled in its capacity to perform, e.g. a weakness within an information
system or organisation that allows the destruction of an office building and all the
organisation’s data.
 Risk management: This is a systematic and structured approach to managing the potential for
loss that is related to a threat. This enables one to systematically understand risks to an
information system and decide how to control them. In reality, risk can never be completely
eliminated since it would cost too much or take too long hence some degree of risk must
always be assumed.
 Risk mitigation: The final step determines what to do about the risks. Options when
confronted with a risk include:
i. Diminish the risk
ii. Transfer the risk e.g. outsourcing or insurance
iii. Accept the risk
A control, also known as a countermeasure is a safeguard that is put in place to reduce a risk. They
are practices, procedures or mechanisms that reduces risk. They are the measures taken to enforce the
security of data, programs, related hardware and network from loss, harm, unauthorized access or
modification. The goal of control measures is to provide security, ensure integrity and safety of an
information n system hardware, software and data.
Relationship between a threat agent, threat, vulnerability and risk
The following diagram shows the relationship between threat agents, threats, vulnerabilities and risks

Gives rise to Exploit

Threat agents Threats Vulnerabilities
Protect against
Increase
Expose
Reduce Information systems
Controls Risks
Have
Asset value
Protection requirements
Figure 1: The relationship between a threat agent, threat, vulnerability and risk
Data security
What is security? It is the quality or state of being secure, to be free from danger. Information
systems process data into information and avail the information to the relevant stakeholders for them
to make informed decisions. Data security also known as information security, therefore is the
protection of data and program in computer system (information system), related hardware and
networks against unauthorized access, modification, destruction, disclosure or transfer whether
accidental or intentional. In order to protect data, programs, related hardware and networks from
danger, harm or loss, controls are put in place. Data security has three layers namely:
 Physical security: This is the data security layer that seeks to protect the room that holds the
information system e.g. computer lab or computer room from unauthorized access and misuse
and to protect the information system (computer system), the programs and data within it from
loss, alteration, modification, unauthorized access and all related hardware from damage and
theft. This is achieved through limiting or controlling Physical contact with the information

system. Threats dealt with at this level include, viruses, Trojan horses, and worms, foot
printing, profiling, password cracking, denial of service, arbitrary code execution, unauthorized
access etc.
 Personal security: This is the data security layer that seeks to protect the individual or group
of individuals who are authorized to access the information systems. Threats dealt with at this
level include, accidents, identity theft etc.
 Networking security: This is the data security layer that seeks to protect networking
components, connections and contents. Threats dealt with at this level include, Information
gathering, sniffing, spoofing, session hijacking, denial of service etc.
Data security involves

 Protection of data against unauthorized modification.
 Protection of data against unauthorized access.
 Assurance of data integrity.
 Provision of data to authorized persons reliably.
 Setting up of procedures for allocating user rights/permissions.
 Implementing policies on how to deal with data security breaches e.g. whom to report a breach
to when it is noticed and what immediate actions should be taken.
 Educating users on the importance of security. This ensures that uses are able to detect and
avoid actions that pose as a threat to data security.
Basic characteristics of data security/ core principles or security goals
Data security addresses three important aspects or core principles namely:

Confidentiality
This is the concealment of data or resources. It ensures that computer-related assets are accessed only
by authorized parties. That is, only those who should have access to something will actually get
access. Access means not only reading but also viewing, printing or simply knowing that particular
assets exist. It is sometimes known as secrecy or privacy. In this regard, there two types of data:
 Private data: This is data that belongs to an individual and cannot be accessed or disclosed to
unauthorized person(s) without the permission of the owner.

 Confidential data: This is data that belongs to an individual or sensitive institutional

information in custody of an authorized body such as hospital or government and must not be
accessed or disclosed to unauthorized persons without the owner’s permission.
The need of keeping information secret arises from the use of computers in sensitive fields such as
government and industry e.g. military and civilian institutions in the government often restrict access
to information to those who need that information.
Concerns related to collection and use of private and confidential data are:
 Spreading information without the owner’s consent or awareness.
 Spreading inaccurate information.
 Eavesdropping and tapping of information from a communication line.
 Secretly recording and reporting user activities by using recording devices, spyware and
cookies.
Some laws governing privacy and confidentiality have been created. This laws can be summarized as:
 No secret databases: No keeping of personal data exclusively secret in government or private
organizations.
 Right of individual access: An individual must be able to find out what information about
themselves is recorded and how it is used.
 Right of consent: Information obtained for one purpose cannot be used for other purposes
without owner’s consent.
 Right of correct: An individual must be able to correct or amend records of his/her
information.
 Assurance of reliability and proper use: Data must be reliable
Integrity
This refers to the trustworthiness of data or resources, and is usually phrased in terms of preventing
improper or unauthorized change. It means that assets can be modified only by authorized parties or
only in authorized ways. In this context, modification includes writing, changing, changing status,
deleting and creating.
Availability
This refers to the accessibility of an information system or data on demand. Any information system
and communication link used to access it must be efficient and functional. The aspect of availability

that is relevant to security is that someone may deliberately arrange to deny access to data or to a
service by making it unavailable. An information system may be unavailable due to power outages,
hardware failures, unplanned upgrades or repairs.
Threats
A threat is a set of circumstances that has the potential to cause loss or harm.
Types of threats
Some of the most common types of threats that might cause unauthorized modification, disclosure or
destruction of data and computer systems include:
 Human based threats
 Natural threats
 Computer based threats
Human based threats
These are a set of circumstances that have the potential to cause loss or harm to data and programs in
computer system (information system), related hardware and networks that are as a result of human
beings. A trusted employee who has access to data can use that information outside of acceptable
business requirements. Misuse of information may be due to malicious intent, an accident or
compromise by outsiders. Employees become a threat to data in the following forms:
Data leakage
This is the sending of customer records, intellectual property, employee information or other forms of
valuable data out through mediums like USB drives, cloud-based storage or webmail to unauthorized
persons.
Control measures
Control measures against data leakage include:
 Establish and enforce a well-defined privilege rights management system, restricting users’
access to sensitive data and allowing them to only perform specific functions.
 Use audit programs to enforce controls and monitor suspicious activity.
 Conduct annual training and awareness programs to educate users about insider threats.

 Destroy confidential data produced by the information system by e.g. burning or shredding etc.
use.
Data loss
This is the misplacement of data inappropriately copied to an unencrypted USB drive or laptop. Data
loss within an information system can be caused by
 Computer virus: Viruses may cause changes, deletion of data and blockage to data access.
 Unauthorized access: Unauthorized users may cause changes, deletion of data and blockage
to data access.
 Computer errors: Computer errors may cause crushing of storage locations, wrong
processing and changes of file types leading to inaccessibility.
 Accidental erasures: They lead to deletion of files.
 Vandalism: Taking away of files and computer parts without permission.
 Crashing of hard disk: leads to deletion of files
 Power failure: May lead to loss of unsaved files and corruption of storage locations.
 Data theft: Unauthorized users may steal data from the information system.
Control measures
Control measures against data loss include:

 Make regular backups
 Backup data on removable storage (secondary) media.
 Keep backup media in a different location from that of the information system.
 Setup of automatic backup intervals.
 Setup a data recovery and control measures.
 Setup commands to warn the users or remind them when executing sensitive operations such as
deletion of data from an information system.
 Use access privileges or levels for different users such that novice users may not access and
accidentally perform erroneous operations in an information system.
 Disable sensitive commands from novice users.

Data alteration/Tampering
This is the illegal modification of private or confidential data with the aim of misinforming users. It is
usually done by people who wish to conceal the truth or sabotage certain operations. Alteration
compromises the integrity of data and information making it unreliable.
Control measures
Control measures against data alteration include:
 Use data hashing and signing.

 Use digital signatures.
 Use strong authorization.
 Use tamper-resistant protocols across communication links.
 Secure communication links with protocols that provide message integrity.
 Physical access controls: These are physical barriers deployed to prevent direct contact with
systems. E.g. guards, fences, motion detectors, locked doors, sealed windows, lights, cable
protection, laptops locks; wipe cards, clogs, CCTV, alarms, etc.
 Logical/Technical access controls: These are hardware or software mechanism used to
manage access to resources and information system. They are also known as technical access
controls and include encryption, smart cards, passwords, biometrics, protocols and firewalls.
Browsing
This is the act of searching through main and secondary memory, looking for anything in particular
but being alert for any possible useful information. The browser may find files containing useful
information or ones, which contain information that help access other sensitive information.
Controls measures
Control measures against browsing include:
 Use strong of passwords and PINs: Passwords and PINs should not be something anyone
could guess, even if they had access to some of personal information. Avoid names, addresses,
and birth dates
i. If one uses words or numbers that are familiar, they should be disguised with hard-to-guess
code.

ii. Use online programs, available for free, that provide virtually unbreakable randomly generated
passwords.
iii. Make sure all passwords used include both lower-case and capital letters, numbers, and other
characters such as hyphens or asterisks.
iv. Avoid using the same password for multiple accounts. Each of your passwords should be
unique so that if one of them is compromised, the thief does not have access to anything else.
 Keep passwords and PINs safe: Never store passwords or sensitive information unencrypted
on your computer. If you have a physical "cheat sheet" of log-in information, keep it locked up.
i. Keep digital passwords, in a password manager program that is encrypted. They can also be
stored on an external hard drive that is only attached to the computer for offline backups.
ii. Avoid using auto fill, particularly for banking or credit card websites, unless the computer is
secure or never leaves the house.
 Create log in passwords for all the devices in use. All devices in use should log-in passwords
so as the information cannot be accessed in the event someone gets a hold of the device.
i. Computer security should be set up such that the computer is completely disabled or the hard
drive erased after a certain number of incorrect password attempts.
ii. Log-in passwords should be changed on a regular basis, and should not be written down
anywhere near the computer.
 Sign-off before leaving a workstation unattended: In public computing

environments, always sign-off/log-off of the computer account(s) before leaving the
workstation unattended. One may only be gone for five or ten minutes, but during this break
someone could sit down at the workstation, use the account and even change the password
Masquerading
This is the act of utilizing other people’s credentials to gain access to an information system with a
malicious intent.
Control measures
Control measures against masquerading include:
Access to computer systems and files may be restricted by use of authentication i.e. ensuring that
users are who they claim to be. There are a number of ways of authenticating them:

 Smart cards: These are plastic cards that contain a chip that can store data in an encrypted
form. These may be housed on a key fob or card.
 Biometric sensors: These are sensors that identify users by physical characteristics, e.g.
fingerprint, retina scan, facial recognition.
 Usernames: These are unique names assigned to users to authenticate them while accessing
the information system.
 Passwords: This is a code formed by combining different characters that must be keyed in so
as to access the information system
 Key: This is the traditional metal key required by the user to enter a room or to use a machine.
 Tokens: These are physical devices similar to an identification card, i.e. designed to prove the
identity of a single user. Tokens are small gadgets that typically fit on key rings and display
pass codes that change frequently.
Pretexting
This is the act of initially researching on someone else’s personal information, and later using the
information obtained to bait the victim to release more sensitive information, such as a credit card
number or social security number. The schemer calls the victim and lead the victim to believe it is a
legitimate business that requires this information. Most people tend to believe them, since they have
their name, address, and telephone number.
Control measures
Control measures against pretexting include:
 Filter emails: Set up some criteria that will root out unwanted email messages. This ensures
that one does not interact with suspicious email.
 Awareness training: Educate the people of interest on pretexting and how to protect
themselves against it.
 Policies: Establish a policy to handle suspected pretexters e.g. state what happens when a
pretexter is caught.
Tailgating
Also referred to as piggybacking, this is the act of seeking entry to a restricted area secured by
unattended, electronic control, simply walks in behind a person who has legitimate access. The term

tailgating is used when the unauthorized person follows a person to a restricted area without the
consent the authorized person while the term piggybacking implies consent of the authorized person.
Tailgaters or Piggy backers have various methods of breaching security. These may include:
 Secretly following an individual authorized to enter a location, giving the appearance of being
legitimately escorted.
 Joining a large crowd authorized to enter, and pretending to be a member of the crowd that is
largely unchecked.
 Finding an authorized person who either carelessly disregards the law or the rules of the
facility, or is tricked into believing the tailgater or piggy backer is authorized, and agreeably
allows the tailgater or piggy backer to tag along.
Tailgating or piggybacking can be regarded as one of the simpler forms of social engineering.
Control measures
Control measures against tailgating include:
 Awareness training: Explain the risks associated with tailgating and why staff should never
open the door for someone they do not know.
 Policies: Develop policy A policy with clear guidelines about tailgating and a procedure that
details what to do when an unauthorized person gains entry will empower your staff to prevent
access and handle tailgating situations if they arise.
 Access control: Use access control systems to ensure only authorized persons have access to
specific areas. Set different levels for each person to restrict and monitor access to specific
areas at specific times.
 Use visitor badges: Visitors and temporary employees should wear clear identification to
indicate they are authorized to be in the facility.
 Use video surveillance: Install a video surveillance system throughout the facility, including
areas such as entrances and secure rooms. This will act as a deterrent and help identify the
suspect if they successfully enter. A verified, live monitored video will also provide the
benefit of immediate police dispatch if a criminal does gain entry.

 Reception Staff: Have a staffed reception area so as to provide great customer service and also
prevent unauthorized persons from gaining entry to the building by tailgating. The reception
staff can monitor who is entering the building and also make sure everyone, including
employees, use their own access card to enter, rather than tailgating.
 Use laser sensors: Laser sensors can detect multiple people thus deterring tailgating.
 Use security guards: Security guards can visually confirm a badge matches the holder.
 Use turnstiles: Turnstiles serve as a good physical barrier and good for high volume traffic.
Use biometrics: Biometric systems deter people from sharing credentials.
 Use man traps: Use man traps and air locks since they require a double set of identification.
The key to tailgating is the implementing multiple levels of security controls.
Shoulder surfing
This is the act of using direct observation techniques such as looking over someone's shoulder, to get
information. It is commonly used to obtain passwords, PINs, security codes, and similar data.
Control measures
Control measures against shoulder surfing include:
 One should be aware of the surroundings and those within it.
 One should limit access to confidential information.
 Avoid accessing confidential information in the presence of others.
 Don not use corporate laptops in public places. If you need to, sit with your back against a
wall to hinder shoulder surfers.
 Do not leave passwords out for all to see, do not give them to strangers or give them over
phone or email.
 When away from the computer, one must lock the computer system by hitting the windows
key and “L”.
Theft
This is the act of taking away computers, hard disks and other valuable computer accessories. Theft
can be physical or logical. Physical theft includes breaking into an information system environment

and forcefully taking away the computer system hardware such as storage devices without permission.
Logical theft includes remote crimes such as hacking into an information system and performing
illegal operations such as copying of data or modification.
Control measures
Control measures against physical theft include:
 Establish and enforce a physical security system. Strong physical security includes access
control policies and procedures; physical barriers (e.g., fences, doors, locks, safes, etc.);
surveillance and alarm systems; and security breach notification, response, and system
recovery procedures.
 Hire security guards to control access to the building or computer room. The people allowed to
the entry into the computer room should be clearly identified e.g. by pinning on their
identification badges. The number of such people should be minimal.
 Reinforce weak access points like the windows, door and roofing with metallic grills and
strong padlocks.
 Motivate workers so that they feel a sense of belonging in order to make them proud and
trusted custodians of the company resources.
 Insure the hardware resources with a reputable insurance firm.
Trespassing
This is the illegal access to a protected building
Control measures
Control measures against trespassing include:
 Put up signs: Put up “No Trespassing” and “Private Property” signs since it is possible that
people might not even know they are trespassing in the first place, especially if the property is
not fenced in.
 Create borders: Another great way to keep people off the building is to create borders around
it.
 Install security cameras: Install security cameras to protect the building from criminal
activity through remote monitoring while away.

Information disclosure
This is the unwanted exposure of private data. For example, a user views the contents of a table or file
he or she is not authorized to open, or monitors data passed in plaintext over a network. Some
examples of information disclosure vulnerabilities include the use of hidden form fields, comments
embedded in Web pages that contain database connection strings and connection details, and weak
exception handling that can lead to internal system level details being revealed to the client. Any of
this information can be very useful to the attacker.
Control measures
Control measures against information disclosure include:

 Use strong authorization.
 Use strong encryption.
 Secure communication links with protocols that provide message confidentiality.
 Do not store secrets (for example, passwords) in plaintext.
Industrial/commercial espionage or data theft
This is the act of obtaining confidential information from within companies and other commercial
organizations through spying, in an effort to gain some advantage, to the disadvantage of the
organization being spied on. It is spying on a competitor to get information that can be used to cripple
the competitor. The spies can be employees who are on the verge of leaving or on site contractors.
Control measures
Control measures against industrial/commercial espionage or data theft include:
 Physical access controls: These are physical barriers deployed to prevent direct contact with
systems. E.g. guards, fences, motion detectors, locked doors, sealed windows, lights, cable
protection, laptops locks; wipe cards, clogs, CCTV, alarms, etc.
 Logical/Technical access controls: These are hardware or software mechanism used to
manage access to resources and information system. They are also known as technical access
controls and include encryption, smart cards, passwords, biometrics, protocols and firewalls.
 Shred documents: Since a majority of information stolen is in the physical form, all
documents should be shred before they are discarded. A regular shredding process will prevent
essential organizational information from being stolen.

 Avoid printing proprietary information: Do not print sensitive organizational information

unless it is absolutely necessary. Then immediately place the information in a secure envelope
or place until it reaches the intended party. Information lying around on a desk may be easily
copied, photographed, or stolen. Companies should change their policies in order to prevent
this occurrence.
 Physical security: Secure all necessary printed documents in a locked file cabinet. Keep the
cabinets locked when the cabinets are not in use. This prevents employees or other parties from
stealing documents or copying documents.
 Use copy proof technology: Use technology that prevents documents with sensitive company
information from being copied. Common solutions might be a program like Adobe Acrobat, or
PageMaker, allowing the organization to watermark or otherwise protect its documents from
duplication.
 Set enterprise rights management: Set access controls within software indicating authorized
parties that are allowed to print specific runs of specific documents. This will prevent
individuals from carelessly printing materials which may expose the company to unnecessary
risks.
 Use print encryption: Protect sensitive company information by using print encryption. When
a document is printed, it hides sensitive information in the print fields where the encryption
occurs. The information encrypted may only be viewed by individuals who possess the
authority to view the information.
Identity theft
This is the act of stealing a person’s identity and pretending to be that person by assuming that
person's identity, usually as a method to gain access to resources or obtain credit and other benefits in
that person's name. Some of the methods used for identity theft include:
 Mail theft: Mail theft occurs when someone targets the victim’s mailbox and removes mail
that has pertinent information on it. As in dumpster diving, a thief can take the victim’s credit
card bills, bank statements; anything that can be used to steal the victim’s identity.
 Stealing personal Items: Identity thieves can also obtain the victim’s personal information by
stealing the victim’s wallet or purse.

 Information diving: An employee goes through someone else’s garbage to obtain personal
identifiable information off items found in the trash, such as credit card bills, utility bills,
medical insurance, and bank statements.
 Pharming: This is the act of redirecting users to fake web pages even when individuals type
correct web page address into the web browser.
Control measures
Control measures against identity theft include:
 Destroy private records and statements: Tear up or shred credit cards statements,
solicitations, and other documents that contain private financial information.
 Secure your mail: Empty the mailbox quickly, lock it or get a P.O. box so criminals don’t
have a chance to steal credit card information. Never mail outgoing bill payments and checks
from home. They can be stolen from your mailbox and the payee’s name erased with solvents.
Mail them from the post office or another secure location.
 Do not leave a paper trail: Never leave ATM, credit card or gas station receipts behind.
 Never let your credit card out of your sight: Worried about credit card skimming? Always
keep an eye on your card or, when that’s not possible, pay with cash.
 Know who you are dealing with: Whenever anyone contacts you asking for private identity
or financial information, make no response other than to find out who they are, what company
they represent and the reason for the call. If you think the request is legitimate, contact the
company yourself and confirm what you were told before revealing any of your personal data.
 Be more defensive with personal information: Ask salespeople and other if information such
as Social Security. Ask anyone who does require your Social Security number or driver’s
license number if it is absolutely necessary and about their privacy policy and that you do not
want your information given to anyone else.
 Monitor your credit report: Obtain and thoroughly review your credit report at least once a
year to check for suspicious activity. If you find something, alert your card company or the
creditor immediately. You may also look into credit protection services, which alerts you any
time a change takes place with your credit report.
 Review your credit cards statements carefully: Make sure you recognize the merchants,
locations and purchases listed before paying the bill.
 One should never give out his or her Social Security number or PINs. Treat them as
confidential information.
 One should commit all passwords to memory. One should never write them down or carry
them around.
 When using an ATM machine, one should make sure no one is hovering over and can see the
password being entered.
Natural threats
These are environmental hazards to information and computer systems which include
Fire
This is the most serious and costly environmental hazard. It destroys data, information, software and
hardware.
Control measures
Control measures against fire include:

 Fire proof cabinets and lockable metal boxes for floppy disks.
 Acquiring fire extinguishers in readiness.
 Installation of smoke detectors.
 Training of staff members on how to respond to a fire and regularly performing fire drills.
 Observation of safety procedures e.g. avoids smoking in computer rooms.
 Have a good sitting of exit signs.
Lighting, electricity and electrical storms
This causes power failure which can cause damage to data which have not been transferred to
permanent storage media devices.
Control measures
Control measures against lighting, electricity and electrical storms include:

 Use of uninterrupted power supply (UPS).
 Have standby power generators/source.
 Have lightening arrestors in the building.

 Use of power stabilizers to control power fluctuations.
Water/flood and moisture
This causes the metallic component of the computer to rust.
Control measures
Control measures against water/flood and moisture include:

 Setting up computer rooms on higher grounds to avoid floods and humidity.
 Have an adequate drainage system.
 Use of water proof ceiling and floors.
 Avoid installation of components in the basement.
Excessive heat or temperature, dust and smoke

Excessive heat or temperature, dust and smoke from, within or outside the computer system can
destroy computer storage media or devices.
Control measures
Control measures against excessive heat or temperature, dust and smoke include:
 Have an efficient ventilation system.
 Installation of cooling systems in the computer rooms e.g. fans and air conditioners.
 Have dust mats, double door and monitoring devices to prevent entry of dust.
 Regularly blow computers, as part of routine maintenance, to get rid of accumulated dust.
Terrorist attack
This includes activities such as political terrorists e.g. bombs, criminal activities, individuals with
grudges and people intending to cause general disruptions.
Control measures
Control measures terrorist attack include:

Include:
 Control physical access to the building housing the computer room

 Terrorism triggering activities should be avoided e.g. exploitation of staff members etc.

 Consult with police and fire authority about potential risks and cooperation.
General control measures for natural threats

These are control measures that are applicable to all natural threats. They include:
 Create replicas of data/information backups in separate and remote environments.
 Always store data/information in areas which are not prone to natural disasters.
 Always store data/information in networks.
 Always build information systems with structures that can withstand natural disasters.
 Always provide a conducive computing environment for information systems free from high
and very low temperatures, magnetic fields, dust, water, foods, smoke and moisture.
Computer based threats or computer crimes
Computer based threats are also known as computer or cybercrimes. They are illegal activities
committed by the use of computers and the internet. Cyber criminals identify vulnerable computers
systems, gain access into them and acquire privileges they should not have, avoid detection and
perform a malicious act. A person who exploits a vulnerability within a computer system perpetrates
an attack on the system.
Anatomy of an attack
Survey and access Exploit and penetrate Escalate privileges
Maintain access Launch attack
Figure 2: Basic Steps of a cyber-attack

 Survey and assess: The first step an attacker usually takes is to survey the potential target to
identify potential vulnerabilities and entry points. The attacker uses the information gathered in
the survey and assess phase to plan an initial attack.
 Exploit and penetrate: Having surveyed a potential target, the next step is to exploit and
penetrate.
 Escalate privileges: After an attacker has manage to compromise the information system or
network, perhaps by injecting code into an information system or creating an authenticated
session he or she immediately attempt to increase his or privileges by looking for
administration privileges provided by accounts that are members of the administrators group.
 Launch attack: The attacker launches the attack against the information system.
 Attackers who cannot gain access often mount a denial of service attack to prevent others from
using the application. For other attackers, the denial of service option is their goal from the
onset.
 Maintain access: Having gained access to a system, the attacker takes steps to make future
access easier and to cover his or her tracks. Common approaches for making future access
easier include planting back-door programs or using an existing account that lacks strong
protection. Covering tracks typically involves clearing logs and hiding tools. As such, audit
logs are a primary target for the attacker.
A computer can be subject of an attack and or the object of an attack. As the subject of an attack the
computer is used as an active tool to conduct an attack or commit a computer crime while as the object
of an attack, the computer is the entity being attacked.
Categories of computer crime
Computer crime is broadly categorized into three categories namely;
 Individual: This is the type of computer crime committed against an individual. It can be in the
form of cyber stalking, distributing pornography, cyber bullying, identity theft etc.
 Property: This is the type of computer crime committed against personal or corporate property.
Cyber world criminals resort to stealing and robbing of person’s bank details and siphon off

money; misuse the credit card to make numerous purchases online; run a scam to get naïve
people to part with their hard earned money; use malicious software to gain access to an
organization’s website or disrupt the systems of the organization. The malicious software can
also damage software and hardware.
 Government: This is the type of computer crime committed against governments and
commonly referred to as cyber terrorism. Cyber criminals hack government websites, military
websites or circulate propaganda. The perpetrators can be terrorist outfits or unfriendly
governments of other nations and If successful, this category can wreak havoc and cause panic
amongst the civilian population.
Computer criminals
Computer criminals can be classified into four main groups namely:
 Hackers and crackers: A hacker is a person who gains unauthorized access to an information
system with good intents while a cracker gains unauthorized access to an information system
with malicious intentions.
 Fraudsters: These are mostly former employees of the company or outsider who use their
knowledge to cheat or defraud with intension acquiring goods, services or cash.
 Terrorists: These are persons or organizations that work towards crippling the information
infrastructure by attacking expensive installations like satellite stations, server rooms and
building in order to wage an economic warfare or to hurt people.
 Thieves and trespassers: These are people who physically break into a room with the
intention of stealing hardware and software resources such as storage devices.
A computer criminal must have three things in order to launch an attack against another computer.
They include
 Method: These are the skills, the knowledge, the tools and other things with which to be able
to carry out the attack
 Opportunity: This is the chance, time and access to accomplish the attack.
 Motive: This is a reason to want to carry out the attack.

Deny any of these three things and the attack will not occur.
Types of computer based threats

The most common and economically damaging computer crimes include:
Data manipulation
This is the manipulation data transactions e.g. they can create dummy/ghost employees on the salary
file or supplier on the purchases file by data entry clerks.
Control measures
Control measures against data manipulation
Program alteration
This is the embedding of a secret code or application within a genuine program with malicious intent.
This is done by people with excellent programming skills. Examples include; application and
embedded secret or salami attack and replay attack.
Control measures
Control measures against program alteration include:
 Security patch: This is piece of code that is added software so as to enhance its security
feature.
 Application controls: These controls are specific controls unique to each computerized
application, such as payroll or order processing. They include both automated and manual
procedures that ensure that only authorized data are completely and accurately processed by
that application. Application controls can be classified as: -
i. Input controls: Check data for accuracy and completeness when they are entered in to
the system.
ii. Processing controls: Establish that data are complete and accurate during updating.
iii. Output controls: Ensure that the results of computer processing are accurate, complete
and properly distributed.
 Implementation controls: These controls audit the systems development process at various
points to ensure that the process is properly controlled and managed.

 Employ software metrics and rigorous software testing. Ongoing use of metrics allows the
information system department and end users to jointly measure the performance of
information system and identity problems as they occur.
Computer errors and accidents

This is the occurrence of an incorrect results produced by the computer. They can be caused by user
errors such as incorrect entry of data values, or pressing the wrong keys, users accessing files or parts
of an application that they are not supposed to and program bugs, errors in the logic of the program.
Control measures
Control measures against computer errors and accidents
Computer hardware and software faults
Faults within the computer hardware is the malfunctioning of computer system’s hardware parts
especially the storage media while faults within the computer software are bugs which may lead to
output of wrong results.
Control measures
Control measures against computer hardware and software faults include:
 Thoroughly test the software for any algorithmic errors during development and
implementation of the software to avoid logical errors.
 Always run both software and hardware diagnostic utilities.
 Always create backups especially for sensitive data/information.
 Always contain the hardware damaging environmental conditions such as heat, dust, magnetic
fields, smoke and dampness.
Computer time theft
This is the use of organization’s computers to do person work e.g. they may produce publications for
selling using company’s computers.
Control measures
Control measures against computer time theft
 Use fire walls to filter network traffic i.e. block site whose access interferes with the
employees’ performance e.g. face book, twitter and YouTube.
 Enforce a performance evaluation policy.

 Create awareness in regard to working hours and work breaks and what is expected of the
employees.
Information gathering
Network devices can be discovered and profiled in much the same way as other types of systems.
Attackers usually start with port scanning. After they identify open ports, they use banner grabbing
and enumeration to detect device types and to determine operating system and application versions.
Armed with this information, an attacker can attack known vulnerabilities that may not be updated
with security patches.
Control measures
Control measures against information gathering include:
 Configure routers to restrict their responses to foot printing requests.

 Configure operating systems that host network software (for example, software firewalls)
to prevent foot printing by disabling unused protocols and unnecessary ports.
Sabotage
This is interfering with a system with a view to rendering it unusable, slowing it down or causing it to
output errors. It is the malicious destruction of the system or data which involves destroying or altering
of data in the computer system that would otherwise be critical to the organization by employees or
other people with grudges. The organizations employees may be dissatisfied with the current running
of the organization and may resort to sabotage. They can even destroy computer systems containing
sensitive information that the organization depends on for its business survival.
Control measures
Control measures against sabotage include:
 Conduct employee background checks: For every potential hire perform a background
check. This can reveal a criminal record, suspicious references, and lies on resumes. Doing a
credit probe could show poor financial management. Better to know these things up front than
to discover you have hired a convicted embezzler.

 Reinforce codes of conduct: Put a code of conduct in place. At a minimum it will add weight
to your disciplinary response (or court claim) if an employee abuses the rules. At best it
inhibits bad behaviors by pointing out what is expected, and the consequences of breaching
procedures. Include sections on ethical activities, confidentiality and whistleblowing.
 Keep private conversations private: Sometimes staff will go to coffee shops or other public
venues to talk business. Make sure they know that loose lips can sink ships. Speaking loudly
on mobile phones in public poses the same risk. You never know who’s nearby. Employees are
particularly exposed if their clothing or accessories show the name of the company. In
addition, blurting out secrets on non-secured instant messaging or email apps is asking for
trouble.
 Improve the security of premises: Install an adequate security system, e.g. video cameras in
strategic locations. Also an alarm monitoring system and locks on private file cabinets. Do not
forget the basics either, such as not leaving important documents lying around.
 Set access levels: Only key people should be able to access critical documents. Sensitive
material should be password guarded or protected by fingerprint, retinal scan, or other such
mechanism. Computer ports can be blocked from portable USB drives that might contain
malware or be used to download files.
 Perform ethical hacking: Contract an ethical hacker to break into the organization’s
information systems. Have them probe everything from your server and website to wireless
devices. Find out what steps to take and how much it will cost to cover security gaps.
 Restrict apps users can install: Increasingly organizations are allowing staff to bring their
own devices to work. Unfortunately, many apps for personal use have lax privacy policies.
Some actively spy on the user’s locations, contacts and transactions. Though costlier, it might
be wiser to issue devices for business purposes only.
 Enforce the social media policy: Have a clear social media policy and monitor online
activities so as to detect social media abuses. The policy should act as a guide on what
employees can and cannot do on social media.

 ICT tools: Use IT tools that allow you to set thresholds and alerts when there are unexpected
activities inside the network to aid in the detection of possible sabotage events and have good
security protocols in place including anti-virus programs, firewalls, logging tools, and
requiring good security practices like locking workstations.
 Think ahead: Being proactive is the best defense against sabotage. Prepare yourself for the
worst. As well, develop a disaster and emergency recovery plan cost of waiting until crisis
mode could be too high for your business to survive.
Spoofing
This is the act of gaining access to an information system by using a false identity thereby gaining an
illegitimate advantage. This can be accomplished using stolen user credentials or a false IP address to
deceive the computer system into thinking one is who he or she is not. To create a spoofed identity, an
attacker uses a fake source address that does not represent the actual address of the packet.
Spoofing is used to hide the original source of an attack or to work around network Access Control
Lists (ACLs) that are in place to limit host access based on source address rules. Hackers misrepresent
themselves by using fake emails addresses or masquerading as someone else. It may also involve
redirecting a web link to an address different from the one intended with the site masquerading as the
intended destination.
Although carefully crafted spoofed packets may never be tracked to the original sender, a combination
of filtering rules prevents spoofed packets from originating from your network, allowing you to block
obviously spoofed packets.
After the attacker successfully gains access as a legitimate user or host, elevation of privileges
(Elevation of privilege occurs when a user with limited privileges assumes the identity of a privileged
user to gain privileged access to an application. For example, an attacker with limited privileges might
elevate his or her privilege level to compromise and take control of a highly privileged and trusted
process or account) or abuse using authorization can begin. Some of the most common spoofing
methods include:
 IP address spoofing attacks: In this spoofing attack, an attacker sends IP packets from a false
source address in order to disguise itself. Denial-of-service attacks often use IP spoofing to
overload networks and devices with packets that appear to be from legitimate source IP
addresses.

 ARP (Address Resolution Protocol) spoofing attacks: ARP is a protocol that is used to
resolve IP addresses to MAC (Media Access Control) addresses for transmitting data. In an
ARP spoofing attack, a malicious party sends spoofed ARP messages across a local area
network in order to link the attacker’s MAC address with the IP address of a legitimate
member of the network. This type of spoofing attack results in data that is intended for the
host’s IP address getting sent to the attacker instead. Malicious parties commonly use ARP
spoofing to steal information, modify data-in-transit or stop traffic on a LAN. ARP
spoofing attacks can also be used to facilitate other types of attacks, including denial-of-
service, session hijacking and man-in-the-middle attacks. ARP spoofing only works on local
area networks that use the Address Resolution Protocol.
 DNS server spoofing attacks: The Domain Name System (DNS) is a system that associates
domain names with IP addresses. Devices that connect to the internet or other private networks
rely on the DNS for resolving URLs, email addresses and other human-readable domain names
into their corresponding IP addresses. In a DNS server spoofing attack, a malicious party
modifies the DNS server in order to reroute a specific domain name to a different IP address.
In many cases, the new IP address will be for a server that is actually controlled by the attacker
and contains files infected with malware. DNS server spoofing attacks are often used to
spread computer worms and viruses.
Control measures
Control measures against spoofing include:
 Use packet filters: Packet filters inspect packets as they are transmitted across a network.
They are useful in IP address spoofing attack prevention because they are capable Filtering
incoming packets that appear to come from an internal IP address within the organizational
network perimeter, filter outgoing packets that appear to originate from an invalid local IP
address and blocking packets with conflicting source address information.
 Use spoofing detection software: There are many programs available that help organizations
detect spoofing attacks, particularly ARP Spoofing. These programs work by inspecting and
certifying data before it is transmitted and blocking data that appears to be spoofed.

 Use cryptographic network protocols: Transport Security Layer (TSL), Secure Shell (SSH),
HTTP Secure (HTTPS) and other secure communications protocols bolster spoofing attack
prevention efforts by encrypting data before it is sent and authenticating data as it is received.
 Avoid trust relationships: The organization should develop protocols that rely on trust
relationships as little as possible. It is significantly easier for attackers to run spoofing attacks
when trust relationships are in place because trust relationships only use IP addresses for
authentication.
Session hijacking/Man in the middle attacks

Also known as man in the middle attacks, session hijacking deceives a server or a client into
accepting the upstream host as the actual legitimate host. Instead the upstream host is an attacker's host
that is manipulating the network so the attacker's host appears to be the desired destination.
Control measures
Control measures against Session hijacking or Man in the middle attacks
 Use encrypted session negotiation.

 Use encrypted communication channels.
 Stay informed of platform patches to fix TCP/IP vulnerabilities, such as predictable packet
sequences.
Denial of Services Attack (DOS)
This is an attack that is launched by another system, as when one system sends an over whelming set
of messages to another, virtually shutting down the second system’s ability to function. Denial of
service denies legitimate users access to a server or services. It is easy to launch and difficult to track.
The aim of the attack is to send more requests to a server than it can handle.
Control measures
Control measures against denial of service attack include:
 Harden the TCP/IP stack by applying the appropriate registry settings to increase the size of the
TCP connection queue, decrease the connection establishment period, and employ dynamic
backlog mechanisms to ensure that the connection queue is never exhausted.

 Use a network Intrusion Detection System (IDS) because these can automatically detect and
respond to denial of service attacks.
 High availability computing: These are information systems that try to minimize downtime.
Down time being the periods of time in which an information system is not operational. They
help firms recover quickly from a system crash. They consist of backup servers of processing
across multiple servers, high capacity storage and good disaster recovery and business
continuity plans, an extremely robust computing platform with scalable processing power
storage and bandwidth.
 Recovery oriented computing: These are information systems that recover rapidly when harm
occurs. They are designed to recover quickly and implement capabilities and tools to help
operators pinpoint the sources of faults in multi component systems and easily correct their
mistakes.
 Deep Packet Inspection (DPI): This is technology that helps to control network traffic,
bandwidth consuming applications such as file sharing programs, internet phone service and
online video are able to clog and slow down corporate network. Deep Packet Inspection
examines data files and sorts out low priority online material while assigning higher priority to
business critical files. Based on the priorities established by a network’s administrators, it
decides whether a specific data packet can continue to its destination or should be blocked or
delayed while more important traffic proceeds.
Buffer overflows
Buffer overflow vulnerabilities can lead to denial of service attacks or code injection. A denial of
service attack causes a process crash; code injection alters the program execution address to run an
attacker's injected code. The following code fragment illustrates a common example of buffer
overflow vulnerability.
Control measures
Control measures against buffer overflows include:
 Perform thorough input validation.

 When possible, limit your application's use of unmanaged code, and thoroughly inspect the
unmanaged Application Programming Interfaces (APIs), an API is a set of
commands, functions, protocols, and objects that programmers can use to create software or

interact with an external system. APIs to ensure that input is properly validated. Inspect the
managed code that calls the unmanaged API to ensure that only appropriate values can be
passed as parameters to the unmanaged API.
 Use the GS flag to compile code. The GS flag causes the compiler to inject security checks into
the compiled code.
Brute force attacks

Brute force attacks rely on computational power to crack hashed passwords or other secrets secured
with hashing and encryption.
Control measures
Control measures against brute force attacks include:
 Use strong passwords.

 Use hashed passwords.
This slows down the attacker considerably and allows sufficient time for countermeasures to be
activated.
Cookie replay attacks
This is a type of attack where the attacker captures the user's authentication cookie using monitoring
software and replays it to the application to gain access under a false identity.
Control measures
Control measures against cookie replay include:
 Use an encrypted communication channel provided by SSL whenever an authentication

cookie is transmitted.
 Use a cookie timeout to a value that forces authentication after a relatively short time
interval. Although this doesn't prevent replay attacks, it reduces the time interval in which
the attacker can replay a request without being forced to re-authenticate because the session
has timed out.
Cyber terrorism
This is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale
disruption of computer networks, especially of personal computers attached to the Internet, by the

means of tools such as computer viruses. Cyberterrorism can also be defined as intentional use of
computers, networks, and public internet to cause destruction and harm for personal objectives which
may be political or ideological.
Types of cyber terrorism
 Intrusion: These are the types of attacks are carried out with the purposed of gaining access or
penetrating into computer systems and networks to get or modify information.
 Destruction: These are the types of attacks where information systems are compromised with
the main purpose of inflicting severe damage or destroying them.
 Disinformation: These are the types of attacks where rumors or information that can have
severe impact to a particular target is spread. Regardless of whether the rumors are true or not,
the use of such attacks creates uncontrollable chaos to the nation or the organization.
 Denial of service: These are the types of attacks whose main objective is to disable or disrupt
the online operations by flooding the targeted servers with huge number of packets (requests)
which would ultimately lead to the servers being unable to handle normal service requests from
legitimate users.
 Defacement of web sites: These are the types of attacks whose main objective is to deface
target websites. The websites can either be changed totally to include propaganda messages
from the cyber terrorists or for publicity or a redirect to other websites with similar messages.
Control measures
Control measures against cyber terrorism include:
 Pursue and prosecute the perpetrators: The parties that have been directly affected by cyber
terrorists should be more aggressive in pursuing the perpetrators. if they are able to identify the
perpetrators and prosecute them to the full extent of the law. If there is an increasing number of
such attackers being brought to book, then the general mindset of the cyber terrorist
community may change and terrorists will need to think long and hard before launching an
attack.
 Develop best security practices: Organizations should ensure that they develop and deploy a
tested set of best security practices suited specifically for their own operations.
 Be proactive: Organizations and the general public should be more proactive in dealing with
cyber terrorism by being constantly aware of the various components of cyber terrorism that

could directly affect them, thus being in a position to implement stronger security measures
that would reduce the chances of cyber-attacks from happening to us.
 Implement multilevel security: Organizations should deploy multi-level security architecture
instead of a single-tier one in order to protect themselves better.
 Deploy Vital Security Applications: The use of security applications such as firewalls,
Intrusion Detection Systems (IDS), anti-virus software and others should be encouraged and in
some cases, mandated to ensure better protection against cyber terrorism.
 Establish business continuity and disaster recovery plans: It is important that business
continuity and disaster recovery plans should be in place in all organizations. These plans,
should be established, maintained, rehearsed and tested at regular intervals to ensure their
effectiveness.
 Increase security awareness: Security training programs will aid organizations equip
themselves with the right skills and knowledge needed to protect their computer and networks
systems effectively.
Cyber war
This is the act of a nation, state or international organization, attacking and attempting to damage
another nation's computers or information networks through, for example, computer viruses or denial-
of-service attacks.
Control measures
Control measures against cyber war include:
 Setup emergency response team who can detect and respond to attack campaign 24x7 as long
as is required. Cyber-attacks should not be absorbed but dealt with vigilantly. The response
team should be equipped with skills to investigate who the attackers are and what their
motivation is.
 Catalog all of the tools, techniques and methods of attack used by attack used by hackers in
previous campaigns and use this information to guard against future breaches.
 Hire or train ethical hackers or white hats who are skilled with hacking techniques and who can
quickly detect and understand which attack tools are being used in order to anticipate the
attackers next move.

 Perform hacking counter measures in order to show where the weakness reside in a hackers’
tools of choice and exploit those weaknesses for your own defense.
 Setup a hacker and work with your internet service provider to block these attackers before
they can beach your network.
Cyber bullying
This is committing offences against individuals or groups of individuals with a criminal motive to
intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly
or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice
boards and groups) and mobile phones (SMS/MMS). Examples of cyber bullying include, nude photo
sharing, Lies and false accusations, bullied for being economically challenged, false identity profile,
encouraging self-harm or suicide, jealousy bullying etc.
Control measures
Control measures against cyber bullying include:
 Educate yourself: To prevent cyberbullying from occurring you must under-stand exactly
what it is. Research what constitutes cyber-bullying, as well as how and where it is most likely
to occur. Talk to your friends about what they are seeing and experiencing.
 Protect your password: Safeguard your password and other private information from prying
eyes. Never leave passwords or other identifying information where others can see it. Also,
never give out this information to anyone, even your best friend. If others know it, take the
time to change it now.
 Avoid posting intimate photos: Before posting or sending that sexy image of yourself,
consider if it is something you would want your parents, grandparents, and the rest of the world
to see. Bullies can use this picture as ammunition to make life miserable for you.
 Keep personal information personal. Do not reveal identifying details about yourself—
address, phone number, school, credit card number.
 Never open unidentified or unsolicited messages: Never open messages (emails, text
messages, Facebook messages, etc.) from people you do not know, or from known bullies.
Delete them without reading. They could contain viruses that automatically infect your device

if opened. Also never click on links to pages that are sent from someone you don’t know.
These too could contain a virus designed to collect your personal or private information.
 Log out of online accounts: Do not save passwords in form fields within web sites or your
web browser for convenience, and do not stay logged in when you walk away from the
computer or cell phone. Do not give anyone even the slightest chance to pose as you online
through your device. If you forget to log out of Facebook when using the computer at the
library, the next person who uses that computer could get into your ac-count and cause
significant problems for you.
 Pause before you post: Do not post anything that may compromise your reputation. People
will judge you based on how you appear to them online. They will also give or deny you
opportunities (jobs, scholarships, internships) based on this.
 Raise awareness: Start a movement, create a club, build a campaign, or host an event to bring
awareness to cyberbullying. While you may understand what it is, it’s not until others are
aware of it too that we can truly prevent it from occurring.
 Setup privacy controls: Restrict access of your online profile to trusted friends only. Most
social networking sites like Facebook and Google + offer you the ability to share certain
information with friends only, but these settings must be configured in ordered to ensure
maximum protection.
 “Google” yourself: Regularly search your name in every major search engine (e.g., Google,
Bing, Yahoo). If any personal information or photo comes up which may be used by
cyberbullies to target you, take action to have it removed before it be-comes a problem.
 Do not be a cyberbully yourself: Treat others how you would want to be treated. By being a
jerk to others online, you are reinforcing the idea that the behavior is acceptable.
 Do not respond: If someone bullies you, remember that your reaction is usually exactly what
the bully wants. It gives him or her power over you so do not respond.
 Do not retaliate: Getting back at the bully turns you into one and reinforces the bully’s
behavior. Help avoid a whole cycle of aggression.
Foot printing
This is the use of various techniques, e.g. port scans, ping sweeps, and NetBIOS enumeration to gather
valuable system-level information to help prepare for more significant attacks. The type of information

potentially revealed by foot printing includes account details, operating system and other software
versions, server names, and database schema details.
Control measures
Control measures against printing include:
 Disable unnecessary protocols.

 Lock down ports with the appropriate firewall configuration.
 Use TCP/IP and Internet protocol security (IPsec), a set of protocols that provides security
for Internet Protocol, filters for defense in depth.
 Configure IIS to prevent information disclosure through banner grabbing.
 Use an IDS that can be configured to pick up foot printing patterns and reject suspicious
traffic.
Eavesdropping/Sniffing/Wire tapping
Eavesdropping also known as sniffing is the act of monitoring traffic on the network for data such as
plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily
read all plaintext traffic. Also, attackers can crack packets encrypted by lightweight hashing
algorithms and can decipher the payload that you considered to be safe. The sniffing of packets
requires a packet sniffer in the path of the server/client communication. It can also be said to secretly
listening to the private conversation of others without their consent
Control measures
Control measures against eavesdropping include:
 Performing regular audits to identify the vulnerabilities in the information system is the best
solution to avoid heavy losses.
 Round the clock control over physical access by outsiders to the area to be protected.
 Continuous supervision/observation of all service personnel allowed into the area for repairs or
to make alterations.
 Thorough inspection by a qualified technical countermeasures specialist of all new furnishings,
decorations, or equipment brought into the area.

 Use strong physical security and proper segmenting of the network so as to prevent traffic from
being collected locally.
 Encrypt communication fully, including authentication credentials. This prevents sniffed
packets from being usable to an attacker. SSL and IPsec (Internet Protocol Security) are
examples of encryption solutions.
 Use the technical security: The technical security, also known as the sweep, is a highly
specialized service provided by expert investigators and field professionals. Using the Radio
Frequency (RF) transmitter and bug detector, investigators can discover technical surveillance
devices installed in the walls, floors, ceilings, furnishings, and accessories in the facility.
Through identification of the RF spectrum, the agents can spot the technical security
weaknesses of the surveyed area to help the company strengthen its security and safety. The
investigators can also perform a physical examination of the interior and exterior spaces above
false ceilings as well as air conditioning, heating, ventilation, and plumbing systems to obtain
physical evidence of eavesdropping.
 Use devices and techniques: Using sophisticated devices and techniques, investigators can
provide an organization a reasonable assurance of privacy against electronic surveillance
devices. The investigators can detect listening devices, phone taps, spying software, and other
digital eavesdropping equipment and tools.
 Network access control (NAC): Ensure that every connecting device is trusted before full
network connectivity is delivered.
 Use encryption: Encryption is a great defence against eavesdropping. By only using

applications and systems which use strong encryption, scramble data that is in transit over the
computer network.
Phishing
This is the practice of fraudsters acting as legitimate organizations such as banks and online payment
services send misleading emails requesting for personal and financial details from unsuspecting
recipients. It involves setting up fake website or sending email or text messages that look like those of
legitimate businesses to ask users for confidential personal data.

The message instructs recipients to update or confirm records by providing social security number
(PIN Number), banks and credit card information and other confidential data either by responding to
the email message by entering the information at a bogus web site, or by calling a telephone number.
Control measures
Control measures against phishing include:
 Response: Do not respond to unverified or unsolicited emails asking for personal information.
If you are unsure, contact the institution directly using the number provided by a phone book
search or online search directly from the institute's website. Do not contact the numbers
provided with the email.
 Shred bills and financial statements: Some criminals go through one’s garbage looking for
any papers with personal information on it. They are especially interested in anything with
one’s name or address or banking or bill account numbers. Shred these statements before
throwing them out. Ideally a cross-cutting shredder is better because it cuts the paper into
smaller pieces. Standard shredders only shred the paper into fairly wide strips that can be taped
together by a resourceful thief. Be sure to shred junk mail as well because this will contain
your name and address.
 Wallet theft: Identity thieves can steal wallets. One can reduce the chance of providing thieves
with useful information by removing all unnecessary items from the wallet, e.g. social security
card or social insurance card. Also, never write pin numbers down or leave them in the wallet.
Limit the credit cards carried in the wallet. Photocopy all documents in the wallet so as to have
a copy in case they are stolen. It's also a good idea to have a secure mailbox since thieves have
been known to steal bills and other documents directly from mailboxes.
 Monitor credit score: One should be pro-active, monitor credit score and get a credit report
from the credit report bureau. Keep an eye on bank statements so to notice unauthorized
transactions as soon as possible. If you notice anything, contact the bank immediately.
Baiting
Baiting relies on the curiosity or greed of the victim. In this attack, the attacker leaves
a malware infected CD ROM or flash drive in a location sure to be found (bathroom, elevator,

sidewalk, parking lot), gives it a legitimate looking and curiosity-attracting label, and simply waits for
the victim to use the device.
Control measures
Control measures against baiting include:
 Avoid inserting unverified storage devices into the information system.

 Ignore any storage device whose source is unknown.
Software piracy
It is a form of intellectual property theft i.e. illegal copying of software, information or data with the
intention of selling or using them without owners’ permission. Software, information and data are
protected by copyright and patent laws, e.g. music industry is worst hit by these illegal deals which
entails unauthorized copying of songs, licensed-user duplication for unlicensed users, pre-installed
software, Internet piracy, counterfeiting.
Control measures
Control measures against software piracy
 Make and enforce tough anti-piracy legislation/laws.

 Reduce the cost of software.
 Make the process of licensing of software easy.
 Encourage the usage of open source software.
 Using licenses and certificates to identify original software.
 Setting installation passwords and privileges that deter illegal installation and copying of
software.
 Educate users on the dangers of using pirated software.
 Monitor the illegal use of software over the internet and disable pirated ones automatically.
Social engineering
Social engineering is the ‘art’ of utilizing human behavior to breach security without the participant
(or victim) even realizing that they have been manipulated. It is the practice of someone in person,
either over the telephone, or computer, uses means to deceive someone else into divulging sensitive
information. Usually, social engineers know some information that lead the victim to believe they are
legitimate and give the information asked.

Control measures
Control measures against social engineering
 Always ignore unexpected calls or emails. Never consent to give away information or perform
actions if the one who called is not known or the email sent was unexpected.
 Never give out any confidential information personal or organizational information whether it
is over the phone, online, or in-person, unless you can first verify the identity of the person
asking and the need for that person to have that information.
 Embrace healthy skepticism and always be vigilant i.e. question everything. Just being aware
of common tricks puts one steps ahead of the game.
 Dispose digital data properly e.g. by shredding
 Suspicious of unsolicited contacted from individuals seeking internal organizational data or

personal information.
 Pay attention to website URLs that use a variation in spelling or a different domain.
 Verify a request’s authenticity by contacting the company directly.
 Install and maintain anti-virus software, firewalls, and email filters.
Fraud
This is the use of computer to cheat other people with the intention of gaining money or information it
is stealing by false presence. A person who does this is called fraudster.
Control measures
Control measures against fraud include:
 Screen applicants thoroughly before hiring them: It is a good idea to perform background
checks on potential employees. Cross check the applicant’s criminal history, civil history and
drivers’ license violations, and verify his/her education, past employment and references.
Hiring the right employees is the best way to stop fraud before it even happens Since
employees experiencing financial difficulties may be more prone to committing fraud, think
about requesting a credit check as well. Before performing background and credit checks, be
sure you understand and comply with any legal requirements for obtaining the applicant’s
consent.

 Implement internal controls to reduce fraud risk: implement a system that spreads and, if
possible, rotates the financial duties of the business among two or more employees. Store bank
checks in a secure location and carefully review your bank statement each month, taking
special care to look for checks made out to cash, employees or suppliers you don’t know. It’s a
good idea to have your bank mail your company’s statements to your home address, so you’re
sure you receive them before anyone else. should Insist that all employees, especially those
with financial responsibilities, take a mandatory vacation of at least one week of consecutive
days. Fraudulent employees will often resist taking a vacation out of fear that whoever does the
job in their absence will uncover the fraudulent activities.
 Be a role model and lead by example: An effective way to prevent fraud in an organization
is to create a positive work culture. It is important that the senior management serve as role
models of honesty and integrity. If the individuals at the top take a careless approach towards
organizational policies and procedures, they will invite their employees to do the same or
worse. Set clear standards from the beginning by implementing an organizational-wide written
code of conduct, and make it clear to employees that the organization has a zero tolerance
policy for employee theft. To maintain credibility, be sure to conduct a prompt and thorough
investigation of every incident.
 Implement an anonymous theft reporting system: Every organization should establish a

system that makes it easy for employees, vendors and customers to anonymously report
suspected fraudulent activities. Be sure employees understand what constitutes fraud and that
all reports are treated confidentially and without reprisal.
 Audits: Conduct regularly scheduled and surprise audits. Audits can serve as a deterrent
because when employees are aware that there will be checks of their areas, they are more likely
to stay honest. Also set up and maintain effective internal financial controls.
Skimming
This is theft that occurs when the device which reads a credit card information from the magnetic strip
on the back of the card records the card’s code numbers to another electronic storage device. This
enables the criminal to make a copy of the card. Skimming can occur through a number of different

ways, e.g. a recording device set up on an ATM machine or some sales personnel who secretly swipes
your card onto his personal digital card reader.
Control measures
Control measures against skimming include:
 Cut up expired cards, in particular, cut through the account number, chip and magnetic stripe
before disposing of the parts carefully.
 Check receipts against bank statements regularly. In case of any irregularities inform the bank
or card issuer.
 Keep financial information (e.g. bank account numbers, bank statements, ATM and sales
receipts etc., in a secure place before disposing of it carefully. This will prevent information
divers from acquiring your personal information.
 Keep your credit and debit cards in a safe place at all times. Treat them in the same way that
you would treat cash, they are a key to your account after all.
 Be aware of the people around you when using a cash machine or when paying in a store. Be
especially cautious of anyone who might be trying to watch you enter your PIN. Do not allow
yourself to be distracted when using an ATM. This is a technique used by some thieves to
capture ATM cards.
 Never let your credit card out of your sight when paying for goods.
 Never write down your PIN or disclose it to anyone even one who claims to be from your bank
or card issuer.
Spamming
This is the distribution of unsolicited e-mail (junk e-mail) to thousands or millions of people’s email
addresses without prior approval, promoting a particular product, service or a scam to get other
people's money.
Control measures
Control measures against spamming:
 Be careful who you give your email address to. This includes websites and anyone you might
email.

 Create and use disposable email addresses to sign up for websites or services that you do not
absolutely trust.
 Be sure not to open spam when you do receive it.
 Make sure your computer and computers on your network are virus and malware free.
 Make sure your website is free of malware and security vulnerabilities. If you are using a third
party script or code on your site, this usually means running the latest secure version.
 Use secure passwords for your email and hosting account to prevent hackers from guessing and
logging in.
 If your friends are sending you emails sent to a large recipient list, request that they use BCC
instead of TO or CC, so that other recipients cannot see your email address; or request they
stop including you if you do not want to receive the emails.
 Do not list your email address on your website or anywhere the public can access it.
Pharming
This is the act of redirecting users to fake web pages even when individuals type correct web page
address into the web browser. This is achieved by tampering with a website’s host file or domain name
system by a hacker so that URL address requests are rerouted to a fake or spoofed website. The main
objective of pharming is to redirect unsuspecting victims to fake websites created by the computer
criminal (cracker) so as to capture personal identifying information from victims. Victims thinking
that they are on a trusted website, are more willing to enter their personal information, such as credit
card numbers, social security numbers, and addresses. The hacker then uses that information to
commit identity theft.
Control measures
Control measures against pharming
 Check the URL of any site that asks you to provide personal information. Make sure your
session begins at the known authentic address of the site, with no additional characters
appended to it.
 Maintain effective, up-to-date virus protection.
 Use a trusted, legitimate Internet Service Provider. Rigorous security at the ISP level is your
first line of defense against pharming.

 Check out the web site certificate to determine that the site visited is legitimate.
 Block suspicious web sites automatically. A good antivirus detects and blocks fake Web sites.
Hacking/Unauthorized access
This is access to an information system by an unauthorized person and may result to Unauthorized
access occurs when the information system does not have both logical and physical security
mechanisms. In recent years the boundary between, the meaning of the terms hacking and cracking
has become blurred. In fact, most of the computer system intrusion cases today are typically referred
to as hacking when the more correct term would be cracking. The difference between the two terms
is in the intent of computer system intrusion.
A hacker also known as a white hat hacker, is an individual who breaks code and passwords in an
information system through intelligent guessing or using certain computer software. The hacker may
not have any malicious intent other than proving his or her computer wizardly, fun or penetration
testing. Hackers are motivated by the quest for knowledge or the need to find intrusion flaws.
Companies, governments, and financial institutions employ them to find flaws in systems that can be
attacked e.g. an online system.
They probe their corporate clients’ computer systems searching for vulnerabilities and weaknesses.
this is called penetration testing or ethical hacking.
Benefits of hacking
 Ethical hacking as the following benefits
 It reveals the weaknesses within the information system
 It identifies areas that need patching up. Patching is done by use of a security patch i.e. a
piece of code that is added to software so as to enhance its security feature.
 It explains past leakage incidences of data.
On the other hand, crackers also known as black hat hackers infiltrate secure information systems
by use of programs with the intention of stealing, destroying or corrupting an organization’s or
individual's private information or data files. Their motivations vary from revenge, sabotage,
information and identity theft to terrorism. Examples of cracking include:

 Password cracking: This involves recovering passwords from data that has been stored in or
transmitted by a computer system. This can be attempted manually by guessing the password
or by using software.
 Software cracking: This involves removing some software features that are deemed
undesirable by the cracker e.g. Serial numbers, hardware keys, copy protection and date
checkers.
 Deletion, modifying, copying of content and piracy.
 Introduction of passwords and viruses in the information system.
Control measures
Control measures against cracking include:
 Enforce logical and physical security mechanisms in the information system.

 Audit trial: This refers to careful study of information system by an expert in order to
establish all the weaknesses within the system that could be exploited by threats and act as
access points for criminals.
Importance of carrying out audit trail in an information system
i. For detection of illegal alteration.
ii. For detection of illegal access to the information systems.
iii. To monitor the usage of the information systems.
iv. Enable recovery of lost information.
v. Identify weak access points in the system.
 Data encryption: This is the process of transforming plain text or data into cipher text by
using a secret numerical code called an encryption key, which transforms plain data into cipher
text that cannot be read by anyone other than the sender and the intended receiver. It is the
scrambling of data in transit over a computer network with the aim of making it unreadable to
unauthorized persons. The authorized persons can only understand the message by
reconstructing the sent message to its original message by use of an encryption key
 Log files: These are system files installed in a computer system to maintain a record of how
the system is being used. They are special system files that keep a record of events on the use
of computer and resources of the information system administrators can easily track who
accessed the system when they did on the system.

 Security monitors: These are programs that monitor and keep a log file or record of
information systems access and protect information systems from unauthorized access.
 Fire wall: A firewall is a combination of hardware and software that controls the flow of
incoming and outgoing network traffic. It prevents unauthorized users from accessing private
networks. A fire wall is generally placed between the organization’s private internal networks
and distrusted external networks, such as the internet, although they can also be used to protect
one part of a company’s network from the rest of the network. The firewall acts like a
gatekeeper who examines each user’s credentials before access is granted to a network. The
firewall identifies names, IP addresses, applications and other characteristics of incoming
traffic. It checks this information against the access rules that have been programmed into the
system but the network administration. Firewalls can protect systems from:
i. Remote login: This is the act of connecting to a distant computer with the aim of
controlling it in some form, ranging from being able to view or access files to actually
running programs.
ii. Spam (electronic junk mail): This is the act of gaining access to a list of e-mail
addresses and unwanted mail.
iii. E-mail bomb: This is the act of sending the same email so many times to the same
email address until the e-mail system in use, cannot accept any more email messages.
iv. Viruses: This is a computer program that self-replicates itself in a computer unknown
to the victim and destroys or corrupts data.
Types of firewalls
i. Packet filter/network level
ii. Proxy server/proxy level/application level
iii. Application gateway
iv. Encryption gateway
v. Circuit level gateway
vi. Multi-level fire walls
 Identity management and authentication: This is identity management software that tracks
all the users and their system privileges, assigning each user a unique digital identity for
accessing the information system. It includes tools for authenticating users, protecting user

identities and controlling access to system resources. To gain access to a system, a user must
be authorized and authenticated.
 Intrusion detection systems: These are detection tools and services that protect against
suspicious network traffic and attempts to access files and databases. They generate an alarm
once they find a suspicious or an anomalous event, vandalism or system administration errors.
 Auto locking an information system that may be left idle or open.
 Auto logging off a system that may be left idle or open.
 Enforcing frequently automatic password changes for users.
 Creating and enforcing policies on information access.
 Enforcing laws that protect the owners of data and information against piracy.
 Making software cheap enough to increase affordability.
 Using licenses and certificates to identify original software.
 Setting installation passwords that deter illegal installation of software.
 Logging off correctly from the computer when one is leaving the machine.
 Choosing of passwords that are not obvious. They should at least six characters, a mixture of
characters and numbers and both upper and lower case letters.
 Keeping passwords confidential and not writing them down anywhere.
 Changing of passwords frequently.
 For highly sensitive data, such as military intelligence where the password protection is not
enough, using other methods of authenticating users, such as fingerprints, voice recognition
etc.
Information system failure
This is the malfunctioning of the information system caused by hardware failure due to improper use,
network breakdown, natural disaster, program failure, malware unstable power supply etc.
Control measures
Control measures against power failure include:

 Use fault tolerant computer systems: These are information systems that contain redundant
hardware, software and power supply components that create an environment that provides
continuous, uninterrupted service. Fault tolerant computers use special software routines or

self-checking logic built into their circuitry to detect hardware failures and automatically
switch to a backup device. Parts from these computers can be removed and repaired without
disruption to the computer system.
 Use surge protectors and Uninterrupted Power Supply (UPS): Protect computers against
brownouts or blackout which may cause physical damage or data loss by using surge protectors
and UPS.
 Develop a data center: Establish offsite storage for the organization databases so that in case
of disaster or fire accidents, the company would have backup copies to reconstruct lost data
from.
Computer errors and accidental access
Errors and accidental access to data and information may be as a result of people experimenting with
features they are not familiar with. Also people might make mistakes by printing sensitive reports and
unsuspectingly give them to unauthorized persons.
Control measures
Control measures against computer errors and accidental access include:
 Set user privileges: Give various file access privileges and roles to the end users and technical
staff in the organization.
 Set up a comprehensive error recovery strategy in the organization
Repudiation
This is the ability of users to deny that they performed specific actions or transactions. Without
adequate auditing, repudiation attacks are difficult to prove.
Control measures
Control measures against repudiation include:

 Non repudiation: This is a technique that provides protection against an individual falsely
denying having performed a particular action such as creating information, sending a message,
approving information or receiving a message. Non-repudiation is implemented by the use of
various mechanisms which include, audit trails, digital signatures, public key cryptography and
timestamps.

Malware
Malware is an acronym formed from the following two words Malicious and software for malicious
software, it is any application used to disrupt computer operation, gather sensitive information, or gain
access to private computer systems. It can appear in the form of executable code, script or active
content.
Types of malware
 Virus: This is a type of malware that is capable of copying itself and spreading to other
computers. Viruses often spread to other computers by attaching themselves to various
programs and executing code when a user launches one of those infected programs. Viruses
can also spread through script files, documents, and cross-site scripting vulnerabilities in web
apps. Viruses can be used to steal information, harm host computers and networks, create
botnets, steal money, render advertisements, and more.
 Worm: This is a type of malware that self-replicates hence clogging a computer storage and
memory. They spread over computer networks by exploiting operating system
vulnerabilities. Worms typically cause harm to their host networks by consuming bandwidth
and overloading web servers. Computer worms can also contain “payloads” that damage host
computers.
 Trojan horse: This is a type of malware that is a type of malware that masquerades as a
genuine file or program to trick users into downloading and installing malware. A Trojan can
give a malicious party remote access to an infected computer. Once an attacker has access to an
infected computer, it is possible for the attacker to steal data (logins, financial data, even
electronic money), install more malware, modify files, monitor user activity (screen watching,
key logging, etc.), use the computer in botnets, and anonymize internet activity by the attacker.
Besides traditional stealing data Trojan horses, there are new defined Trojans for some
specialized purposes:
i. Backdoor: Backdoors Trojans differ from other Trojans in that, after the installation,
it opens a backdoor which allows hacker to remotely control the system and to send
requests to his Trojan.

ii. Spyware: This is a type of malware that functions by spying on user activity without
their knowledge. These spying capabilities can include activity monitoring, collecting
keystrokes, data harvesting (account information, logins, financial data), and more.
Spyware often has additional capabilities as well, ranging from modifying security
settings of software or browsers to interfering with network connections. Spyware
spreads by exploiting software vulnerabilities, bundling itself with legitimate software,
or in Trojans.
iii. Adware: Adware is free computer software that contains commercial advertisements.
Adware programs include games, desktop toolbars or utilities. Commonly, adware is
Web-based and collects Web browser data to target advertisements, especially pop-
ups. Adware is also known as freeware and pitch ware.
 Rootkit: This is a type of malware that consists of one or more programs designed to obscure
the presence of processes and files. It has the ability to obscure processes, files and data in
registry (to Windows), making popular system tools such as "Registry Editor", "Task Manager",
"Find Files" unable to detect these files and processes. On the basis of their activity level in the
systems, there are two main kinds of rootkits namely:
i. Application level rootkits: These are rootkits that masquerade as normal applications such
as Microsoft Word and Excel. They often apply some functions such as hooking, code
injection, file faking etc. to interfere with other applications and obscure processes, files,
registry, etc.
ii. Kernel level rootkits: These are rootkits that masquerade kernel drivers such as graphic
controller or sound controller. They work at low level in the system, thus, have powerful
interference in the system.

 Ransom ware: This is a type of malware that essentially holds a computer system captive
while demanding a ransom. The malware restricts user access to the computer either by
encrypting files on the hard drive or locking down the system and displaying messages that are
intended to force the user to pay the malware creator to remove the restrictions and regain
access to their computer. Ransom ware typically spreads like a normal computer worm ending
up on a computer via a downloaded file or through some other vulnerability in a network
service.
Computer viruses
A virus is a malicious piece of code or rogue program that is written specifically to cause harm to an
information system, programs and data within the information system and related hardware. It
achieves this by replicating itself and affecting the normal running of an information system. The term
virus is used because the malicious program is designed to behave like an infection, being passed on
from program to program, file to file, computer to computer, and system to system. In many cases the
contamination remains unnoticed in its host file until a specific event triggers off its action. A
computer virus has three parts:
 Infection mechanism: This is the means through which the virus spreads, e.g. by modifying
other code to contain a (possibly altered) copy of the virus. The exact means through which a
virus spreads is referred to as its infection vector.
 Trigger: This is the means through which the virus is activated.
 Payload: This is the action that a virus carries out when activated. The payload may involve
damage, corruption and deletion of files, infection of storage devices and memory etc.
Sources of viruses
Viruses can only become active within a system if they are introduced to the system from outside and
then subsequently activated. It therefore follows that the only pathways available to viruses are;
 Contact with contaminate storage media: The use of contaminated storage media on a virus
free information system could introduce viruses into the information system.
 Pirated software: The use of pirated software introduces the risk that the software maybe
contaminated or amended to perform some other destructive function which may cause harm to

 Infected proprietary software: The introduction of viruses into software under development
and the installation of same software into an information system is a source of virus.
 Fake games: Pirated online games are a source of viruses.
 Freeware and shareware: The use of unauthentic open source software introduces viruses
into the information system.
 Illegitimate updates: Downloading illegitimate or unauthentic software updates can introduce
viruses into the information system.
 Computer crimes: Computer crimes such as cracking or sabotage of an information system
can be a source of viruses.
 Infect files: Downloading and opening infected files from the internet or as email attachments
can introduce viruses into the information system.
Where viruses hide

Viruses hide in the following places:
 Viruses can hide in the "boot" sector of any storage device.

 They can be attached to any program: shareware, commercial or public domain.
 They can be embedded in the hidden system files IO.SYS and MSDOS.SYS on the boot disk
or drive.
 They can be attached to the file COMMAND.COM on the boot disk or drive.
 They can hide in the partition table on a hard drive. The partition table does not contain
executable information, since it is attached to the master boot record which is consulted at
boot-up to determine whether to boot DOS or OS.
Classification of viruses
Computer viruses can be classified according to the following criteria:
According to target: Computer viruses can be classified according to the area of the information
system (computer system) which they infect. The type of viruses under this category include:
 Network viruses: These are viruses that infect the computer network. They distributed through
different computer networks.

 File and file boot viruses: These are viruses that open within, modify and infect an executable
or system file e.g. com, exe, bat.
 Boot sector viruses: These are viruses that infect boot sectors or a sector containing the
system disk boot program, Master Boot Record.
 Hoax viruses: These are viruses that come as email with attractive messages and launch
themselves when email is opened.
 Macro viruses: These are viruses that specifically target macro language commands in
applications like Microsoft Word, Microsoft Excel and other programs. Macro viruses can add
their malicious code to the legitimate macro sequences in an excel file.
According to the method of infecting
Computer viruses can be classified according to the way through which they contaminate or
compromise the information system (computer system). The type of viruses under this category
include:
 Resident viruses: These are viruses that (this virus when infecting PCs leaves its resident part
in RAM, which then intercepts requests from OS to targeted objects and infects them. Resident
viruses live up to the first reboot of the PC);
 Nonresident viruses: (don't infect RAM and may be active for limited time).
 Time bomb viruses: These are viruses that triggers action when specified time occurs. They lay
dormant until the trigger time is reached.
 Logic bomb: These are viruses that activate when a specified event occurs. They lay dormant
until the trigger event occurs.
 Multipartite viruses: These are viruses a virus that infects in multiple ways.
 Browser hijacker: These are viruses that take over the browser and automatically redirect the
end user to another website.
 Overwrite viruses: These are viruses that after affecting, the information system begins to
begins to overwrite applications and files on an infected device with its own code. An
overwrite virus can install new code in files and applications that programs them to spread the
virus to additional files, applications and systems.

 Polymorphic viruses: These are viruses that have the ability to change their underlying code
without changing their basic functions or features. This process helps a virus evade detection
by many antimalware and threat detection products that rely on identifying signatures of
malware; once a polymorphic virus' signature is identified by a security product; the virus can
then alter itself so that it will no longer be detected using that signature.
 Rabbit: This is a virus or worm that self-replicates without limit, with the intention of
exhausting some computing resources
 Stealth viruses: These are viruses that have that attacks operating system processes and averts
typical anti-virus or anti-malware scans. Stealth viruses hide in files, partitions and boot sectors
and are adept at deliberately avoiding detection. In order to avoid detection, stealth viruses also
self-modify in the following ways:
i. Code Modification: The stealth virus changes the code and virus signature of each
infected file.
ii. Encryption: The stealth virus encrypts data via simple encryption and uses a different
encryption key for each infected file.
According to the result of exposure

Computer viruses can be classified according to the results of their payload
 Harmless: These are viruses that clog computer memory by their replication and can have
a hidden joke, e.g. play an unwanted melody or show a picture and have no major effect on
 Hazardous: These are viruses that are capable of causing some irregularities within the
information system e.g. crashes, reboots, glitches, computer slowdown, etc. significantly
affecting the operations of the information system.
 Very dangerous: These are viruses that destroy programs, delete sensitive data, destroy
system and boot areas on infected hard disks, rendering useless afterwards.

According to their working algorithm

Computer viruses can be classified according to their executable code.
 Parasitic viruses: These are viruses that change the contents of files and disk sectors.
 Mutants viruses: These are viruses that are difficult to detect since they can change or
mutate their underlying code. Every next copy of the virus will not be like the previous
one.
 Invisible viruses: These are viruses that are difficult to detect by antimalware and other
protection mechanisms.
 Replicators viruses: These are viruses that replicate or create copies of themselves.
Symptoms of a computer infected by viruses

Viruses can cause many levels of harm to a computer system. The presence of a virus can be indicated
if one or more of the following symptoms appear on the computer.
 Unfamiliar graphics, quizzical or pop up messages appearing on screen.
 Unusual error messages frequently being displayed on the screen.
 Programs taking too long to load.
 Reduction in size of the main memory (RAM).
 File and program corruption.
 Programs not running when invoked to load.
 Self-restarting or shutting down of the computer.
 Drive access lights turning on for non-referenced devices.
 Deletion or disappearance of programs and files.
 Executable files changing size for no obvious reason.
 Sudden changes to disk volume ids, file size and names.
 Self-replication of data files and programs on screen.
 Unavailability of certain computer services, e.g. the keyboard and mouse can be disabled.
Control measures
Control measures against malware include:
 Use up to date antivirus programs to protect against malicious software. Anti-Virus software
helps prevent the spread of known viruses. They can detect infected files and remove them. For

an anti-virus to be able to detect a virus it must know its signature. The most common antivirus
software in the market today include, AntiVir, NOD32, Kaspersky, Norton, Avast, viper, Avg
and Bit Defender. Microsoft essentials, windows defender. Use virus scanners to check for
viruses. Through the process of scanning the computer for viruses with the present antivirus
software the affected files will be cleaned up and this is called disinfection of the affected files
rather than deleting them.
 Use anti-spyware tools to remove spyware, adware and other gray ware (programs that are not
necessarily malicious by may interfere with operation, e.g. practical joke programs).
 Use anti-spam features to weed out unsolicited mail.
 Regularly update the antivirus software.
 Avoid using foreign storage media on the computer before scanning.
 Always scan email attachments before opening or downloading them.
 Avoid opening suspicious software and popup messages displayed on the computer.
 Use security precautionary measures against unauthorized access to information and an
information system using supplementary security measures such as use of CAATS (Computer
Assisted Audit Trail Software).
 Stay current with the latest operating system service packs and software patches.
 Block all unnecessary ports at the firewall and host.
 Disable unused functionality including protocols and services.
 Harden weak, default configuration settings.
There is need to have controls measures in place for preserving confidentiality, integrity and
availability. Sometimes these controls can prevent or mitigate attacks; other less powerful methods can
only inform of security being compromised by detecting a breach as it happens or after it occurs. Harm
occurs when a threat is realized against a vulnerability, to protect against harm, then, a threat can be
neutralized, a vulnerability closed, or both. This can be achieved through;
 Preventing it: This is blocking the attack or closing the vulnerability. This is achieved by the
use of preventive access controls, e.g. physical barriers deployed to prevent direct contact with
systems or hardware or software mechanism used to manage access to resources and
information system.
 Deterring it: This is making the attack harder but not impossible.

 Deflecting it: This is making another target more attractive (or this one less so)
 Detect it: This sensing of a security compromise as it happens or sometime after it has. E.g. Use
of intrusion detection systems.
 Recover: This is recovering from the effects of the occurrence of harm. This is achieved by
having in place backup and recovery programs in case of damage or loss. It may happen that
security events damage information, resulting in loss to the organization or may force it to go
out of business, if it does not recover or recreate critical information in an acceptable time, hence
the need to have a business continuity plan or a business contingency plan in place.
Contingency planning is the overall planning for unexpected events It is how organization
prepare for, detect, react to, and recover from events that threaten the security of information
resources and assets. The main goal or aim of having a contingency plan is restoration to normal
modes of operation with minimum cost and disruption to normal business activities after the
occurrence of an unexpected event.
Policies and laws governing information security
Most countries have Acts of parliament, regulations, laws and policies that govern data processing
and information security. Internationally, data security issues are governed by bodies such as
International Organization for Standardization (ISO) and Information Security Forum (ISF). ISO,
a consortium of national standards institutes has published “Information technology security
technique code of practice for information security management”.
Information Security Forum (ISF) is a global nonprofit making body made up of several leading
organizations in financial services, manufacturing, telecommunications, consumer goods and
governments. The organization provides research on best practice summarized in its report
Standard of Good Practice.
ICT related Acts in Kenya
In Kenya, ICT issues are considered under various legislations including:
 The Kenya communication Act of 1988 or Kenya communication Amendment Act 2008
(Media Law).
 Science and Technology Act Cap 250 of 1977
 Kenya Broadcasting Corporation Act of 1988.
However, these acts of parliament are inadequate in dealing with issues of convergence, electronic
commerce and e-government.
Kenya ICT policy
The government has developed a national ICT policy that seeks to address issues of privacy, e-
security, ICT legislation, cybercrimes, ethical and moral conduct, copyrights, intellectual property
rights and privacy. For more information on the policy, download a portable document file (pdf) from
the government website titled National Information and Communication Technology (ICT) Policy,
Ministry of Information and Communications, January 2006) or any revised version that may be made
available from time to time.
United Kingdom Data Protection Act 1998
In the United Kingdom, the Data Protection Act 1998, protects an individual privacy. The act states
that no processing of information relating to individual privacy. The act states that no processing of
information relating to individuals, including the obtaining, holding, use or disclosure of such
information can be done without owner’s consent. This Act outlines the following measures or
principles about how personal data should be handled by anyone storing the data. These principles are
that:
 Data should not be disclosed to other people without the owner’s permission.
 Data and information should be kept secured against loss or exposure.
 Data and information should not be kept longer than necessary.
 Data and information should be accurate and up to date.
 Data and information should be collected, used and kept for specified lawful purposes.
 Data shall not be transferred to those countries which have not subscribed to the data protection
act.

United Kingdom Computer Misuse Act 1990

Computer Misuse Act 1990, a UK Act of Parliament makes computer, crime such as hacking a
criminal offence. The Act has become a model of many other countries including Kenya, which
they have used to draft their own information security regulations. This Act of Parliament relates
to:
 The unauthorized accessing of materials stored on computers: This means that any access
to materials that you do not have permission to view is against this law, as is using a computer
to access data or programs stored on other computer; this is often what people refer to as
‘hacking’ but hacking is only illegal if you do not have permission to access the data or use the
computer to access the data.
 Any access to computer material with the intention of using the information to commit
further offences is against this law: This means that if you access information, even if you
have permission to do so, with the intention of using it to commit, e.g. fraud, you are breaking
this law.
 Any unauthorized alterations you make to computer materials is against this law: This
means that if you change some materials stored on computer when you do not have permission,
then this is breaking this law; for instance, if you access someone else’s computer files and
change the contents, then you are breaking this law; also, unauthorized altering of files to make
the computer malfunction, alter its workings or damage other data breaks this law so sending a
virus is against this law.
Family Educational Rights and Privacy Act (USA)
The Family Educational Rights and Privacy Act (USA), is a USA Federal law that protects the
privacy of student’s education records. To release any information from a students’ education
record, USA schools must have written permission from the parent or the student.
Security Breach Notification Laws
Most countries require businesses, nonprofit and state institutions to notify consumers when
unencrypted “personal information” is compromised, lost or stolen.
Copyright and Software Protection laws
Hardware and software are protected by either national or international copyright, designs and
patents laws or Acts. For example, Microsoft products are protected by international copyright
law. In UK, the “Patents Act 1977, protects monopoly right to inventions”.

Enforcing information systems laws

It is difficult to enforce information systems laws for the following reasons:
 Lack of proper laws, regulations and policies governing information systems usage and
security.
 Lack of clear legal framework on how to meet punitive measures to offenders.
 Difficulty in apprehending the internet offenders/cyber criminals.
 Lack of standard laws to govern all information systems worldwide.
 It is difficult to control or censure the information or content posted on the internet.
 The availability of sophisticated software on the internet to hack or spy on other systems.
References
1. H. Otiende, J. Ndede and L. Rono (2015) A+ Revision KCSE Computer Studies. Longhorn
publishers.
2. A. Kamau (2015) High flyer series, computer studies High flyers services and publishes Ltd.
3. S. Mburu and G. Chemwa (2008) Computer Studies Book 1. Longhorn publishers.
4. S. Mburu and G. Chemwa (2004) Computer Studies Book 2. Longhorn publishers.
5. K.C Laudon and J.P Laudon (2013) Management Information System, Managing the Digital
Firm. Pearson education Ltd.
6. D.K Mulli, D. Ochieng’, J. Ndegwa, L. Maundu and W. Nyadida (2016) Top mark KSCE
Computer Studies questions and answers.

ICT Lesson 2 - Data Security and Control

Uploaded by

Copyright:

Available Formats

ICT Lesson 2 - Data Security and Control

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ICT Lesson 2 - Data Security and Control

Uploaded by

Copyright:

Available Formats

ICT and Ethics Lesson 2 – Data security and control

Data security and control

Components of an information system

Purpose of an information system

 Data processing: Organizations use information systems to support data processing by

1 Complied by Mr. P.K Munene

Types of information systems

An organization has different levels of management which include:

 Transaction Processing Systems (TPS)

The value of data

2 Complied by Mr. P.K Munene

3 Complied by Mr. P.K Munene

Relationship between a threat agent, threat, vulnerability and risk

4 Complied by Mr. P.K Munene

Gives rise to Exploit

5 Complied by Mr. P.K Munene

Data security involves

Data security addresses three important aspects or core principles namely:

6 Complied by Mr. P.K Munene

 Confidential data: This is data that belongs to an individual or sensitive institutional

7 Complied by Mr. P.K Munene

 Human based threats

 Computer based threats

Human based threats

Control measures against data leakage include:

 Use audit programs to enforce controls and monitor suspicious activity.

8 Complied by Mr. P.K Munene

Control measures against data loss include:

9 Complied by Mr. P.K Munene

Control measures against data alteration include:

 Use data hashing and signing.

Control measures against browsing include:

10 Complied by Mr. P.K Munene

 Sign-off before leaving a workstation unattended: In public computing

11 Complied by Mr. P.K Munene

12 Complied by Mr. P.K Munene

Control measures against tailgating include:

13 Complied by Mr. P.K Munene

The key to tailgating is the implementing multiple levels of security controls.

Control measures against shoulder surfing include:

 One should be aware of the surroundings and those within it.

 One should limit access to confidential information.

 Avoid accessing confidential information in the presence of others.

14 Complied by Mr. P.K Munene

Control measures against physical theft include:

This is the illegal access to a protected building

Control measures against trespassing include:

15 Complied by Mr. P.K Munene

Control measures against information disclosure include:

16 Complied by Mr. P.K Munene

 Avoid printing proprietary information: Do not print sensitive organizational information

17 Complied by Mr. P.K Munene

Control measures against identity theft include:

Control measures against fire include:

Lighting, electricity and electrical storms

Control measures against lighting, electricity and electrical storms include:

19 Complied by Mr. P.K Munene

 Use of power stabilizers to control power fluctuations.