Computer Security and Risk Awareness - Assignment Example

Running Head: Computer Security and Risk Awareness School Name: Abstract These days, many organizations have adopted the use of computer for storing of information and as means of communication. For example, the use of electronic mails. This method is very effective as it is more efficient and secure. Due to the increased use of computer in the communication and storage of information, there has been a need to protect this information from other users who might interfere with the content. Therefore, when designing a computer system in an organization a security system should be well chosen for the safety of sensitive information in the organization. Nowadays this has not been a major problem due to the advancement of security systems that has been very effective in data protection. They range from; Use of passwords- this hinders anyone from accessing into the computer apart from the authorized user who can use their password to log in. This is a common method to many systems and helps to ensure that no one uses the computer without the consent of the authorized user. So, files kept in the computer system are not at risk of being altered or deleted. Some records should be made to be' read only' such that people who accesses them accidentally cannot make any changes on them. This can be enhanced by also putting a password on such files such that anyone who wants to view their content have to use the password to be allowed an access to them. Some organizations that deal with very sensitive information such as the military and the FBI should also use more advanced means of data protection. This can be achieved by incorporating other extra methods of data security. This can be through the use of encryption. This method enhances the content of the files such that anyone who access them will not be able to interpret its meaning. They can also make use of the audit trail system, which helps in analysing the history of all the actions performed in the system and will help to know when the information in the computer is being altered unofficially. In more advanced system for example, those connected to the internet hacker- monitored system should be adapted to detect when information in the system is been tapped. The best security system that offers maximum security of information is the use of smart card and biometrics. Anti-virus programs should also be installed to ensure that computers are not attacked by viruses, which might replicate, delete and important files in the system or crash the system leading to the loss of information. Introduction The security of computer system has been an issue of concern since early 1940s. During those eras security of computer was achieved by the use of heavy door lockers, which were not easy to master or break through. But due to the advancement of computer technology more sophisticated means of computer security were needed to ensure the safety and security of computer systems, since the prevailing methods could not curb the problem of data hacking through the networks. This was made possible by the IBM, which realized the need to secure data from within by the use of password, which could not allow unauthorized users to have an access to the information in the computer system. As time elapsed, the level of computer technology continued to advance and the problem of computer insecurity increased which led to the development more advanced technologies to minimize and step this problem. Question One With the advancement of IT and computer technology, most companies, organization and institutions have changed from the old method of record storage to the use of computers. This is because a computer can store a lot of information, which occupies a small space as compared to the old method where information was stored in bulky files that need a big space for storage. (Hugh, 2001) The retrieval of information from a computer is also faster and easier for an authorized user but very hard for unauthorized user which helps to protect the stored information. Information stored in a computer system is safer because you can use a password so that unauthorized user cannot log in your computer system to access the information stored. In some organization that deals with some very sensitive matters, for example, military & FIB have a very advanced security system which helps to safeguard the access of sensitive files to other people who might alter their content which can bring a very big problem. (Hugh, 2001) In some other places like institution of learning sensitive files should be well secured to avoid any unofficial alterations, for example, the files containing students results should be well protected to prevent students who might change their poor grades to better ones in case they access these files. Therefore the security of computer system is very important issue to be considered in every organization because it helps solve some problem of risk that can occur when unauthorized user happen to access some sensitive information of the organization. (Hugh, 2001) Question Two As the technology advanced there was a need to improve the security system to meet the up coming security challenges this was done by: Use of Password A password prevents unauthorized user to have an access to the computer information, all unauthorized users are given a username and password to keep off unauthorized user from changing altering the original information or deleting important files. The password used by the user should be kept as a secret and should be changed after sometime interval. The passwords should also be well chosen and long to avoid mastery. Limited Access to Users by Administrator In case a network is involved, the network manager should let the authorized user have an access to a limited application programs which they frequently use and deny them an access to files with sensitive information. (Hugh, 2001) Some programs, files and folders should be protected using a password so that unauthorized users cannot change their content. Other documents apart from being protected by password should be made read only to enhance their safety. (William, 1999) Use of Back Up Important files, folders and programs should be backed up to prevent their loss in case of system crashes or a virus infection which might delete them or alter their content. These backed up information is then kept in a safe place. (William, 1999) Screen Locking This is important because it keeps off curious eyes to have an access to your information in a computer. For example, in case you happen to leave your computer on, without logging out to attend to an urgent need the screen locks and for the screen to display you must enter the password to unlock it. This keeps away onlookers accessing your work. (William, 1999) Encryption Recently most people have adapted the use of Internet to shop customers collecting what they want inside an electronic basket and then pay using their credit card. This method worries majority of people because they fear their credits cards details can be tapped and then used for unauthorized purchases. The use of encryption reduces this risk because files encryption encodes or scrambles files so that anyone who accesses such files full of data will need to access the encryption program which can be accessed only by the retailers ‘of website making that data useless to the unauthorized user.(Hugh,2001) Use of Antivirus Programs In some other computer system which is connected to the internet hacking is a major problem and a lot of security measures should observe to prevent the unauthorized user accessing the system information. This reduces the risk of data altering or implanting virus on the system which is also a problem to the computer system as viruses replicate, delete files and others can crash a system. This can result into a very big problem since important information can be lost. (Hugh, 2001) Hawking Prevention Measures Maritta (2004) defines hawking is the act of accessing the content of the computer system without been authorized. This can be done through some of the following means Computer allowed an access to an IP address Hacker steals the IP address and accesses network Disallowed access IP address Fig. A. An illustration of IP spoofing attack a). IP spoofing attack In this method the hawker determines the computer IP address which he then uses to access unauthorized materials when no one is using that computer. b).Password Attacks According to Maritta (2004) a hacker finds the password of authorized user. This occurs when the password of the user is easy to guess for example those using a password that is similar to their login names. The hawker sometimes uses a special program that tries a number of passwords until it gets the gets the right one. The worst that can happen is when they succeed to get the Password of the system administrator, this is because they can change system set ups or password of the user which will deny the authorized users access to their files. Others can even delete very important files or plant a virus to a computer system. Stern measures should be adapted to guard an access or damage of the files or programs of the computer system. This will be achieved by the use of password well chosen to minimize the chances of ID tracking and passwords which are not in use should also be deleted. (John, 2000) In some cases hacking monitoring system should be installed to alert the system administrator when private materials are accessed unauthorized. This should also be Incorporated with encryption of the content of secret files, folders or programs. The computer system should also have recovery programs which can recover important files that might have been deleted by hackers by accident. (John, 2000) c).The use of audit trail programs The use of audit trail programs will help to keep update of all actions performed that is, all the read or alteration done by a user and by analyzing such history the system administrator can detect when the information in the system is been changed unauthorized by the some users. The computer system should also be installed with the latest computer virus which helps to prevent computer being attacked by computer viruses that might damage their contents or crash the system. (John, 2000) A more effective method of securing a system is the use of smart cards where by users has to insert a smart card and enter their pin code to have an access to their system. Also the use of biometric methods that is a method whereby physical features of the user such as retina images or users finger prints are scanned. User will be allowed an access to the system once these parameters are verified. (John, 2000) Question Three The usage of a computer system determines the likelihood of the system expose to risk. For example, a computer that has only one authorized user has minimal chances of the unauthorized user accessing or altering its contents which is achieved with an effective use of password and encryption of sensitive files. However, in a situation whereby a computer is connected to network or internet the chances of information insecurity increase. This requires an advancement method to safeguard the content of the system by hawkers. It requires the system to be installed with a program that is able to monitor hacking. This helps to detect a heckler who might be tapping communication between the client and a server which might cause severe damage to the organization if the data was not well protected through encryption. This type of connection also calls for the need of the use of audit trail programmes which the computer administrator can use to establish whether sensitive materials in the computer system are accessed unauthorized done by analyzing the history of the actions performed by all the users. (John, 2000) The usage of a computer system will determine the security measures to be taken. A computer that handles sensitive information in an organization, for example, the one used by the manager or the system administrator should have very efficient measures taken to protect the risk of that information been accessed without authority. Installing many security programs in a computer system slows down the speed of execution of instructions. This is because the processor has got many instructions to process at a time, for instance, for every instruction given by the user there is another instruction sent by the security system installed but this takes place in the background. The more the security programs installed in a system the slower it will be in the performance, so for a very effective system in performance and safety very few but efficient security should be used. This will ensure that the information stored is safe and the speed of the system is not highly compromised. (John, 2000) Question Four The company’s computer administrator has not taken effective measures to protect the access of company’s sensitive materials from by the other users. Passwords that are long and not easy to master should have been used and constantly changed at time intervals to access only the application programs which they use and all the others should be protected and their content encrypted. The system administrator did not consider this and that’s why the contractor was able to access the list of the company customers. (Edward, 2006) The computer system should also be fitted with audit trail software to help the administrator learn about the access of a sensitive material by an unauthorized user like this case so that the appropriate measures can be taken in time. (Edward, 2006) Conclusion Every computer system should have a security to protect its materials from damage or access by unauthorized users. The security system used in a system varies with the use of computer system. Networks and Internet have the most advanced security system because they are highly prone to data hacking. Glossary Computer Virus: This is a program that replicates, deletes or can even crash the Computer. Antivirus Programs: This is a program that prevents a computer from been infected by a Virus Computer Password: This is a secrete code that keeps off unauthorized users accessing a Computer Encryption: Is a method of data securing, which involves scattering of related Information, such that if accessed one cannot comprehend. Hacking: Tapping of information from a network unauthorized. IP spoofing. Accessing a network unauthorized using the ID address of an Allowed user. References Edward, W. (2006): Information Risk and Security, London, Gower publishing ltd. Hugh, A. (2001): Computer and Intellectual Crime, Cambridge, BNA books. John, P. (2000): Computer Security Management, London, Institute of career research. Maritta, H. (2004): Computer Safety, Reliability and Security, New York, Springer Matt, B. (2002): Computer Security, New York, Addison Wesley. William, E (1999): Computer Control and Security, New York, J. Wiley Read More