SECURITY

LEARNING OUTCOME 01

R.LOGESHVARY AASHA
HND 48 | 2020.09.15
Table of Contents
1. Unauthorized use of System.......................................................................................................................................................2
1.1.1 How to prevent unauthorized computer access.................................................................................................................2
1.2Unauthorized removal or copying of data or code (Data Theft).................................................................................................2
1.2.1How to prevent Data Theft..................................................................................................................................................2
1.3 Natural occurring risk............................................................................................................................................................2
1.3.1 Damage to assess and physical property............................................................................................................................2
1.3.2 Supply chain disruptions.....................................................................................................................................................2
1.Computer Virus....................................................................................................................................................................3
3. ADWARE..............................................................................................................................................................................4
4. SPYWARE.............................................................................................................................................................................4
5. WORM................................................................................................................................................................................. 4
2. Security Procedures.................................................................................................................................................................5
2.1 Types of security policies.......................................................................................................................................................5
Method to assess and treat IT Security risk.....................................................................................................................................7
1. Unauthorized use of System
 At the point when somebody accessed a site, program, server, administration or the again another framework utilized
another person’s record or different strategies. For instance, on the off chance that somebody continued speculating a
secret key or username for a record that was not theirs until they picked it up to get to, it is viewed as an unapproved
get to.

For example Hackers

1.1.1 How to prevent unauthorized computer access

1. Password
2. Install a hardware or software firewall
3. Install antivirus software or spyware protection programs
4. Use cautions when referring emails

1.2Unauthorized removal or copying of data or code (Data Theft)

What is Data Theft?

 Act of stealing information stored on computers, servers or other devices from unknowing victims within intent to
compromise privacy or obtain confidential information.
 It is a growing problem for individual computer users as well as large corporations & organizations.

The common modes of data theft/ unauthorized copying of data

1. Memory Cards.
2. Email
3. Web Mail
4. Printing
5. Remote Access

1.2.1How to prevent Data Theft

1. Restricted access to our sensitive data.
 2. Enforce data privacy controls inside & out.
3. Use strong passwords to protect computers & devices.
4. Install or enable a firewall.
5. Beware of personal devices.

1.3 Natural occurring risk

What is mean by Natural occurring risk?

 Naturally occurring physical phenomena caused either by rapid or slow onset events that can be geographical.

1.3.1 Damage to assess and physical property

 They regularly harm physical resources.
 Company structures and the property might be harmed, or the gear could likewise be destroyed.
1.3.2 Supply chain disruptions
· This indirect organizational loss may be a bit hard to calculate.
· The more corporations rely on supply chains, the greater effect of disruption.
· For example:
· If manufacture relies on the shipment of raw materials, production could be severely delayed if the main road
is washed due to the flood. In turn, this could lead to delayed shipments of finished goods to retailers, which
may even affect contractual obligations. In case if the supply chain is not tightly run & are not as important,
then the damage may not be as severe.

1.Computer Virus
A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the
computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to
infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious
intent and prey on online users by tricking them.

Types of Computer Viruses

most common type of computer viruses here,

1. Boot Sector Virus

2. Direct Action Virus

3. Resident Virus

4. Multipartite Virus

5. Polymorphic Virus

6. Overwrite Virus

7. Space filler Virus

Boot Sector Virus:

This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often
requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus:

This is also called non-resident virus, it is installed or stays hidden in the computer memory. It stays attached to the specific
type of files that it infect. It does not affect the user experience and system’s performance.

Resident Virus:

Unlike direct action viruses, resident viruses are installed on the computer. It is difficult to identify the virus and it is even
difficult to remove a resident virus.

Multipartite Virus:

This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus:

These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses
alters its signature pattern whenever it replicates.

Overwrite Virus

This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and
the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Space filler Virus :

This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not
cause any damage to the file.

2. TROJANS HORSE

Trojan horse is a malicious code or program that developed by hackers to disguise as legitimate software to gain access to
organization’s systems. It has designed to delete, modify, damage, block, or some other harmful action on your data or
network.

How does Trojans horse attack?

The victim receives an email with an attachment file which is looking as an original official email. The attachment file can
contain malicious code that is executed as soon as when the victim clicks on the attachment file.In that case, the victim does
not suspect or understand that the attachment is actually a Trojan horse.

3. ADWARE
Adware is a software program that contains commercial and marketing related advertisements such as display advertisements
through pop-up windows or bars, banner ads, video on your computer screen.Its main purpose is to generate revenue for its
developer (Adware) by serving different types advertisements to an internet user.

How does adware attack?

When you click on that type of advertisements then it redirect you to an advertising websites and collect information from to
you.

It can be also used to steal all your sensitive information and login credentials by monitoring your online activities and selling
that information to the third party.
4. SPYWARE
 Spyware is unwanted types of security threats to organizations that installed in user’s computer and collects sensitive
information such as personal or organization’s business information, login credentials and credit card details without
user knowledge.
 This type of threats monitor your internet activity, tracking your login credentials, and spying on your sensitive
information.

How does spyware install?

It can be automatically installs itself on your computer or hidden component of software packages or can be install as
traditional malware such as deceptive ads, email and instant messages.

5. WORM
Computer worm is a type of malicious software or program that spreads within its connected network and copies itself from
one computer to another computer of an organization.

How does worm spreads?

It can spread without any human assistance and exploit the security holes of the software and trying to access in order to
stealing sensitive information, corrupting files and installing a back door for remote access to the system.

2. Security Procedures
What does a security procedure mean?

 A set of necessary activities performs a specific security task or function.

Procedures were normally designed as a series of steps to follow as a consistent and repetitive approach or cycle to
accomplish a result.
2.1 Types of security policies
1. Acceptable Use Policy – [AUP]
2. Access Control Policy – [ACP]
3. Change Management Policy – [CMP]
4. Information Security Policy – [ISP]
5. Incident Response Policy – [IRP]
6. Remote Access Policy
7. Email/Communication Policy
8. Disaster Recovery Policy
9. Business Continuity Plan – [BCP]

1. Acceptable Use Policy (AUP)

 An AUP stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to
access to the corporate network or the internet.

 It is standard onboarding policy for new employees.

 They are given an AUP to read and sign before being granted a network ID.

 It is recommended that and organizations IT, security, legal and HR departments discuss what is included in this policy.
2. Access Control Policy (ACP)

 The ACP outlines the access available to employees in regards to an organization’s data and information systems.

 Other items covered in this policy are standards for user access, network access controls, operating system software
controls and the complexity of corporate passwords.

 Additional supplementary items often outlined include methods for monitoring how corporate systems are accessed and
used ;( how unattended workstations should be secured ;) and how access is removed when an employee leaves the
organization.

3. Change Management Policy

 A change management policy refers to a formal process for making changes to IT, software development and security
services/operations.

 The goal of a change management program is to increase the awareness and understanding of proposed changes across
an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services
and customers.

4. Information Security Policy

 An organization’s information security policies are typically high-level policies that can cover a large number of security
controls.

 The company to ensure that all employees who use information technology assets within the breadth of the organization,
or its networks, comply with its stated rules and guidelines issues the primary information security policy.

 This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to
the sensitivity of the corporate information and IT assets.

5. Incident Response (IR) Policy

 The incident response policy is an organized approach to how the company will manage an incident and remediate the
impact to operations.

 It is the one policy CISOs hope to never have to use. However, the goal of this policy is to describe the process of handling
an incident with respect to limiting the damage to business operations, customers and reducing recovery time and costs

6. Remote Access Policy

 The remote access policy is a document that outlines and defines acceptable methods of remotely connecting to an
organization's internal networks.

 This policy is a requirement for organizations that have dispersed networks with the ability to extend into insecure
network locations, such as the local coffee house or unmanaged home networks.

7. Email/Communication Policy

 A company's email policy is a document that is used to formally outline how employees can use the business’ chosen
electronic communication medium.
  The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and
unacceptable use of any corporate communication technology.

8. Disaster Recovery Policy

 An organization’s disaster recovery plan will generally include both cybersecurity and IT teams’ input and will be
developed as part of the larger business continuity plan.

9. Business Continuity Plan (BCP)

 The BCP will coordinate efforts across the organization and will use the disaster recovery plan to restore hardware,
applications and data deemed essential for business continuity.

 BCP’s are unique to each business because they describe how the organization will operate in an emergency.

Method to assess and treat IT Security risk

What is meant by risk assessment?

 Identification of hazards that could negatively affect an organization’s ability to conduct business.

We can assess and treat IT security risk for an organization by planning and conducting a risk assessment. Therefore, we can
follow the following steps:

1. Finding all valuable assets

2. Identifying the potential consequences
3. Identify the threats and their level
4. Identifying vulnerabilities and assess the likelihood
5. Assess risks
6. Create a risk management plan
7. Create a strategy
8. Define mitigation processes