COLLEGE OF BUSINESS EDUCATION

(CBE-Mwanza)
MANAGEMENT INFORMATION SYSTEMS

SMB 07307

LECTURE SEVEN
IDENTIFY SECURITY THREATS IN AN ORGANIZATION

What is security?
A simple definition of the word security is the state of being free from danger or threat. In a generic
sense, security is "freedom from risk or danger."

What is threat?
Threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible
harm.

What are computer security threats?

Computer security threats are possible danger that might exploit a vulnerability to breach security and
thus cause possible harm to your computer or computing resources.

What is computer security?

Computer Security can be defined as the process of preventing and detecting unauthorized access/use of
computing resources (e.g Data, information, hardware, software and network resources).

A point to remember, with any business asset, information systems hardware, software, networks, and
data resources need to be protected and secured to ensure quality, performance, and beneficial use. As
speaking of unauthorized access/use means possible danger that might exploit a vulnerability to
breach security and may result to possible harm of your computer or network. Meanwhile, computer
security does not involve standalone machine only, but due to the growth of Information Technology the
term becomes broad in the extents to involve computer network, computer users, data, information,
software and etc.

Computer Security is concerned with five main areas (CIAAA):

1. Confidentiality: - Confidentiality is the concealment of information or resources. The need for
keeping information secret arises from the use of computers in sensitive fields such as
government and industry. For example, military and civilian institutions in the government often
restrict access to information to those who need that information. The first formal work in
computer security was motivated by the military's attempt to implement controls to enforce a
"need to know" principle. This principle also applies to industrial firms, which keep their
proprietary designs secure lest their competitors try to steal the designs. As a further example, all
types of institutions keep personnel records secret. In simple words: Only authorized users can

1 |9 P a g e BY: ALOYCE, N
access the computing resources (like Data, information, hardware, software and etc) and not
otherwise.

2. Integrity: - Integrity refers to the trustworthiness of data or resources, and it is usually phrased in
terms of preventing improper or unauthorized change. Integrity includes data integrity (the
content of the information) and origin integrity (the source of the data, often called
authentication). The source of the information may bear on its accuracy and credibility and on the
trust that people place in the information. In simple words: Only authorized users should be able
to modify the computing resources (data, hardware configuration, software installation and ect)
when needed and not otherwise.

3. Availability: - Availability refers to the ability to use the information or resource desired.
Availability is an important aspect of reliability as well as of system design because an
unavailable system is at least as bad as no system at all. The aspect of availability that is relevant
to security is that someone may deliberately arrange to deny access to data or to a service by
making it unavailable. In simple words: computing resource should be available to authorized
users only when needed and not otherwise.

4. Authentication:- authentication is the process of determining whether someone or something is,

in fact, who or what it is declared to be. In simple words: are you really communicating with
whom you think you are communicating with.

5. Authorization: - The process of allowing only authorized users to access sensitive resources
(information). An authorization process uses the appropriate security authority to determine
whether a user should have access to resources.

CATEGORIES OF SECURITY CONTROLS

Computer security is often divided into three distinct master categories, commonly referred to as controls:
1. Physical Control
2. Technical (Logical) Control
3. Administrative (Management) Control

A point to remember: These three broad categories define the main objectives of proper security
implementation. Within these controls are sub-categories that further detail the controls and how to
implement them.

Physical Controls
The Physical control is the implementation of security measures in a defined structure used to deter or
prevent unauthorized access to sensitive material/ resources. Examples of physical controls are:
 Closed-circuit surveillance cameras
 Motion or thermal alarm systems
 Security guards
 Picture IDs
 Locked and dead-bolted steel doors

Technical (Logical) Controls

2 |9 P a g e BY: ALOYCE, N
The Technical (Logical) control uses technology as a basis for controlling the access and usage of
sensitive data throughout a physical structure and over a network. Technical controls are far-reaching in
scope and encompass such technologies as:
 Encryption
 Smart cards
 Implementing firewall
 Using reliable and updated antivirus programs
 Access control lists (ACLs) like username and password
 File integrity auditing software

Administrative (Management) Controls

Administrative controls define the human factors of security. It involves all levels of personnel within an
organization and determines which users have access to what resources and information by such means
as:
 Training and awareness
 Disaster preparedness and recovery plans
 Personnel recruitment and separation strategies
 Personnel registration and accounting

CLASSIFICATION OF SECURITY THREATS

In order for one to produce a secure system, it is important to classify threats. The classification of
security threats could be:
1. Intentional threats - Intentional threats refer to purposeful actions resulting in the theft or
damage of computer resources, equipment, and data. Intentional threats include viruses, denial of
service attacks, theft of data, sabotage, and destruction of computer resources. Most intentional
threats are viewed as computer crimes when executed.
2. Unintentional threats - Unintentional threats are considered to be human error, environmental
hazards, and computer/hardware failures. Most people don't purposely cause harm.
Note: To protect the computing resources, there are a number of security measures individuals and
organizations can take to protect their assets, such as encryption, firewalls, anti-virus, anti-spyware,
passwords, back-ups, and biometric security as we will see before the end of this lecture.

TYPES OF SECURITY THREAT

Security threats or risks can be typified as mentioned below:
1. Physical (Environmental) security threats
2. Non- Physical (Non-Environmental) security threats

PHYSICAL (ENVIRONMENTAL) SECURITY THREATS:

A physical threat is a potential cause of an incident that may result in loss or physical damage of the
computer resources (System, data, information, network and etc).

The following list classifies the physical threats into three (3) main categories;

3 |9 P a g e BY: ALOYCE, N
1. Internal physical threats: The threats include fire, unstable power supply, humidity in the rooms
housing the hardware etc.

2. External physical threats: These threats include lightening, floods, earthquakes etc.

3. Human: These threats include theft, vandalism of the infrastructure and/or hardware, disruption,
accidental or intentional errors.

To protect computer systems from the above mentioned physical security threats, an organization must
have physical security control measures. The following list shows some of the possible measures that can
be taken:

1. Internal physical threats: Fire threats could be prevented by the use of automatic fire detectors
and extinguishers that do not use water to put out fire. Unstable power supply can be prevented
by the use of voltage controllers like UPS (Uninterruptible Power Supply). An air conditioner can
be used to control the humidity in the computer room.

2. External physical threats: Lightening protection systems can be used to protect computer
systems against such attacks. Lightening protection systems are not 100% perfect, but to a certain
extent, they reduce the chances of lightening causing damage. Housing computer systems in high
lands is one of the possible ways of protecting systems against floods.

3. Humans: Threats such as theft can be prevented by use of locked doors and restricted access to
computer rooms.

NON- PHYSICAL (ENVIRONMENTAL) SECURITY THREATS

A non-physical threat is a potential cause of an incident that may result in;
 Loss or corruption of system data
 Disrupt business operations that rely on computer systems
 Loss of sensitive information
 Illegal monitoring of activities on computer systems
 Missing of files or directories
 Computer behavior abnormal
 And Others

Note: The non-physical threats are also known as logical threats. The following list is the common types
of non-physical (Logical) threats;

 Malware: Malware is short for “malicious software.” Wikipedia describes malware as a term
used to mean a “variety of forms of hostile, intrusive, or annoying software or program code.”
Malware could be computer viruses, worms, Trojan horses, dishonest spyware, and malicious
rootkits.

 Virus: A computer virus is computer software that can spread from one infected computer to
another for the purpose of destroy the normal operation of computer system. The virus could

4 |9 P a g e BY: ALOYCE, N
corrupt, steal, or delete data on your computer even erasing everything on your hard drive. A
virus could also use other programs like your email program to spread itself to other computers.

 Trojan horse: Users can infect their computers with Trojan horse software simply by
downloading an application they thought was legitimate but was in fact malicious. Once inside
your computer, a Trojan horse can do anything from record your passwords by logging
keystrokes (known as a keystroke logger) to hijacking your webcam to watch and record your
every move.

 Worm: A computer worm is a software program that can copy itself from one computer to
another, without human interaction. Worms can replicate in great volume and with great speed.
For example, a worm can send copies of itself to every contact in your email address book and
then send itself to all the contacts in your contacts’ address books.

 Spyware: Malicious spyware is used to describe the Trojan application that was created by
cybercriminals to spy on their victims. An example would be keylogger software that records a
victim’s every keystroke on his or her keyboard. The recorded information is periodically sent
back to the originating cybercriminal over the Internet. Keylogging software is widely available
and is marketed to parents or businesses that want to monitor their kids’ or employees’ Internet
usage.

 Botnet: A botnet is a group of computers connected to the Internet that have been compromised
by a hacker using a computer virus or Trojan horse. An individual computer in the group is
known as a “zombie“computer.

 Spam: Spam in the security context is primarily used to describe email spam unwanted messages
in your email inbox. Spam, or electronic junk mail, is a nuisance as it can clutter your mailbox as
well as potentially take up space on your mail server. Unwanted junk mail advertising items you
don’t care for is harmless, relatively speaking. However, spam messages can contain links that
when clicked on could go to a website that installs malicious software onto your computer.

 Rootkit: a rootkit is a collection of tools that are used to obtain administrator-level access to a
computer or a network of computers. A rootkit could be installed on your computer by a
cybercriminal exploiting a vulnerability or security hole in a legitimate application on your PC
and may contain spyware that monitors and records keystrokes.

 Keyloggers: A keylogger is a type of surveillance software (considered to be eithersoftware or

spyware) that has the capability to record every keystrokeyou make to a log file, usually
encrypted. A keylogger recorder can record instant messages, e-mail, and any information you
type at any time using your keyboard.

 Adware: program code embedded to the software without user being aware of it to show
advertising. As a rule adware is embedded in the software that is distributed free. Advertisement
is in the working interface. Adware often gathers and transfer to its distributor personal
information of the user.

5 |9 P a g e BY: ALOYCE, N
 Denial of Service Attacks (DoS): In computing, a denial-of-service (DoS) attack is an attempt to
make a machine or network resource unavailable to its intended users, such as to temporarily or
indefinitely interrupt or suspend services of a host connected to the Internet.

 Distributed Denial of Service Attacks (DDoS): DDoS is short for Distributed Denial of
Service. DDoS is a type of DOS attack where multiple compromised systems, which are often
infected with a Trojan, are used to target a single system causing aDenial of Service (DoS) attack.

 Snooping: In the context of network security, a spoofing attack is a situation in which one
person or program successfully masquerades as another by falsifying data, thereby gaining an
illegitimate advantage.

 Phishing: Phishing scams are fraudulent attempts by cybercriminals to obtain private

information. Phishing scams often appear in the guise of email messages designed to appear as
though they are from legitimate sources. For example, the message would try to lure you into
giving your personal information by pretending that your bank or email service provider is
updating its website and that you must click on the link in the email to verify your account
information and password details. And many others

To protect computer systems from the above mentioned physical security threats, an organization
must have both logical (technical) and administrative security control measures. The following list shows
some of the possible measures that can be taken:

1. To protect against viruses, Trojans, worms etc, an organization can use reliable and updated anti-
virus and anti-spyware software.

2. Unauthorized access to computer system resources can be prevented by the use of authentication
methods. The authentication methods can be, in form of user ids and strong passwords, smart
cards or biometric etc.

3. Intrusion-detection/prevention systems can be used to protect against denial of service attacks. An

intrusion detection system (IDS) detects malicious events and notifies an administrator, using
email, paging, or logging of the occurrence. An IDS can also perform statistical and anomaly
analysis. Some IDS devices can report to a central database that correlates information from
multiple sensors to give an administrator an overall view of the real-time security of a network.
An intrusion prevention system (IPS) can dynamically block traffic by adding rules to a firewall
or by being configured to inspect (and deny or allow) traffic as it enters a firewall.

4. Employ a firewall to protect networks. As computer viruses can spread by means other than
email, it is important that unwanted traffic is blocked from entering the network by using a
firewall. For users that use computers for business away from the protection of the company’s
network, such as home PCs or laptops, a personal firewall should be installed to ensure the
computer is protected.

5. Educate all users to be careful of suspicious e-mails. Ensure that all users know to never open an
attachment or to click on a link in an email they are not expecting. Even when the email is from a

6 |9 P a g e BY: ALOYCE, N
known source, caution should be exercised when opening attachments or clicking on links in
emails. Criminals use the trust placed in an email contact you know to trick you into clicking on a
link or attachment.

6. Don’t run programs of unknown origin. It is important that you use a trusted source for your
software requirements. This is to ensure that all software installed can be accounted for and that
its sources can be confirmed to be legitimate. Apart from ensuring that the correct licensing
agreements are in place, using a trusted supplier can help reduce the risk of software infected with
a virus compromising your business. All users should be educated to never run a computer
program unless the source is known or has originated from a person or company that is trusted.

7. Implement a vulnerability management program. Most computer viruses and worms try to exploit
bugs and vulnerabilities within the operating system and applications that companies use. New
vulnerabilities are introduced into networks every day, be that from installing new software and
services, making changes to existing systems or simply from previously undiscovered
vulnerabilities coming to light. It is important to regularly review your network and the
applications running on it for new vulnerabilities.

8. Make regular backups of critical data. It is important to ensure that regular copies of important
files are kept either on removable media such as portable drives or tape to ensure you have a
trusted source for data in the event that the network is infected with a computer virus. Not only
will this ensure that important data is available in the event of a computer virus infecting the
company’s network, backups will also enable the company to restore systems to software that is
known to be free from computer virus infection.

9. Stop sharing affected storage devices like flash disk, CD, DVD, Hard Disk etc

10. Stop accessing unsecured website (Rogue Websites)

11. Unplug your computer from the network when you’re not using it.

12. Develop an Information Security Policy. The creation and publication of an Information Security
Policy is key to ensuring that information security receives the profile it requires in the
organization and is the first critical step in securing the company’s systems and data. It is
important that senior management support the Information Security Policy and that all users are
made aware of their roles and responsibilities under this policy.

13. Data Encryption -Encryption is a process that scrambles data to protect it from being read by
anyone but the intended receiver. An encryption device encrypts data before placing it on a
network. A decryption device decrypts the data before passing it to an application. A router,
server, end system, or dedicated device can act as an encryption or decryption device. Data that is
encrypted is called ciphered data (or simply encrypted data). Data that is not encrypted is
called plain text or clear text.

14. Disable autorun - Many viruses work by attaching themselves to a drive and automatically
installing themselves on any other media connected to the system. As a result, connecting any

7 |9 P a g e BY: ALOYCE, N
network drives, external hard disks, or even thumb drives to a system can result in the automatic
propagation of such threats.

15. Keep your computer updated (update your Operating System). Microsoft releases security
updates that can help protect your computer. Make sure that Windows receives these updates by
turning on Windows automatic updating. For more information.

16. Disable Guest Accounts. Intended for temporary users, Guest Accounts are an easy point of entry
for hackers. We recommend that you permanently disable them.

--------------------------------End of Lecture SEVEN--------------------------------------

8 |9 P a g e BY: ALOYCE, N