Lecture 12 Intro to ICT Security PDF
Document Details
Uploaded by UserReplaceableConceptualArt
Tags
Summary
This lecture provides an introduction to ICT security, covering topics such as computer crime, security threats, data security, and computer viruses. The presentation explains different types of computer criminals and the methods used to commit crimes, highlighting the importance of data protection and security measures. It also introduces the concept of computer viruses, worms, and their impact, along with data backup and antivirus software.
Full Transcript
Introduction to ICT COMPUTER CRIME DATA SECURITY SECURITY THREATS COMPUTER VIRUS WORMS PERSONAL COMPUTER SECURITY BACKUP OF DATA ANTIVIRUS DATA PROTECTION LEGISLATION DATA PROTECTION IN PAKISTAN INTELLECTUAL PROPERTY Computer Crime A type...
Introduction to ICT COMPUTER CRIME DATA SECURITY SECURITY THREATS COMPUTER VIRUS WORMS PERSONAL COMPUTER SECURITY BACKUP OF DATA ANTIVIRUS DATA PROTECTION LEGISLATION DATA PROTECTION IN PAKISTAN INTELLECTUAL PROPERTY Computer Crime A type of crime in which a computer is either the target or the tool for an illegal activity is called computer crime. A type of crime that refers to an illegal act involving the internet is called cyber crime. It usually involves stealing, using or selling someone else’s data. Computer Crime: Computer Criminals Computer criminals are the persons who commit computer crimes. Different type of computer criminals are Hacker Script Kiddie Corporate Spy Unethical Employee Cyber Extortionist Cyber Terrorist Methods Used by Computer Criminals Bomb: It is a program that triggers under certain conditions. It is usually activated at a certain date. Denial of Service: It slows down a computer system or network. It floods a computer or network with requests for information or data. The server under attack receives so many requests that it can not respond to legitimate user. Most common targets are internet service providers (ISPs). Methods Used by Computer Criminals Piggybacking: It is a process of entering the system by riding on the back of an authorized user. It occurs when an authorized user does not log off the system properly. An illegal user may continue where original user left. Salami Technique: It is a process of getting a small amount of money illegally from a large financial system. Methods Used by Computer Criminals Scavenging: It is a process of searching company’s trash to find useful information. The thieves search garbage and recycling bins of individuals to find bank account numbers and credit card numbers etc. Trap Door: It is an illegitimate program that is left within a completely legitimate program. It allows subsequent entry by unauthorized user in the system. Zapping: The zapping software is designed to bypass all security systems. Security Security is a system that is used to protect a computer system and data. It protects from intentional or accidental damage or access by unauthorized persons. With the help of a security system, a computer can detect whether the user is authorized or not. Data Security Protection of data is called data security. Data stored in computer can be lost accidentally or someone can damage it can be lost completely or partially. Data is more valuable and important than computer itself, so it should be saved in such a way that it may not be lost or damaged. It is very important to protect data from illegal and unauthorized access. Security Threats Computer security threat can be a computer program or a person that violates computer security. It may cause stealing or loss of data. It may also affect working of computer Security Threats Hacker: A person who accesses a computer, network and its resources illegally is known as hacker. Hackers are computer experts and user their computer knowledge for negative purpose. Hackers may steal Information of clients or customers. Credit card details Passwords to access computers illegally Email passwords to use email account without user’s knowledge Security Threats Hardware Theft and Vandalism: Hardware theft is a process of stealing the hardware equipment such as hard disk or monitor. Hardware vandalism is the process of defacing the hardware equipment, e.g. an employee in an organization may damage the keyboard and cut the wires etc. Security Threats Software Theft: Software theft means that a person can steal software media, erase software program or copy it without permission Information Theft: Information theft is a process of stealing personal or confidential information. The stolen information can further be used for illegal activities e.g. stealing credit card details and use it for online shopping. Security Threats System failure: System failure is an important security threat and it occurs when the system does not function properly for longer time. System failure may further cause loss of data, software and hardware. It occurs due to various reasons Obsolete hardware Natural disaster such as flood, fire or storm Fluctuation in power supply Computer Virus A computer virus is a program that may disturb the normal working of a computer system. Virus attaches itself to files stored in flash drives, email attachments and hard disk. A file containing a virus is called an infected file and when it is copied to a computer, virus is also copied to the computer. Computer Virus Computer viruses can not damage hardware but they can cause many damages to computer system. A computer virus can Damage data or software Delete some or all of the files Destroy all data by formatting hard disk Display a false message every few times. Computer Virus: Causes A virus is spread on different computers due to following reasons Infected flash drives or disks Email attachments Insecure websites Networks Pirated software Computer Virus: Protection A computer system can b protected from viruses by following these precautions Install latest anti-virus Upgrade antivirus regularly Scan flash drive before use Do not open junk or unknown emails Do not install pirated software Freeware and shareware software normally contain viruses, so check the software before using it. Worms A worm is a program that copies itself repeatedly in memory or disk until no space is left there and computer may stop working in this situation. Worms spreads from one computer to another computer through networks. Some examples of worms are SQL Slammer, The Blaster Worm, One-Half and cascade. Personal Computer security Avoid extreme conditions: The computer system should not be placed in extreme conditions, it should be safe from direct sun, rain and extreme temperature. Avoid virus: Antivirus software must be installed on the computer and must be updated regularly. Personal Computer security Firewall: A firewall is a set combination of hardware and software that prevents unauthorized access to a network. It works between an organization’s internal network and the internet. It protects data, information and storage media from unauthorized access. It can also be used to stop internal users from accessing certain sites. Personal Computer security Passwords: Password is a secret word that is used to protect a computer system or program. The user has to type the password to access the computer system, therefore the system can be accessed only by the person who knows the password. So the computer and the data stored on it will be safe and protected. Personal Computer security Encryption: Encryption is a process of encoding data so that only authorized user may understand and use it. Some strong encryption should be used to protect important files. Backup: An additional copy of data or information stored on secondary storage media is called backup. It is very important to take backup of data regularly and store it at a safe and protected place. Backup of Data An additional copy of data or information stored on secondary storage media is called the backup of data. The common media for backup are USB flash drives, magnetic tape, CD and external hard disk. Backup of Data: Purpose An important file can be deleted accidentally. The user may overwrite a part or whole of an existing file. A mechanical failure in the computer may result in loss of data. A virus may damage the data. The computer system may be damaged due to fire or power failure. Backup of Data: Types Two ways to take the backup of data are Complete backup Incremental backup Complete backup is the backup of all data on the hard disk. Advantage of this backup is that entire hard disk is backed-up and whole data can be restored. It takes more time and storage capacity. Backup of Data: Types Incremental backup creates a copy of only the data that is newly created or modified since the last backup. This process is performed automatically in some software. In this type, entire disk is not copied so it takes less time and space. Antivirus Antivirus software is used to detect and remove viruses, worms and adware etc. It contains information about different known viruses. It runs in the background all the time and alerts the computer user when any virus is detected. Some examples are McAfee, AVG, Kaspersky and NOD32. Antivirus: McAfee McAfee is an American organization that has developed an antivirus program called McAfee VirusScan. McAfee Automatically detects and removes viruses Block adware before it installs on computer Remove existing adware Protects computer from hackers Can also check emails for viruses. Antivirus: AVG AVG stands for Antivirus Guard and is an antivirus program developed by AVG Technologies. It protects computer from latest viruses, worms and other threats. The AVG Free Edition is also available that can be downloaded, however it does not provide full protection. Antivirus The antivirus software should be managed properly to detect and remove viruses, worms and adware from the computer system. Many new viruses are created and spread continuously. The antivirus software must be updated regularly in order to protect the computer properly. Data Protection Legislation The data protection legislation defines the laws that ensure data protection. Many countries have defined data protection legislation which is based on same basic principles The purpose of keeping personal data must be clearly defined by that organization that obtains the data. The individual about whom data is collected must be informed about the identity of the organization or individual that collects data. Data Protection Legislation Some important privacy acts are 1980 Privacy Act prohibits agents of federal government from making unannounced searches of press office. 1984 Cable Communication Policy Act restricts cable companies in the collection and sharing of information about their customers. It was the first legislation to regulate the use of information processed on computer. Data Protection Legislation Data Protection Act 1984 protects an individual from unauthorized use and disclosure of personal information stored on computer. It consists of following eight principles The data should be processed fairly and lawfully and may not be processed unless the data controller can satisfy one of the conditions for processing set out in the Act. Data should be obtained only for specified and lawful purposes. Data should be adequate, relevant and not excessive. Data Protection Legislation Data should be accurate and, where necessary, kept up to date. Data should not be kept longer than is necessary for the purposes for which it is processed. Data should be processed in accordance with the rights of the data subject under the Act. Appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Data Protection in Pakistan “PERSONAL DATA PROTECTION BILL 2018” PERSONAL DATA PROTECTION BILL 2018 A new Personal Data Protection Bill 2018 Draft (the “Bill”) has been proposed by the Ministry of Information Technology and Telecommunication (“MOITT”) of Pakistan. With this Bill, Pakistan will the wave of new data protection laws that have been drafted or passed since Europe’s General Data Protection Regulation (GDPR). PERSONAL DATA PROTECTION BILL 2018 A new enforcement body, the National Commission for Personal Data Protection (NCPDP), will be established under the Bill. NCPDP will receive and decide complaints from individuals, as well as engage, support, guide, facilitate, train and persuade data controllers, data processors to ensure protection of personal data. The current draft of the Bill has 25 pages with requirements and individual rights similar to the GDPR. Intellectual Property Intellectual property is the unique and original works such as ideas, inventions, writings and logos etc. Intellectual property rights are such rights which are given to persons who are the authors or creators of the new and original literary and artistic works such as books, articles , other writings ,paintings , musical compositions, sculpture , films and computer programs by application of their creativity process and intellect. Intellectual Property Intellectual property rights are given to such individuals to compensate for their efforts during such creative process and their investments. These rights are given for a certain period of time and after which general public have the right to freely benefit from them in their benefit and use. Intellectual Property The term intellectual property, covers the following aspects in the relevant categories namely: Copyright: literary, artistic and scientific works covering books, journals, magazines, written articles etc. Trademarks: trademarks, merchandise marks, service marks, commercial names and designations like logos. Intellectual Property Patents: inventions like a new form of airplane engine, a floor cleaner, etc. Designs: it includes the shape of a bottle, machine, model of luxury car or any other product, etc.