CAREER OUTLOOK
Computer Security Industry I
nformation Security is the capability of preserving the con- fidentiality, integrity and availability of information. ♦ Confidentiality ensures that information is accessible only to those authorized to have access.
♦ Integrity safeguards the accuracy and completeness of infor- mation and processing methods.
♦ Availability ensures that authorized users have access to infor- mation and associated assets when required.
Information Security Threats:
Information security refers to the protection of data and to those threats to which information is subject.
Information Security Policy:
An information security policy is an essential element in ensuring continued security and accuracy within an organization. Such a strategy encompasses the following: ♦ Staff education and training; ♦ Restricted access levels and need-to-know guidelines; ♦ Asset classification and control.
An information security policy needs to be comprehensive and should ideally encompass the following security issues: ♦ Organizational and procedural security, which is concerned with policies, standards, controls and monitoring. ♦ Physical security, which refers to the control over physical access to hardware environmental control and contingency planning.
♦ Logical security, which refers to the control over a user’s interaction with an application possibly through a network.
Cyber Security Attacks: Information security within an organization can be com- promised by cyber security attacks, which include unauthorized access, malicious software, denial of service, publishing and URL spoofing. ♦ Unauthorized Access: nHacking is the process of gaining ac- cess to electronic data by tapping into a company’s computer system. Information can be subject to unauthorized modifica- tion or sold to other parties.
♦ Malicious Software: Malicious software threatens the avail- ability and integrity of IT systems. Specifically targeted software may also threaten the privacy and confidentiality of stored information.
♦ Denial of Service: Denial of service attacks are used to render a system unusable by denying service to individual victims or by blocking all users at once.
♦ Phishing: A technique to fraudulently obtain private infor- Cyber Security Measures:
These measures prevent the loss of information, which includes ensuring that security policies to protect the organiza- tion’s information are in place. There should be policies that cover the use of security measures such as an antivirus policy and port locking. ♦ Antivirus software should be running at all times to protect all systems from potentially harmful software. It is the user’s responsibility to ensure that the antivirus software and defini- tions are up-to-date to detect the latest viruses. All storage media brought into the organization should be scanned by a virus-checking program.
♦ Port locking prevents unauthorized devices from accessing the network, which increases security.
Computer Misuse:
Computer misuse refers to the unauthorized use of all types of computer resources and includes the following: ♦ Unlawful access to information; ♦ Unlawful use of information; ♦ Misuse of computer hardware; ♦ Misrepresentation of another person; ♦ Unauthorized copy of software and supporting documentation. These threats can be controlled by introducing security pro- cedures that are adhered to by all members in the organization. These can include user authentication, a password policy, and desktop locking directives. ♦ User Authentication and Levels of Access: Types of access allow access to a range of resources designated to belong to a specified individual or group.
♦ Password Policy: Passwords are to be kept secret and secure at all times and authorized users are to avoid writing down and storing a password or sharing passwords with other users. In addition, passwords should be changed on a regular basis.
♦ Desktop Locking: Securing one’s desktop ensures that unat- tended computers cannot be accessed by unauthorized users.
Data Backup:
♦ Data Backup: Computer hardware is not failsafe. Essen- tial information should always be stored on the server, which is backed up on a daily basis.
by Editors
editors@ccgmag.com
mation by sending an email which appears to come from a legitimate organization requesting personal information.
♦ URL Spoofing: Related to phishing, a legitimate website is reproduced which is under control of the attacker to obtain personal information.
54 USBE&IT
I WINTER 2010
www.blackengineer.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92