Methods Available for Maintaining Computer System Security - Coursework Example

Computer Security Table of Contents Table of Contents 2 Introduction 3 Importance of Security and Data Protection 4 Techniques and Methods Available for Maintaining Computer System Security 8 Conclusion 11 References 13 Introduction Data and information security is a critical task for most of the home computer users and also businesses. The computer security related problem is basically an adversary problem. An adversary is existing phenomenon that tries to misuse the processing, storage, and transmittal of various data in order to add an advantage. This misuse is generally stated as either unauthorised observation of any data, or denial of any service, or improper or unauthorised modification of any data. In the process related to denial of service an adversary looks for preventing someone from using any feature of a computer system. This intention is accomplished by trying up or monopolising significant resources. Therefore, a total solution for any computer security system has to meet the three requirements like integrity, secrecy or confidentiality, and availability. Integrity relates to preventing improper or unauthorised modification of any data. Secrecy or confidentiality relates to protection of any data or information from unauthorised disclosure. Availability means avoidance of denial of any authorised access to services as well as information. These requirements are of paramount importance in almost all of the computer systems. The security related problem of a computer system are resolved by maintaining a division between various data as well as computing related resources and the user of the computer system. This prevents any misuse of data and information. This separation can be achieved by involving three sub problems as a part of computer security i.e. mechanism, security policy, and also assurance (Yu & Jajodia). Importance of Security and Data Protection In the past few decades, data and information have grown in stature. In different sectors like business, financial sectors, government sector, military, hospital data and information are transmitted across various networks. This data transmission has brought with it the need to secure the network in order to prevent misuse and forgery of data. In the information and data security concept, the basic three elements are availability, confidentiality, and integrity. It is highly important for an organisation or an individual who is using a computer system to transmit data to adhere by these three concepts to protect and secure their data. Data security is critical for any organisation in this era of high tech information system. Business organisations use computers and networks to store various information like client information, personal files, payment information, bank account related details and information. This information’s are extremely sensitive to an organisation. As an organisation can loose their competitive advantage if these critical details are leaked or hacked, therefore this irreplaceable and potentially dangerous information have to be secured by an organisation. Data and information loss in the hands of hackers as well as to a malware related infection can have a devastating consequence for a business (Spamlaws, 2009). The importance of security of information has been brought into recognition with the advent of internet. By suing the internet various threats can attack a computer system such as virus, Trojan, spy ware, malware, hackers. These threats try to misuse organisational data by either corrupting the data or trying to trace out valuable and secure organisational information. Information security requires money. The benefits that an organisation can incur by going for data protection programs are much more. The programs such as anti virus, anti spyware, anti hacker program can help to secure data and information. A security program needs to find the relevant threats, measure the vulnerable capacity of the threat, select appropriate security measure to prevent that threat (Canal, 2005). Data security process starts with an overall risk and strategy assessment. In this assessment process, the importance of various data is identified and the different manners of threats are assessed to prevent system crash, malware related information and theft of data. Other threats include physical threat like power outrage, fire, malicious damage and human related error like input error, unintended disposing of any data, and mistake in the processing of information. After the assessment the analysis of different aspects has to take place. In this process, use of email, internet, access and restriction information, using of password, anti malware related solution, types of firewall installed, training and enforcing of staffs to maintain data security is performed. The information retrieved from the analysis of information is very useful to protect misuse of data. This analysis has to be frequently reviewed for supporting various changes and updates. After the analysis of different risks to information a protection plan has to be prepared. In this plan various things has to be taken care of like ensuring anti malware related solution, operating system is up to date, using restriction on to internet and data access by frequently changing passwords and also by ensuring that right kind of people are provided with secure data and information. Other methods which can be used are using intrusion detection related technology for tackling hacker attack, backing up energy resources and protecting the power supply, ensuring that computers and related components are kept away from direct public view (Spamlaws, 2009). Information and data loss can hamper distribution, sales, and reputation of an organisation. It can cause a massive loss if any data is lost in case of any big projects that an organisation is undertaking. This could result in delay in a project and loss of money. Loss of data related to consumer database can make an organisation loose it’s most valuable resource, as the name and other details of the consumers are the main source of business proceedings. This could result in loss of revenue and potential sales option. If this crucial information reaches a competing organisation then it can cause even more damage as the main organisation can loose its consumer base permanently. In business it is a known fact that retaining a consumer is much more cost effective then creating new consumers. Therefore securing organisational data can save a huge amount of revenue for a company (Business Link, n.d.). In the financial services also, data security is very important. Loss of critical financial data is a major security concern in financial services. In financial services, the information relates to different information related consumers. These include personal information like names, addresses, date of birth, bank account related details, passport numbers, insurance numbers, passwords, PIN, and few others. This information’s are very critical for an individual. Any loss of such information can call for damaging circumstances like loss of money from bank accounts. This loss of information can occur because of ‘know your customer’ (KYC) requirements related anti money laundering regime (Thomas, 2008). Techniques and Methods Available for Maintaining Computer System Security The most commonly used methods by the intruders in order to gain control of a computer system includes Trojan horse related programs, denial of different services, unprotected share of windows, remote and back door administration programs, being part of an intermediary for a separate attack, mobile based codes like javascript, java, activeX, email spoofing, email borne various viruses, cross site scripting, chat clients, hidden file based extensions, and packet sniffing. The user of a computer system has to tackle these multi dimensional threats to protect their data and information from misuse. The techniques and methods which can be used by home based and other users to protect their information and data can be: Using a firewall, it will help to provide a basic degree of protection against different attacks. Firewalls are provided with software packages. Firewall though can’t detect all possible security threats. Virus protection related software has to be installed in all the possible computer systems which are connected to an internet. The anti virus program has to be up dated regularly to protect against latest threats. Automatic update process can help to regularly update an anti virus without manual requirements. Any one must not open any unknown email related attachments. The source of an attachment has to be known to the user before opening any attachment. A virus named Melissa spread through the email attachment source. Antivirus program can help to scan an attachment to trace to authenticity of it. After a proper scanning an attachment can be opened. Disabling hidden filenames and extensions, by using the registry options in a windows system can protect misuse of data. Programs from unknown origin must not be run. The run option relates to starting an executable file. Various malicious program makers use these executable files to trace various data. Executable files are one of the main sources of virus attacks. Therefore an unknown executable files should not be opened. A program received from unknown origin generally contains Trojan horse related program, therefore it must not send to a known person. Computer system and other software applications installed in it have to be patched. The software vendors release different patches generally when vulnerability is discovered. Automatic updates and patches help a computer system to protect the files and the documents installed form latest threats and attacks. A computer system has to be turned off and disconnected from a network if it is not in use. It will prevent any intruder attack. Mobile codes such as javascript and activeX are vulnerable. A malicious web related developer can attach any script like an URL, database inquiry, an element in a different form along with this program. This vulnerable script is transferred through the browser. This scenario can be avoided by disabling all the scripting based languages. Critical data can be secured by making a back up copy of the data in a different computer system or in a removable device such as CDs, and DVDs. Scripting features in an email program also has to be disabled. The program like activeX, java script can cause vulnerability through the email. A boot disk has to be created. It will help in case of a security related breach which results in a hard disk to fail. Boot disk can help in faster recovery from a system failure (Carnegie Mellon University, 2010). Encryption of data can be a useful method to protect data. Encryption is basically a process which converts plain data and text into an unintelligible form. This is done by using a reversible mathematical related computation method. Cryptography is the process by which plaintext is encrypted. Encrypting is performed by using keys. In the encryption process, the corresponding decryption method is also incorporated. An algorithm code is employed to secure the data. The encrypted cipher text is transmitted by using a channel. Intruders are generally not able to decode the messages (Prof. Lee, 1999). Organisations can gain benefit by using encrypted text. In an organisation, physical security of a data can be achieved by providing the authority of a data to a reliable administrator. Specific security standards like ‘control objective for information and related technology (COBIT)’, ‘Federal Information System Controls Audit Manual (FISCAM)’ and the ‘Certified Information Systems Auditors (CISA)’ can help to improve organisational data security. The security based models like time based security can help a business organisation to set up critical safety measures. There are also various security models which can help in computer system security like access matrix model, state-machine model. These models help to crate a security mechanism for computer system (Gasser, 1988). Conclusion Computer system has reached an invaluable stage. The need for computer system increased multi fold with the advent of internet. The internet has brought with it several threats to computer system. These threats are extremely important for an organisation and also an individual. Therefore, computer security is a must in every field. Computer security can be achieved in different ways such as by using anti-malware program, by using cryptography technique to encrypt the data, and also various other methods. Security of data and information can ensure an organisation’s competitive advantage. The loss of any such data in the hands of a hacker of a competing company can ruin an organisation. It can do so by destroying consumer base and by loss of revenue. Therefore, computer security is a globally recognised need for ensuring security and integrity of data and information. References Business Link, No Date. Why data security is important. Keeping your systems and data secure. [Online] Available at: http://www.businesslink.gov.uk/bdotg/action/detail?itemId=1073791301&type=RESOURCES [Accessed August 03, 2010]. Carnegie Mellon University, 2010. Home Network Security. CERT Coordination Center. [Online] Available at: http://www.cert.org/tech_tips/home_networks.html [Accessed August 03, 2010]. Canal, V. A., 2005. On Information Security Paradigms. Information Systems Security Association. [Online] Available at: http://www.issa.org/Library/Journals/2005/September/Aceituno%20Canal%20-%20On%20Information%20Security%20Paradigms.pdf [Accessed August 03, 2010]. Gasser, M., 1988. Building a Secure Computer System. University of Nebraska Omaha. [Online] Available at: http://cs.unomaha.edu/~stanw/gasserbook.pdf [Accessed August 03, 2010]. Prof. Lee, E. S., 1999. Essays about Computer Security. University of Cambridge. [Online] Available at: http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf [Accessed August 03, 2010]. Spamlaws, 2009. Why Data Security is of Paramount Importance. Menu. [Online] Available at: http://www.spamlaws.com/data-security-importance.html [Accessed August 03, 2010]. Thomas, R., 2008. Data Security in Financial Services. New York University. [Online] Available at: http://www.nyu.edu/intercep/lapietra/FSA_DataSecurtiyinFinancialServcies.pdf [Accessed August 03, 2010]. Yu, T. & Jajodia, S. Secure data management in decentralized systems. Springer, 2007. Read More