Information and Computer Security

avatar
Created by
Dani

Cards (43)

  • Definition of Security
    security is the quality or state of being secure.
  • Computer security is the protection of computer systems and information from harm, theft and unauthorized use.
  • Types of computer security
    Information security, Application security, Mobile and computer security, Network security, Cyber security
  • Information security
    is securing information from unauthorized access, modification and deletion.
  • Application security
    is securing an application by building security features to prevent from cyber threats.
  • Mobile and computer security
    means securing a handheld devices and standalone machine by keeping it updated and patched.
  • Network security
    is done by securing both the software and hardware technologies.
  • Firewall protects networks from Internet based attacks.
  • Cyber security
    means protecting computer systems which communicate over the computer networks.
  • Computer security is mainly concerned with three main areas. These are confidentiality, integrity and availability, which are abbreviated as CIA.
  • Confidentiality
    is ensuring that information is available only to the intended audience. This often means that only authorized users and processes should be able to access or modify data.
  • Integrity
    means that data can be trusted. It should be maintained in a correct state, kept so that it may not be wrongly changed and should be correct, authentic and reliable.
  • Availability
    is ensuring that the information is available to authorized users whenever they require it.
  • Natural Threats in Computer Security
    There are many computer security threats happening due to natural causes. Natural hazards such as earthquakes, flooding or lightning storms can lead to fires, extreme temperatures and even electric shocks to your computer, causing potential physical damage and loss of data.
  • Artificial threats to computer security
    1. Denial of service (DoS)
    2. Malware attack
    3. Man in the middle
    4. Phishing
    5. Eavesdropping
    6. SQL injection
    7. Password attack
    8. Social engineering
  • Denial of service (DoS)

    DoS attacks hurt computer systems by flooding targets with requests – stopping regular users from connecting to the service.
  • DoS attacks on bank IT infrastructure, for example, could stop the bank services such as ATM and CBE Birr services.
  • Trojan horse
    A code that takes over the system to steal and damage everything on the system. Trojan horse is the type of malware that downloads onto a computer being disguised or masked as a legitimate program.
  • Virus
    A malicious code that gets into the computer program by replicating to change its functioning.
  • Key logger
    They work by recording the movement on the keyboards and mostly steal passwords and accounts’ details.
  • Worms
    An independent program that infects the computer system through network device
  • Adware
    Advertising software to spread malware. Adware has the potential to become malicious and harm your device by slowing it down, hijacking your browser and installing viruses and/or spyware.
  • Botnets
    The word botnet is formed from the words robot and network. Cyber criminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organize all the infected machines into a network of bots that the criminal can remotely manage.
  • Spyware
    A secret program that tracks all the movements of the user secretly and then uses that information against them.
  • Ransomware
    This malware locks the files and data on the system and threatens to delete them if not paid the ransom.
  • Man in the middle
    intercepting communication between the people and then stealing data from their conversation.
  • Phishing
    Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually performed through email.
  • The goal of Phishing to steal sensitive data like credit card and login information or to install malware on the victim’s machine.
  • Eavesdropping
    An eavesdropping attack occurs when a hacker intercepts, deletes or modifies data that is transmitted between two devices. is also known as sniffing or snooping.
  • SQL injection
    This is when an attacker injects an unauthorized input into the SQL statement.
  • SQL injection is only possible on websites where hackers can access the database using your ID and password.
  • Password attack
    Many hackers try to get your password by using different methods.
  • Social engineering
    Social engineering refers to creating a social situation to get information from the user like getting a call from the mobile company saying, “Your device is in danger”. You blindly trust and give out all the information without any verification.
  • Religious fundamentalists, radical political or tribal extremists, terrorist and sex traffickers and abusers have found the Internet as safe zone for their illegal attraction towards kids and youth.
  • Cyber bullying - This is ridiculing or humiliating young kids in such places as social media and online game platforms.
  • Cyber predators: Cyber predators are people who use the Internet to exploit usually younger people for sexual and other purposes.
  • Posting private information: You may not yet understand social boundaries. Thus, you may post personally identifiable information online, for example in your social media profiles that should not be out in public.
  • Online criminals: These people are good at identifying what can be appropriated.
  • Hackers: Individuals with varying degrees of expertise, often acting in an untargeted way, perhaps to test their own skills or cause disruption for the sake of it.
  • Malicious insiders: use their access to an organization’s data or networks to conduct malicious activity such as stealing sensitive information to share with competitors.