APPLY SECURITY MEASURES TO DATA, HARDWARE, SOFTWARE IN

AUTOMATED ENVIRONMENT
Apply security measures to data, hardware, software in automated environment

Learning Activities Special Instructions

Classify data security and privacy Computer software

(confidentiality of data, cloud and hardware to be
computing) in accordance with the prevailing provided.
technology.
2.2. Apply security threats (cyber terrorism,
hacking) and control
measures (counter measures against cyber
terrorism, risk Activities may be
reduction, risk management, pass wording) in carried out in groups
accordance with or individually.
laws governing protection of ICT.
2.3. Detect computer threats and crimes.
2.4. Undertake protection against computer
crimes in accordance
with laws governing protection of ICT.

Data security is a process of making sure data are available only to those who need to use it for
a legitimate purpose. Controlling access to data helps ensure privacy and is required according to
federal agency policies and regulations.
Definition of key terms
Data: This is the information that has been translated into a form that is efficient for movement
or processing.
Data privacy /Information privacy: It is the aspect of information technology that deals with
the ability of an organization or individual to determine what data in a computer system can be
shared with third parties.
Security threats: This is the process of an illegal entity gaining access to a company’s data or
information.
Control measures: This is any measure taken to eliminate or reduce the risk of security threats.
These are illegal users who use many different methods to lure you into parting with your
confidential personal or business information.
Vulnerability is a weakness which allows an attacker to reduce a system's information
assurance.
A backdoor in a computer system, is a method of bypassing normal authentication, securing
remote access to a computer, obtaining access to plaintext, and so on, while attempting to
remain undetected.
Data Security and Privacy Are Classified in Accordance with the Prevailing Technology
Data security privacy is the aspect of information technology that deals with the ability of an
organization or individual to determine what data in a computer system can be shared with third
parties.
Data security ensures that the data is accurate and reliable, and it is available when those
with authorized access need it.
data security policy is simply the means to the desired end which is data privacy.
Challenges to big data security and privacy
•  Securing and protecting data in real time: Due to large amounts of data generation,
most organizations are unable to maintain regular checks. However, it is most beneficial
to perform security checks and observation in real time or almost in real time.
•  Data provenance: To classify data, it is necessary to be aware of its origin in order to
determine the data origin accurately, so that authentication, validation and access control
can be gained.
• Protecting access control method communication and encryption: A secured data storage
device is an intelligent step in protecting the data. Yet, because most often data storage
devices are vulnerable, it is important to encrypt the access control methods as well.
Security Threats
threat is a possible danger that might exploit a vulnerability to breach security and therefore
cause possible harm
Classification of security threats
•  Classification according to type
•  Physical damage: For example, fire, floods
•  Natural events: For example, climate, volcanic
•  Compromise of information: Via eavesdropping, theft of media
•  Technical failures: For example, equipment, software
•  Compromise of functions and errors in use, abuse of rights
•  Classification according to origin
•  Deliberate: Aiming at information asset e.g. spying, illegal processing of data
•  Accidental: For example, equipment failure, software failure
•  Environmental: For example, natural event, loss of power supply
•  Negligence: Known but neglected factors compromising the network safety and
sustainability.
Counter measures against physical attacks
If a potential malicious actor has physical access to a computer system, they have a greater
chance of inflicting harm upon it. We can use the following counter measures:
i.Electronic destruction devices: Devices such as USB killer may be used to
damage or render completely unusable anything with a connection to the
motherboard of a computer. Without paper destruction, these devices may result in
the destruction of ports and anything physically connected to the device attacked
e.g. monitors.
ii. Hard drives and storage: If the data of a storage device is in use and must be
secured, one can use encryption to encrypt the content of a storage device or even
encrypt the whole storage device. The device can be unlocked by a password,
biometric authentication, a network interchange or any combination thereof. The
process of adding physical barriers to the storage device is not to be neglected.
Locked cases or physically hidden drives with a limited number of personnel with
knowledge and access to the keys or locations may prove to be a good first line
against physical theft.
Computer Threats and Crimes Are Detected
Computer threats refer to any potential danger that can harm a computer system, its data, or
disrupt its normal operations. These threats can be intentional, like malware attacks, or
accidental, such as hardware failures. They often exploit vulnerabilities in software or systems to
compromise security, privacy, and functionality.
Common Types of Computer Threats:
Malware (short for malicious software) refers to any software specifically designed to harm,
exploit, or otherwise compromise a computer system, network, or device. Malware can infiltrate
systems, damage files, steal sensitive information, and allow unauthorized access to users'
devices.
1. Virus
What It Is: A virus is a type of malware that attaches itself to legitimate programs or files and
replicates when the host program is executed.
How It Spreads:
Viruses can spread via email attachments, downloads, infected USB drives, or shared files on
networks.
Once activated, the virus can infect other files or systems, making it a persistent threat.
Effect:
Corruption or deletion of files.
Slowing down or crashing the infected system.
Stealing personal information, spreading to other devices, and more.
Example: The ILOVEYOU virus, a famous virus from 2000, spread through email attachments
and caused millions of dollars in damages by overwriting system files and replicating itself.
2. Worm
What It Is: Worms are self-replicating malware that can spread without needing to attach to a
host program or require any user intervention.
How It Spreads:
Worms typically exploit vulnerabilities in network protocols or software. They can spread via
email, instant messaging, or network shares.
They often move from one system to another, automatically copying themselves across
networks.
Effect:
Network congestion and system slowdowns due to excessive self-replication.
The creation of backdoors for further malware or remote control.
Example: The SQL Slammer Worm spread rapidly across the internet in 2003, slowing down
global internet traffic and crashing servers.
3. Trojan Horse
What It Is: Trojans are malicious programs that disguise themselves as legitimate software,
tricking users into installing them.
How It Spreads:
Trojans often masquerade as harmless files, like utility software or games, enticing users to
download and install them.
They can also be hidden in email attachments or downloaded from compromised websites.
Effect:
Trojans can open a "backdoor" in the system, allowing hackers to control the infected machine,
steal data, or install additional malware.
Data theft, such as passwords, banking information, and sensitive files, is common.
Example: The Zeus Trojan is notorious for stealing sensitive banking information by logging
keystrokes and intercepting online transactions.
4. Ransomware
What It Is: Ransomware is a type of malware that encrypts the victim's files and demands
payment (usually in cryptocurrency) for the decryption key.
How It Spreads:
Ransomware is typically spread via phishing emails containing malicious attachments or links.
It can also be distributed through exploit kits, unpatched vulnerabilities, or compromised
websites.
Effect:
It locks users out of their systems or encrypts their data, rendering the files unusable until the
ransom is paid.
If the ransom is not paid, the data may remain inaccessible or be permanently deleted.
Example: The WannaCry Ransomware Attack of 2017 affected hundreds of thousands of
computers worldwide by exploiting a Windows vulnerability, encrypting files, and demanding
bitcoin payments.
5. Spyware
What It Is: Spyware is a type of malware that secretly monitors and collects user information
without their consent.
How It Spreads:
It can be bundled with legitimate software downloads or installed through vulnerabilities in web
browsers or operating systems.
Spyware often runs silently in the background, collecting data such as browsing habits,
keystrokes, and passwords.
Effect:
Data theft, identity theft, and tracking of user activities, including online transactions.
Some spyware can also slow down systems by consuming resources as it collects and transmits
information.
Example: Keyloggers are a form of spyware that record keystrokes to steal passwords and other
sensitive information.
6. Adware
What It Is: Adware is malware that automatically displays or downloads unwanted
advertisements on a user’s device.
How It Spreads:
Adware is often bundled with free software or downloaded from shady websites.
While some adware is relatively harmless, displaying annoying pop-up ads, others can track
browsing behavior or download additional malware.
Effect:
Excessive pop-up ads can slow down system performance and interfere with normal use.
It can also collect user data for targeted advertising, sometimes violating privacy regulations.
Example: Fireball Adware hijacked browsers to display intrusive ads, track web usage, and even
install additional spyware.
7. Rootkits
What It Is: Rootkits are a type of malware that provides unauthorized users with root or
administrative access to a computer, often hiding their presence and activities from the operating
system.
How It Spreads:
Rootkits can be installed by exploiting vulnerabilities in software or hardware or through
malicious downloads.
They are often used by attackers to maintain long-term access to systems without being detected.
Effect:
Rootkits allow attackers to control systems, steal data, disable security measures, or deploy
further malware.
Since rootkits operate at a deep level in the system, they can be difficult to detect and remove.
Example: The Stuxnet worm used a rootkit to remain undetected as it attacked Iran’s nuclear
facilities, demonstrating the potentially devastating effects of rootkits.
8. Bots and Botnets
A bot is malware that infects a system and connects it to a larger network (botnet) controlled by a
hacker, often for coordinated attacks.
How It Spreads:
Bots can be distributed via phishing attacks, drive-by downloads, or compromised websites.
Once a computer is part of a botnet, it can be remotely controlled to perform tasks without the
owner’s knowledge.
Effect:
Botnets are often used for large-scale malicious activities like Distributed Denial of Service
(DDoS) attacks, sending spam, or launching phishing campaigns.
They can cause severe system slowdowns as they hijack resources for these tasks.
Example: The Mirai Botnet famously took down major websites in a massive DDoS attack in
2016 by leveraging hundreds of thousands of IoT devices.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks:
Definition: Flooding a system or network with excessive traffic to make it unavailable to users.
Example: Overloading a website’s server, causing it to crash and become inaccessible.
Man-in-the-Middle (MitM) Attacks:
Definition: An attacker intercepts communication between two parties to steal or alter
information.
Example: Eavesdropping on unencrypted Wi-Fi networks to steal sensitive data.
Social Engineering:
Definition: Manipulating people into divulging confidential information.
Example: A hacker impersonating an IT support technician to gain access to company
passwords.
Zero-Day Exploits:
Definition: Attacks that target unknown vulnerabilities in software, often before developers can
issue a fix.
Example: A new software bug being exploited by hackers before the vendor releases a patch.
Prevention and Protection Against Computer Threats
Preventive measures are critical for safeguarding computer systems and networks from various
threats. These measures aim to minimize vulnerabilities and reduce the likelihood of attacks.
Here’s a more detailed look at key preventive strategies:
Counter measures to security threat
A counter measure is an action, device, procedure or technique that reduces a threat, a
vulnerability or an attack by eliminating or preventing it, by minimizing the harm it can
cause or by discovering and reporting it so that corrective action can be taken.
1. Installing and Updating Antivirus Software
Purpose: Antivirus software is designed to detect, block, and remove malware such as viruses,
worms, ransomware, and trojans.
How It Works:
It scans files, emails, and websites for known threats.
Antivirus programs maintain a database of known malware signatures and heuristics, which is
updated regularly to stay effective against new threats.
Best Practices:
Regularly update antivirus software to ensure it can detect the latest threats.
Perform scheduled scans of your computer to catch any hidden malware.
2. Using Firewalls
Purpose: A firewall acts as a barrier between your computer or network and the internet,
monitoring and controlling incoming and outgoing traffic based on predefined security rules.
How It Works:
Firewalls filter data packets, blocking unauthorized access while allowing legitimate
communication.
They can prevent external attackers from accessing your system and can also block malicious
internal processes.
Best Practices:
Enable firewalls on all devices, including computers, routers, and smartphones.
Use both hardware (network) firewalls and software (on-device) firewalls for layered protection.
3. Regularly Updating Software and Patching Vulnerabilities
Purpose: Software updates and patches address vulnerabilities that cybercriminals could exploit
in operating systems, applications, or firmware.
How It Works:
Software developers release updates that include fixes for bugs, security vulnerabilities, and
performance improvements.
Failing to update leaves systems exposed to zero-day exploits and other attacks targeting known
flaws.
Best Practices:
Enable automatic updates for your operating system and critical applications.
Regularly check for updates in less frequently used software and devices (e.g., IoT devices).
Prioritize patching any software with known security issues.
4. Using Strong Passwords and Multi-Factor Authentication (MFA)
Purpose: Strong passwords and MFA reduce the risk of unauthorized access to accounts and
systems.
How It Works:
Strong Passwords: Use complex combinations of letters, numbers, and special characters. Avoid
using easily guessed information like birthdates or common words.
MFA: This adds an additional layer of security, requiring users to provide two or more
verification factors (e.g., a password and a one-time code sent to a mobile device).
Best Practices:
Use unique passwords for different accounts and change them regularly.
Implement password managers to generate and store strong passwords securely.
Enable MFA, especially for sensitive accounts like banking, email, and company logins.
5. Backing Up Data Regularly
Purpose: Regular backups ensure that critical data can be recovered in the event of a malware
attack (e.g., ransomware), hardware failure, or accidental data loss.
How It Works:
Data can be backed up to external drives, cloud services, or network-attached storage (NAS).
Backups ensure that in the event of an attack or system failure, you can restore your files without
paying a ransom or suffering permanent data loss.
Best Practices:
Automate backups to run on a daily, weekly, or monthly basis.
Store backups in secure, separate locations from the primary data (e.g., offsite or in the cloud).
Test backups periodically to ensure data can be successfully restored.
6. Avoiding Phishing Scams and Suspicious Links
Purpose: Phishing is a common method for attackers to steal sensitive information like
passwords, credit card numbers, and personal data.
How It Works:
Phishing attacks usually come in the form of fake emails or websites that mimic legitimate
sources, prompting users to provide confidential information.
Best Practices:
Be cautious with unsolicited emails, particularly those asking for personal information.
Check the email sender’s address for legitimacy and scrutinize links before clicking.
Use anti-phishing filters in your browser and email client to detect and block phishing attempts.
7. Implementing Encryption
Purpose: Encryption protects sensitive data by converting it into a coded format that can only be
decrypted by authorized users.
How It Works:
Files, emails, or entire systems can be encrypted using specific algorithms, making the data
unreadable to anyone without the decryption key.
Best Practices:
Encrypt sensitive files, especially when transferring them over the internet or storing them on
cloud services.
Use full-disk encryption tools like BitLocker (Windows) or FileVault (Mac) to protect data
stored on your computer.
8. Educating Users on Security Best Practices
Purpose: Human error is often a weak point in system security, so educating users about the
importance of cybersecurity can reduce risk.
How It Works:
Regular training on recognizing phishing emails, safe browsing habits, and proper use of work-
related systems reduces the likelihood of successful attacks.
Best Practices:
Conduct regular security awareness programs and phishing simulations.
Provide clear instructions on how to report suspicious activity.
Encourage employees or users to use secure internet practices, such as using VPNs when
working remotely.
9. Using Virtual Private Networks (VPNs)
Purpose: A VPN encrypts internet traffic, making it difficult for cybercriminals or other entities
to intercept and monitor your online activities.
How It Works:
VPNs create a secure, encrypted tunnel between your device and the internet, protecting data
from being eavesdropped on, especially on public Wi-Fi networks.
Best Practices:
Use VPNs when accessing sensitive information over public or unsecured networks.
Choose reputable VPN services that don’t log or track user activity.
10. Disabling Unnecessary Services and Features
Purpose: Unnecessary services or features on devices can create vulnerabilities if left enabled,
making it easier for attackers to exploit them.
How It Works:
Services like file sharing, remote desktop access, and Bluetooth can be entry points for
cybercriminals if not secured properly.
Best Practices:
Disable unused services or features in your operating system or applications.
Regularly review device settings to limit exposure to security risks.
By combining these preventive measures, users and organizations can significantly reduce their
exposure to various computer threats and safeguard their data, networks, and systems.
principles of security

principles of security are foundational guidelines that ensure the confidentiality, integrity, and
availability of data, systems, and networks. These principles are vital for establishing a secure
environment to protect against threats, unauthorized access, and data breaches. Below are the
core principles:

1. Confidentiality

• Definition: Ensuring that sensitive information is only accessible to authorized

individuals or systems.
• How It Works: Confidentiality is maintained through methods like encryption, access
controls, and authentication. This prevents unauthorized disclosure of information.
• Example: Encrypting a message so that only the intended recipient can read it.

Techniques:

• Encryption: Transforming data into unreadable text unless the correct decryption key is
provided.
• Access Control: Ensuring that only authorized individuals have access to certain data or
resources.
• Authentication: Using mechanisms like passwords, biometrics, or multi-factor
authentication (MFA) to verify user identities.
2. Integrity

• Definition: Ensuring that data or systems are accurate, consistent, and not altered by
unauthorized individuals.
• How It Works: Integrity ensures that any modification to data is made only by authorized
entities, and any unauthorized changes can be detected.
• Example: Ensuring the contents of a financial report have not been tampered with after
creation.

Techniques:

• Hashing: Using algorithms to produce a fixed-size output (hash) that can verify data
integrity. If the data changes, the hash will also change, signaling tampering.
• Checksums: A method to detect errors in data transmission by verifying the integrity of
data before and after transfer.
• Digital Signatures: Ensuring that a document or message is not altered by applying a
unique, verifiable signature.

3. Availability

• Definition: Ensuring that systems, services, and data are available to authorized users
when needed.
• How It Works: Availability focuses on minimizing downtime, preventing service
disruptions, and ensuring reliable access to resources.
• Example: Keeping a website accessible 24/7 through redundancy and disaster recovery
mechanisms.

Techniques:

• Redundancy: Having backup systems in place (e.g., duplicate servers, storage) to ensure
continuous service in case of failure.
• Disaster Recovery: Implementing plans and procedures to recover data and services after
incidents such as natural disasters or cyberattacks.
• DDoS Mitigation: Using tools and techniques to prevent or minimize the impact of Distributed
Denial of Service (DDoS) attacks.
4. Authentication

• Definition: Verifying the identity of users, devices, or systems to ensure that they are who they
claim to be.
• How It Works: Authentication is often achieved using credentials like passwords, biometrics, or
digital certificates. This prevents unauthorized individuals from accessing systems or data.
• Example: Logging into a system with a unique username and password, which is verified by the
system.

Techniques:

• Passwords: Basic form of authentication requiring users to enter a secret string of characters.
• Multi-Factor Authentication (MFA): Requiring two or more verification methods, such as a
password and a one-time code sent to a mobile device.
• Biometrics: Using unique biological characteristics (e.g., fingerprints, face recognition) for
identity verification.

5. Authorization

• Definition: Granting or denying specific permissions to authenticated users based on their identity or
role within the system.
• How It Works: After authentication, authorization controls what resources or actions users are
allowed to access or perform.
• Example: A manager having access to payroll data while a regular employee can only access
their personal records.

Techniques:

• Role-Based Access Control (RBAC): Assigning permissions based on the role a user plays in
the organization.
• Discretionary Access Control (DAC): Giving resource owners control over who can access their
resources.
• Mandatory Access Control (MAC): Enforcing strict, system-enforced access controls based on
policies, such as security clearances.