SYSTEM AND DATA SECURITY

System security/ cyber security/computer security

System security refers to the measures and precautions implemented to protect computer
systems, networks, and data from unauthorized access, attacks, damage, or disruptions.
System security is the protection of computer systems, data and information from harm, theft and
unauthorized access.

Key aspects in system security (goals of computer security)

The CIA triad is a fundamental concept that outlines three core principles to achieve the overall
security goals within a computing system. The CIA triad stands for:
1. Confidentiality:
Definition: Confidentiality ensures that information is accessible only to those who are
authorized to access it. It involves protecting sensitive data from unauthorized disclosure.
2. Integrity:
Definition: Integrity ensures the accuracy and reliability of data throughout its lifecycle.
It involves protecting data from unauthorized modification, deletion, or tampering.
3. Availability:
Definition: Availability ensures that information and system resources are accessible and
usable by authorized users when needed. It involves preventing and mitigating
disruptions to services.

Computer Security risk

A computer security risk is any action or event that may cause harm to computer hardware,
software, data, or information.

Categories of computer security risks

Computer security risks are broadly categorized into;
1. Physical security risks
2. Data / information security risks

Physical security risks.

A computer physical security risk refers to a threat or potential danger to the physical
components of a computer system, network infrastructure, or related hardware.
Some of the potential physical security risks include;
1. Hardware Theft:
  Description: this is stealing of computers, servers, or other hardware
components.
2. Hardware Vandalism:
 Description: this is the deliberate destruction of computer equipment either by
internal or external individuals.
3. Environmental Hazards:
 Description: Risks posed by environmental factors, such as floods, earthquakes,
or other natural disasters that can damage or destroy computer equipment.
4. Power Failures or Fluctuations:
 Description: Risks related to power supply issues, including power outages,
surges, or fluctuations that can damage hardware components or lead to data loss.
5. Fire Outbreaks:
 Description: Uncontrolled fires can pose a serious threat to the physical
infrastructure of computer systems, including servers, data centers, and other
hardware components.

Prevention of physical security threats/ risks.

Physical security risk Prevention measures
Hardware theft Use physical access controls such as locked
doors, windows, etc.
Use cables to lock equipment on desk e.g.
keyboard locks
Use alarm systems to warn in case of
intrusion
Put bulgar proofing in windows
Hiring security guards
Hardware vandalism Monitoring using CCTV cameras
Limit access to equipment
Environmental hazards For cases of lightening, have a lightening
conductor
The computer laboratory should be on a
raised ground in case of floods.
Power failures Using uninterruptable power supply (UPS) to
provide power backup in case of outages.
Using surge protectors to protect computer
equipment in cases of electrical spikes
Using power stabilizers in case of voltage
fluctuations.

Fire outbreaks Having a fire extinguisher to put out any fires.

Data security risks
A computer data security risk refers to a threat or potential danger to the data and information of
a computer system.
Some of the potential data security risks include;
1. Viruses:
 Description: Viruses are malicious software programs that disrupt the normal
functioning of a computer.
 Categories of computer viruses
Worm: A worm is a type of computer virus that reproduces itself continuously
until it the computer runs out of memory.
Trojan horse: A Trojan horse is a deceptive type of malware that disguises itself
as a legitimate or beneficial program but actually contains malicious code.
Boot sector virus: A boot sector virus infects the master boot record (MBR) or
the boot sector of a computer's hard drive or removable storage.
Joke: A joke is a harmless program that displays annoying messages on the
screen.
 Sources of computer viruses
o Fake games, o rogue sites,
o pirated software, o infected software
o freeware from the installers,
internet, o infected email
o infected storage attachments
devices,
 Signs and symptoms of computer viruses
o Flickering of the o Reduction in
screen computer memory
o Un usual messages on o Reduction in
the computer screen computer speed
o Programs taking o Missing computer
longer to open icons
o Corrupted files o Frequent system
o Failure to boot crashes
 Prevention of computer viruses
o Install an updated antivirus
 o Scan all removeable devices
o Handle email attachments with caution
o Use a firewall
o Make regular data backups
o Avoid visiting rogue sites
2. Unauthorized Access:
 Description: Unauthorized access refers to individuals gaining access to an
organization's data, networks, endpoints, applications or devices, without
permission
3. Hacking:
 Description: Hacking involves gaining unauthorized access to computer systems
or networks with the intent to exploit vulnerabilities, disrupt services, or steal
data.
4. Cracking:
 Description: Cracking is the process of bypassing software licensing restrictions
to gain unauthorized access to software or systems.
5. Phishing:
 Description: Phishing is a form of social engineering where attackers use
deceptive emails, messages, or websites to trick individuals into providing
sensitive information.
6. Eavesdropping:
 Description: Eavesdropping involves the unauthorized interception and
monitoring of communication, often over networks, to gain access to sensitive
information.
7. Electronic Fraud:
 Description: Electronic fraud includes various deceptive practices conducted
online to trick individuals or organizations into providing money, sensitive
information, or access credentials.
8. Spoofing:
 Description: Spoofing involves impersonating a trusted entity or manipulating
data to deceive individuals or systems.
9. Denial of Service Attack (DoS):
 Description: Denial of Service attacks overwhelm a system, network, or service
with excessive traffic, rendering it unavailable to legitimate users.
 10. Sabotage:
 Description: Sabotage involves intentional actions to disrupt, damage, or destroy
computer systems, networks, or data.
11. Backdoor Attacks:
 Description: Backdoor attacks involve creating secret access points (backdoors)
in systems, allowing unauthorized entry at a later time.
12. Information theft
 Description: Information theft refers to the unauthorized and intentional act of
stealing or acquiring sensitive information from individuals, organizations, or
systems.
13. Software piracy
 Description: This is illegal duplication of copyrighted software.

Prevention of data security risks.

1. Passwords:
 Description: Passwords are a fundamental authentication method where users
must provide a unique combination of characters to access a system or data.
Strong, complex passwords enhance security by making unauthorized access
more difficult.
 Characteristics of a good password
(i) It should have a minimum of 8 characters
(ii) It should a mixture of different characters
(iii) It should expire (Always change your password)
(iv) It should easy to remember
(v) It should be about your personal information
Note: A username is a unique public identifier chosen by an individual to represent their
identity when accessing a system while A password is a private string of characters
(letters, numbers, and/or symbols) chosen by a user to prove their identity when logging
into an account or system.
2. Firewalls:
 Description: Firewalls are network security devices that monitor and control
incoming and outgoing network traffic based on predetermined security rules.
They act as a barrier between a secure internal network and untrusted external
networks, preventing unauthorized access and protecting against cyber threats.
3. Biometrics:
  Description: Biometrics involves using unique physical or behavioral
characteristics for user authentication. Common biometric methods include
fingerprint scans, retina or iris scans, and facial recognition. Biometrics adds an
extra layer of security by relying on individual biological traits.
4. Antivirus:
 Description: Antivirus software is designed to detect, prevent, and remove
malicious software (malware) such as viruses, worms, Trojans, and ransomware.
It regularly scans systems for potential threats and takes action to neutralize or
quarantine them.
5. Data Backups:
 Description: Data backups involve creating duplicate copies of important
information to ensure its availability in the event of data loss, corruption, or
system failures. Regular backups provide a means of restoring data to a previous
state.
6. Access Rights:
 Description: Access rights, also known as permissions, define the level of access
and actions users or systems are allowed to perform on data or within a system.
Properly managing access rights helps prevent unauthorized access and misuse of
information.
7. Audit Logs:
 Description: Audit logs record and store information about system activities, user
actions, and security events. Regularly reviewing audit logs helps detect
suspicious or unauthorized activities, aiding in the identification and mitigation of
security incidents.
8. Honey Pots:
 Description: Honey pots are decoy systems or networks designed to attract and
detect unauthorized access or cyber-attacks. By diverting attackers to these
intentionally vulnerable systems, organizations can gather information about
potential threats without exposing critical infrastructure.
9. Intrusion Detection Systems (IDS):
 Description: IDS monitors network or system activities for signs of malicious
behavior or security policy violations. It detects and alerts administrators about
potential threats, enabling a swift response to prevent or mitigate security
incidents.
10. Data Encryption:
  Description: Data encryption involves converting data into a coded form to
protect it from unauthorized access during transmission or storage. Encryption
algorithms use keys to encode and decode information, ensuring that only
authorized parties can decipher the encrypted data.

Cyber Crimes
Cybercrime, or computer crime, refers to criminal activities that are carried out using computers,
networks, and the internet.
Examples of common cybercrimes include;
 Hacking  Electronic  Cyber
 Phishing fraud Espionage
 Cyber  Cyber
bullying extortion

Intellectual property (IP)

Intellectual property (IP) refers to creations of the mind—ideas, inventions, artistic works,
designs, symbols, names, and images.
Intellectual Property Rights (IPR) are legal rights granted to individuals or entities to protect
their intellectual creations or inventions.

Protection of intellectual properties.

1. Patents:
 Patent rights provide inventors with exclusive rights to their inventions,
preventing others from making, using, selling, or importing the patented invention
without permission. Patents are typically granted for a limited period, often 20
years.
2. Copyrights:
 Copyright grants creators’ exclusive rights to their original works of authorship,
including literary, artistic, musical, and dramatic works. Copyright protection
allows creators to control the reproduction, distribution, public performance, and
display of their works.
3. Trademarks:
 Trademark rights protect distinctive signs, symbols, names, and logos used to
identify and distinguish goods or services. Trademark owners have the exclusive
right to use these marks in commerce, preventing others from using similar marks
that may cause confusion.

ICT ETHICS
Ict ethics are moral guidelines that govern the use of computers.
Computer ethics involves the use of computers in a morally acceptable way.
Some of the most common computer ethics include;
o Contribute to society and human well being
o Always avoid harm of others
o Always be honest and trustworthy
o Always exercise fairness and don’t be discriminative
o Honor intellectual property rights
o Respect other individual’s privacy
o Honor confidentiality

Code of conduct
A code of conduct is a written guideline that determines whether a particular action is ethical or
unethical.
Sample code of conduct includes;
1. Computers shall not be used to harm other people
2. Users shall not interfere with another person’s work
3. Computers shall not be used to steal
4. Computers shall not be used to bear false witness
5. Users shall not copy software illegally
6. Users shall not use another individual’s computer without permission
7. A user shall consider the social impact of the programs they design
8. Users should use computers in a way that demonstrates consideration and respect to other
people.