Information Technology

Technology has become an important part of everyday life for many

people in the world. Governments, companies, organizations and
individuals use technology to create, store and manage information.

The increasing use of technology along with the expansion of the internet,
and the many services, have resulted in many risks to users and computer
systems.

System security is therefore essential to protect or safeguard computer,

mobile devices, and data and software from loss, damage and misuse.
Computer Security
This is about the security of a computer and its software. Computer
security covers things such as backups, password security, and
preventing viruses and other threats from damaging or stealing what is
on the computer.
Cybersecurity
Cybersecurity is about making sure that the computer and its
connections are secure. Cyber security covers how to prevent things
such as viruses, malware, phishing and other threats from accessing
information from a computer.
Computer Misuse
This is about the way people use computers to access other people’s
computer systems and their information, or how they use computers to
spread unfair, false or hurtful information. These problems include
cyberbullying, hacking, industrial espionage and fake news.
 Risk Assessment
To protect a system, you need to find out the parts of the system that could be
affected by a system attack, and then identify the various risks that could affect those
parts. The parts (infrastructure) include hardware, communication systems, OS,
application software and data files. This is called system risk assessment and would
consider the following elements:
• Vulnerabilities – are flaws in a system that can be used to cause loss or harm.
• Threats – are a set of circumstances that have the potential to cause loss and harm.
• Attacks – are actions taken that use one or more vulnerabilities in a system to realize
a threat.
• Countermeasures – controls are how we deal with and prevent these problems.
HARDWARE AND SOFTWARE SECURITY
Data integrity concerns the consistency, accuracy and reliability of data.
Data is said to have integrity if it is accurate and complete when it
enters a system and it does not become inaccurate after further
processing.
The goal of integrity is to protect against data becoming corrupted
(being changed, deleted or substituted without authorization)
Data integrity can be compromised in a number of ways:
 Human error (inaccurate data entry, accidental deletion, accidental
changing of data)
 Natural disasters (fires, floods, earthquakes)
 Malware
 Hardware failure
 Fraud
 Malicious deletion or changing of data
Data security concerns with protecting data form unauthorized access and
is one of the methods used to ensure data integrity. Data can be secured
using both physical and software safeguards.
Physical data security includes;
Only allowing authorized personnel access
Backup and recovery
Outer structural security
Distributing work to a few employees, not just one
Physical Data Security
Physical safeguards deal with the protection of hardware and software from
accidental or malicious damage, destruction or theft. Depending on the
sensitivity of the data being stored, a combination of the methods described
may be used.
Only allowing authorized personnel access
The goal is to stop unauthorized users from accessing the computer system.
This is necessary to prevent equipment theft, media theft, console or
network access and physical destruction of media and equipment.
One or a combination of the following methods may enforce this.
 Locks
 Security guards
 Burglar alarms
 Intrusion detection system (video cameras, face recognition)
 Authentication systems fro checking identity, which only allow access to
authorized people:
- electronic doors opened using only passwords, magnetic cards, smart
cards.
- biometric devices that confirm a person’s identity (fingerprint reader,
facial recognition system, hand geometry, voice recognition, signature
verification system, iris-recognition system and retinal scanners)
Outer Structural Security
Outer structural security entails reinforcement to doors, windows, walls and
roofs to make the building where hardware and data is stored more secure it
makes no sense installing expensive locks on fragile doors and windows; for
this reason, structural security needs to look at many interlinked factors to
ensure maximum physical protection.
Backup and Recovery
Making a copy of your data and storing it safely so that you can recover the
data is a simple and effective way to ensure data integrity. To do this, we use
backup and recovery systems and software.
Modern OS such as Windows 10 have a built-in backup and recovery system.
Windows 10 backs up your files to its One-Drive cloud storage on the
internet, called remote or cloud backup. With an internet connection, you
can retrieve the data on your computer if the data and computer are
damaged or if there is a fire or any disaster.
It is good practice to keep more than one backup, so in addition to using
OneDrive, consider having an external hard disk for your backup. You can
secure this further by unplugging it at the end of the day and keeping it in a
fire-proof safe or cabinet, or in another building.
Organizations and governments will also use long-term data storage, called
archiving, a form of physical data backup involving the removal of inactive
files from the computer. These files are no longer in use, but may be needed
at some future date, such as tax records. They can be stored in The Cloud or
on devices such as magnetic tape, microfiche or CD-R.
Distributing work to a few employees, not just one
No one employee has access to all data. So if someone is sick or on holiday,
someone else can access the data.
Software-based Data Security
Passwords for the system
A password is a combination of characters used to control access to
computers. In a password system, a user has to enter a password or PIN to
gain access to the computer system or unlock encrypted personal data on a
device.
To create a secure password, you need to:
 Make sure it contains a mix of uppercase, lowercase, numbers and
keyboard symbols
 Avoid you name, address, DOB
 Make it a reasonable length (minimum 8 characters long)
Passwords for individual files, folders, apps and websites
You have probably had to login to an app on your smartphone or a website.
This is to protect your personal information that the app or website uses.
You can also do the same with files on your computer to prevent others from
seeing that data.
Multiple levels of passwords can provide entry to different levels of
information in a database or other computer storage system.
Increasingly, companies such as Google™ and Facebook are encouraging
users to use two-factor authentication. This is when you have a second item
that confirms it is you using your password.
Audit trails or access logs
Many companies and governments use intrusion detection systems on their
networks. These and other security software programs can audit computer
use by providing a comprehensive record of all the network or system activity,
including who is accessing what data, when, and how often.
They can also help by providing logs of the individuals who may have used the
network during a specific period of time or accessed a file.
An audit trail can also be used to show when a file has been changed and by
whom.
Encryption
Encryption is encoding (scrambling) data during storage or transmission so that it
cannot be understood by someone who does not have the encryption key or
software to convert it back to its original form.
A key is a randomly generated set of characters that is used to encrypt/decrypt
data. This is a very effective method of preventing unauthorized persons from
stealing, reading or changing data.
Using effective encryption techniques, sensitive valuable information can be
protected against organized criminals, malicious hackers or spies from other
companies or countries.
Encryption
Encryption is used to secure data such as credit card numbers, bank account
information, health information and even personal correspondence that is
transmitted over the internet.
Encryption is one of the most effective methods of securing data against
electronic eavesdropping: the tapping of data transmission line to access data
being transmitted.
Two of the most popular data encryption schemes are PGP (Pretty Good Privacy)
And Triple DES (Data Encryption Standard).
Firewall
A firewall is a program, a hardware device or combination of both that filters the
information coming through your computer system’s or network’s connection to
the internet. It prevents unauthorized users from gaining access. A firewall can
also perform audit and alarm functions that record all access attempts to and
from a network. Three popular firewall software packages are:
 Bitdefender Internet Security 2018
 Kapersky Internet Security 2018
 Norton Security Standard
Firewalls can protect systems from the following dangers:
 Remote login: this is when someone is able to connect to your computer and
control it in some form, ranging from being able to view or access you files to
actually running programs on your computer.
 Spam (electronic junk mail): by gaining access to a list addresses, a person can
send unwanted spam to thousands of users.
 Denial of service: this is an attack that floods a computer or website with data,
causing it to overload and preventing it from functioning properly. This type of
attack is more frequently targeted at businesses, rather than individuals.
 Malware: malicious software (viruses, worms, Trojans, ransomware and bots)
Anti-virus software
Anti-virus software is a special type of software used to remove or inactivate
known viruses from a computer’s hard disk, or USB memory device. It scans the
different storage media looking for known viruses; if viruses are found they are
either removed or quarantined.
These programs can also scan incoming and outgoing email messages to ensure
they do not contain infected data. Anti-virus software should be updated via the
internet regularly.
Typical anti-virus software include: Windows Defender, Symantec Norton
Antivirus, McAfee Antivirus and Bitdefender Antivirus Plus.
MALWARE
Malware is a term used to describe different types of malicious software,
which include:
 viruses,
 worms,
 spyware,
 ransomware,
 Trojans
 bots.
 MALWARE
Criminals may use malware to:
• monitor your online activity in the hope that they can steal some valuable
personal information, such as your credit card details.
• cause damage to the computer or network if it is part of a government or
organization’s network in order to stop them being able to do something.

Malware is often downloaded when someone opens an infected email attachment

or clicks on a suspicious link in an email (phishing).
Malware can also be used to steal your username, password or other information,
which is then forwarded to a third party.
 MALWARE
A worm is a program that uses computer networks and security holes (weaknesses
in a security system) to repeatedly copy itself into a computer’s memory or onto a
magnetic disk, until no more space is left.

A virus is a program purposefully written by someone to activate itself, unknown

to the victim, to destroy or corrupt data. A virus must attach itself to some other
program or document in order to be executed.

Some common types of viruses are:

 File virus – these are viruses that infect program files.
 Email virus – this type of virus comes as either an attachment to an email or as
the email itself. It usually spreads by automatically mailing itself to everyone in
the address book of the victim.
 Trojan Horse – a Trojan horse is a computer program that places destructive
code in programs such as games. When the user runs the game, the hidden code
runs in the background, and it erases the entire hard disk or some programs on
the disk. Unlike worms and viruses, Trojans do not reproduce or do they self-
replicate.
 Boot sector virus – a boot sector virus corrupts or replaces the instructions in
the boot sector, thereby preventing the OS to load properly and the computer
from booting or powering up.
 Ransomware – this is a type of malicious software that threatens to publish the
victim’s data or permanently block access to it unless a ransom is paid. Some
simple ransomware may lock the system in a way that is not difficult for a
knowledgeable person to reverse. More advanced ransomware encrypts the
victim’s files, making then inaccessible, and demands ransom payment to
decrypt them
 Bots – ‘Bot’ is derived from the word ‘robot’ and is an automated process that
interacts with other network services. A typical use of bots is to gather
information, such as web crawlers. A malicious bot is self-propagating malware
designed to infect the host and connect back to a central server or servers that
act as a command and control centre (C&C).
 How viruses are spread
 Unintended download of infected programs and files from the internet
 Opening infected files received through emails
 Unwanted attachments or embedded links in email
 Using a storage medium such as a USB drive or CD that contains infected files
 Self-propagation, which is where malware is able to move itself from computer
to computer or network to network, thus spreading on its own.
 Prevention of and protection against viruses
Some signs that may indicate that system has virus are:
 Weird or obscene messages
 Garbled information
 Incorrect document content
 Missing files and folders
 Your application crashes or hangs when opening documents
 Prevention of and protection against viruses
To protect your system against viruses:
 Install an anti-virus program on your computer
 Do not use storage media from other computers in your computers. If you have
to use them, first run a virus scan to remove any viruses.
 Do not open any email attachments that contain an executable file: these have
file extensions such as .exe, .com, and .vbs.
 Use an OS such as macOS, Linux, UNIX or Windows 10, which has security
features that protect computers from many types of malware.
 DATA PRIVACY
Many businesses, government bodies and other organization hold information on
individuals. Information given to these bodies is given for a specific purpose. In many
cases, the information is personal to the individual and can be valuable to any number
of organisations, not least, commercial organisations that want to approach you directly
to offer a product or service. The ease with which data is stored on databases can be
accessed, cross-referenced and transmitted from one computer to the next in a LAN,
WAN or over the internet, emphases the need for data privacy laws.
 Computer Surveillance
Computer surveillance can involve accessing the storage mechanism of an individuals
computer, or monitoring an individual’s use of a computer, in most cases without their
knowledge. An individual in an organization or government might also be targeted like
this, as once you have access to one computer on a network you can often gain access
to a lot of information on that network. Computer surveillance can be achieved by both
hardware and software methods.
 Computer Surveillance
One hardware method of computer surveillance is keylogging or keystroke logging. A
hardware keylogger is a device that plugs in between your keyboard and your computer.
Once plugged in, all data entered via the keyboard is stored In the keylogger’s memory.

The software method of computer surveillance involved the use of spyware. This type
of software, which is usually secretly installed on a computer, covertly (secretly)
monitors the user’s actions without his or her knowledge. It can save its findings locally
or transmit them to someone else.
Spyware software can be categorized as surveillance spyware and advertising spyware.
 Computer Surveillance
Surveillance spyware can be used by:
 Law enforcement and intelligence agencies, to solve or prevent crimes
 Corporations and companies, to monitor the use of their computer resources for
many different reasons, including to help fix problems.
 Criminals, to acquire passwords and credit card numbers
 Private investigators, hired to spy on individuals or organisations
 Government agencies, to spy on citizens
 Parents, to monitor their children’s use of the computer
 Computer Surveillance
Advertising spyware, also known as adware, is used to gather personal information
about computer users or to show advertisements. Some advertising spyware records
information such as email addresses, web browsing history, online shopping habits,
passwords and other personal information.

Advertising spyware is usually bundled with freeware or shareware, when the

unsuspecting user downloads it from the internet. Freebies such as screen savers,
emoticons and Clipart will sometimes have spyware hiding in them.
 CYBERCRIMES
Cybercrime is an issue that impacts the lives of many people, businesses and
organisations around the world. Cybercrimes are crimes that are directed at other
computers or other devices (for example, hacking), and where computer and other
devices are integral to the offence.
Cybercriminals are individuals or teams of people who use technology to commit
malicious activities on digital systems or networks, with the intention of stealing
sensitive company information or personal data, and generating profit.
 CYBERCRIMES
Common types of cybercrime include:
 Hacking
 Online scams and fraud
 Identity theft
 Attacks on computer systems
 Illegal or prohibited online content

The effect of cybercrime can be extremely upsetting for victims, and not just for
financial reasons. Victims may feel that their privacy has been violated, and that they
are powerless.
 Cyberbullying
Cyberbullying or stalking occurs when someone engages in offensive, menacing or
harassing behavior using electronic means. Although it has become increasingly popular
among teenagers, it can happen to people of any age, at any time, and often
anonymously. Examples of some ways cyberbullying can occur:
 Posting hurtful messages, images or videos online
 Repeatedly sending unwanted messages online
 Sending abusive texts and emails
 Excluding or intimidating others online
 Creating fake social networking profiles or websites that are hurtful
 Nasty online gossip and chat
 Prohibited, obscene, offensive and illegal content
Illegal and prohibited content can be found almost anywhere online: newsgroups,
forums, blogs, social media, peer-to-peer networks, live visual and audio. One of the
major risks of illegal and prohibited content is that it may reach children, for whom such
content can be especially damaging.
In order to keep the internet safe for all users, you should report prohibited online
content. The following types of content may be classified as prohibited, offensive and
illegal:
 Child pornography
 Content showing extreme sexual violence or overtly violent material
 Content that provokes the viewer into committing crimes and terrorism.
 Software, music and video piracy
Piracy is the unauthorized copying, usage or selling of software, music or films that are
copyrighted.
 Licensed-user duplication for unlicensed users
 Pre-installed software – software for 1 PC but installs it on many computers
 Internet piracy – some websites allow users to download unauthorized copies of
software, music or films.
 Counterfeiting – when individuals or companies make illegal copies of software, music
and films and package it to look like the original packaging from the manufacturer.
 Software, music and video piracy
Piracy is an infringement of ownership rights. It is the theft of the work and effort of
another individual or company. Pirated material is theft, and using it is morally wrong.
Some of the reasons why pirated material should not be used are:
 Pirated software may not contain all the elements and documentation of the program
 Pirated software may not have the upgrade options often provided as an add-on in
legitimate software
 Pirated software may have viruses
 Pirated material is illegal
 Income from pirated material is often used to support organized crime.
 Phishing
Phishing refers to attempts by cybercriminals and hackers to trick you into giving away
personal information to gain access to account numbers or to infect your machine with
malware.
How to avoid phishing attempts? Phishing attempts can often get through spam filters
and security software that you may have on your computer.
 Keep an eye out for poor spelling, unexpected urgency or a wrong salutation
 Think twice about clicking a link or opening a document that looks suspicious.
 Double-check that every URL or email address where you enter your password looks
real. If anything raises doubt, delete the communication.
 Hacking
Hacking is the unauthorized accessing of a computer system; the individual who does
this is referred to as a hacker. Hacker may gain access to your computer or device
through security weaknesses, phishing or malware.
Once they have compromised your email, banking or social media accounts, they can
change passwords, preventing you from accessing your accounts.
Hackers are usually excellent computer programmer. Many hackers are young people
who hack into systems just for the challenge or as a prank. Hacking is illegal in many
countries.
 Hacking
The more criminally-minded hackers access computer systems for one or more reasons:
 To steal important and highly confidential information
 To copy computer programs illegally
 To alter data
 To delete data or install a virus to destroy or corrupt it
 To transfer money from one bank account to another using electronic funds transfer
(EFT)
 Internet Fraud
Internet fraud refers generally to any type of fraud scheme that uses one or more
components of the internet – such as chatrooms, email, message boards or websites –
to present fraudulent transactions. Some major types of internet fraud are:
 Online trading schemes – online businesses collects money and does not deliver or
delivers a substandard product.
 Credit Card fraud – this fraud involves setting up temporary bogus businesses on the
internet to lure individuals into giving their credit card numbers.
 Business opportunity / ‘work-at-home’ schemes online – there are many fraudulent
schemes that use the internet to advertise business opportunities. Individuals have to
pay for information and material to start a business or get a job but then don’t
receive any materials, information or job.
 Other Online scams or fraud

There are dishonest schemes that take advantage of unsuspecting people to gain a benefit.
These are often contained in spam or phishing messages. Common online scams include:
 Unexpected prize scams – these scams inform you that you have won a prize and to claim
it you are asked to send money.
 Unexpected money scams – these scams ask you to send money upfront for a product or
reward (inheritance, etc.)
 Threats and extortion scams – these involve scammers sending random death threats via
SMS or email from a supposed hitman, if monies are not paid.
 Identity Theft
Identity theft is a widespread crime that is continually evolving with the constant evolution
of technology and trends. Cybercriminals have a variety of schemes to get hold of your
personal information and use it to steal your money, sell your identity, and commit fraud or
other crimes in your name. Criminals may steal your identity in the following ways:
 Credit card theft – many people use credit cards everywhere, so many people may have
access to an individual’s credit card or the card number. To safeguard against this, e
person should never let their credit card out of their sight during transactions.
 Unsecure websites – whenever you shop or make a transaction online, there is a chance
that an identity thief could intercept your personal information. Make sure the website is
secure; websites with URL beginning with ‘http’ are usually safe (‘s’ means it is secure)
 Identity Theft
 Shoulder surfing – thieves will stand over the shoulder of unsuspecting individuals while
they input their PIN and credit card numbers with the intent to steal the information.
When entering PINs, make sure there is no one looking over your shoulder and cover
your screen with your hand.
 Skimming – this occurs when an identity thief installs an additional device onto an
existing ATM or credit card reader. This device can read your credit card information
including your PIN. If you notice the reader or ATM machine looking different, do not use
the machine.
 Dumpster diving – thieves will go through your trach looking for bills, receipts, credit
card statements and other documents containing you personal information. Shred your
statements or make account numbers illegible when you throw them away.
 Identity Theft
 Mail theft – thieves sometimes steal bank statements or new credit cards directly from
the mailbox. If you notice someone has tampered with your mailbox, contact you local
post office and report the incident to the police.
 Identity Theft
How to protect yourself from identity theft:
 Shred – shred any document s containing personal information before you toss them in
the bin.
 Use secure passwords – be sure to password protect all your devices, and use different
unique, and complicated passwords for each of your online accounts
 Use secure connections – never log in to financial accounts or shop online while using
free public Wi-Fi, and make sure you encrypt and password protect your Wi-Fi at home.
 Monitor – review your credit card reports and bank accounts periodically to look for
suspicious activity and errors that could mean identity theft.
 Detect – use an identity theft detection product that includes identity theft restoration.
 Industrial Espionage
Industrial espionage is when confidential information from within companies and other
commercial organizations is obtained by spying, in an effort to gain some advantage. Spying
is illegal in most countries. Such information may be the design of a new gadget, a list of
unpublished prices, secret recipes, etc.
The spies on the ground are usually employees or on-site contractors. Companies that are
victim of industrial espionage attacks may suffer financial losses as a result of the
usefulness of the information to those spying – for example, if a competitor adjusts their
prices in line with those of its victim, thereby gaining some of their customers.
 Data Theft
Data theft is the unauthorized copying or removal of data from the legitimate owner’s
computer system.

The Dark Net is the term given to parts of the Internet that are kept hidden from the
general public and cannot be accessed by standard search engines such as Google and
Bing. Suspect activities such as computer hacking and fraud take place on Dark Net
websites.
Criminals target computers that store personal or commercial data because this data,
especially in large volumes, has significant economic value in the criminal underworld.
 Denial-of-service Attack
A denial-of-service attack (DOS attack) is a cyber-attack where the intent is to prevent a
service being delivered by the target system.

The attack could be by an individual hacker exploiting a vulnerability in the target system to
gain unauthorized access and so crash the system from within. When the attack is directed
from the outside in, it may be a distributed denial-of-service attack.

A distributed denial-of-service attack (DDOS attack) is a cyber attack during which the
target system is flooded with requests that overload the targeted system. A DDOS attack is
often staged by activists and blackmailers.
 Propaganda
Propaganda is communication of information that is of a biased or misleading nature and
that is aimed at influencing the recipient. Propaganda can be used by many different
organisations, including activist groups, companies, the media and government bodies, for
various purposes.
The content is usually repeated and dispersed over a wide variety of media. Online
platforms such as Facebook, Twitter and YouTube give individuals worldwide reach for their
opinions with very little regulation.
 Personal Security Practices
Protect yourself against cybercrime:
• Beware of scams. If you receive an email or SMS that looks like a scam, delete it. Do not
respond, attempt to unsubscribe, or call any telephone number listed in the message.
Most importantly, do not send any money, credit card details or other personal details to
scammers.
• Use good, cryptic passwords that cannot be easily guessed, and keep your passwords
secret
• Minimise storage of sensitive information
• Do not send personal information such as bank account numbers and credit card
numbers over open Wi-Fi networks.
• Secure laptop computers and mobile devices; lock them up or carry them with you.
 Personal Security Practices
Protect yourself against cybercrime:
 Do not install or download unknown or unsolicited programs or apps.
 Make sure anti-virus and anti-spyware software are up to date.
 Shut down, lock, log off, or put your computer and other devices to sleep before leaving
them unattended, and make sure they require a secure password to start up or wake-up.
 Make back-up copies of files or data you are not willing to use.