Computer Security Computer security is an important issue and threats to the computer must be countered through various access controls and safety measures. Authorized accesses, avoidance of malicious software, prevention of applications from hackers are the steps that make a system secure. The fundamentals of computer security include an understanding of security policy stating laws, practices and regulations to manage and protect sensitive information. Enforcing a devised security policy and assurance of policy implementation are other important aspects of computer security. Computer security has various characterizations. First comes the information technology (IT) security based on three key points: Confidentiality, Integrity, and Availability. …show more content…
The security threats, policies, and appropriate security mechanisms are discussed to understand the threat. The paper discusses the background of security threats and then details some of the procedures and security mechanisms for personal computers. Security Threats There are four kinds of security threats, Interception, Interruption, Modification, and Fabrication. Interception Interception is an unauthorized access to data. Interception occurs when someone else who is not supposed to listen to that conversation intercepts communication between two entities. The interception in case of computer systems is the illegal access to data communication or breaking into the private directory of the personal computer’s file system (Paulauskas and Garsva, 85). Interruption Interruption is the situation when a computer or a system’s data or services become unavailable, destroyed or corrupted and unusable. An example of interruption is the DoS (Denial of Service) attacks by malicious software that make a service or a system unavailable (Paulauskas and Garsva, 85). …show more content…
(usa.kaspersky.com) Security Policy All the four classifications of security threats are data falsification techniques that can be protected by building a secure system. In order to protect the system completely, a robust security policy must be in place. The security policy describes that which all entities are accessible and those that are prohibited. The defined entities in a security policy include users, data, file paths, services, and if on a network then machines. After constituting a policy, it becomes easy to focus on the security mechanism for enforcing the policy (Yost, 7). Security Mechanism Encryption Encryption is the basic element of computer security. Encryption process transforms data into a form that becomes unreadable for an unauthorized person or program. Encryption ensures confidentiality and integrity. Encryption is also secured against data modification. Cryptography is an encryption technique for securing data and systems so that only authorized persons can access those. An example of encryption technique includes Symmetric key-based Advanced Encryption Standard (AES) algorithm (Bishop).
Kabay, M. E., & Robertson, B. (2009). Security policy guidelines. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed.). New York, NY: John Wiley
Whitman, M. E. & Mattord, H. J. (2011) Principles of Information Security. Boston: Course Technology. (Whitman & Mattord, 2011)
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
An organization's security policy describes the company's management intent to control the behavior of their employees in relation to information security. A security policy is necessary to protect proprietary information within a company. Because security policies apply to employees at all levels in a company, they should be written at a reading level that all employees can understand. In addition, multi-lingual versions should be available for employees whose first language is not English. An organization's security policy should not conflict with the law. At a high level, an Enterprise Information Security Policy is created that supports the organization's goals and mission statement. This EISP does not require frequent changes. Within the scope of the EISP, there are also issue-specific and system-specific security policies. Issue-specific policies provide targeted direction to employees in relation to a particular technology or occurrence. System-specific policies provide managerial guidance and access control lists related to certain software or systems used by the company.
In taking a wide overview of the computer world today, it is very easy to identify possible security risks. Especially in a connected network of worldwide computers, the limitless stream of bytes and data may invite viruses and hackers into any one single computer. According to PC Magazine Online, “Intel execs say the computer industry is lagging in support of data-security initiatives.”1 The difficulty lies sometimes in predicting areas of security weakness. Sometimes seemingly secure code may be subject to innovative attacks which can compromise security.
With a rise in security breaches experienced by companies in the last few years, it is no wonder that businesses are implementing stronger security policies. Two topics that deserves to be addressed by businesses are PC protection software and external access to corporate networks. There may be no sure way to prevent attacks on the corporate network but there are steps companies can make to limit such activities. This paper will discuss the possible guidelines that companies may implement to strengthen security policies.
Program will use a risk management approach to develop and implement Information Security policies, standards, guidelines, and procedures that address security objectives in tandem with business and operational considerations. The Information Security Program will develop policies to define protection and management objectives for information assets. The Information Security Program will also define acceptable use of PCS information assets. The Information Security Program will attempt to reduce vulnerabilities by developing policies to monitor, identify, assess, prioritize, and manage vulnerabilities and threats. The management activities will support organizational objectives for mitigating, responding to and recovering from identified vulnerabilities and threats.
Privacy and security issues have become one of the top concerns among computer users in today’s market. It has become a game of survival of the fittest in protection of your security. The only true way to defend yourself is knowledge. You should prepare your self against hackers, spammers and potential system crashing viruses and web bugs. Lets focus on how you can protect yourselves from the would be thieves.
Cryptography has been used for thousands of years for storing hidden messages in writing (Davies, 1997). Cryptography itself is part of cryptology, which also includes cryptanalysis. Cryptanalysis involves the attempt to obtain the original message from an encrypted message, but without determining the algorithms or knowing the keys that created the original encrypted message. Cryptography, which is the topic of this paper, is the actual development of the encrypted messages, and using codes to create secure communication of information (Whitman & Mattord, 2011).
Security includes several areas such as personal security, organizational security and among others. Security access control is an important aspect of any system.it is act of ensuring that an authenticated user accesses only what they are authorized to and no more. Nearly all application that deal with financial, privacy, or defence include some form of access control .Access control is concerned with determining the allowed activities of legitimate uses mediating every attempt by a user to access a resource in the system.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
This chapter provides an overview of cryptography concept. It`s required to encrypt and maintain confidentiality of the information to be transmitted over the network. This is achieved through cryptography. Cryptography plays a vital role in securing the information when transmitted across the network. It helps in maintaining the integrity of the information stored on the network. Thus, security is one of the important concepts to be explored in the world of network security.
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...
Privacy exist wherever personal information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. The challenge of data privacy is to use data while safe-guarding individual's privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and utilize software, hardware, and human resources to address this issue.