Security Introduction Organisations need to be proactive in dealing with security risks such as: Having a policy for handling sensitive data Procedures for reporting security incidents Making staff aware of their responsibilities with respect to information security A company's security policy may include: an Acceptable Use Policy (AUP) a description of how the company plans to educate its employees about protecting the company's assets an explanation of how security measures will be carried out and enforced a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made Acceptable Use Policy (AUP) A user must agree to follow this in order to be provided with access to a network or to the Internet An Acceptable Use Policy (AUP) might include: Not using the service as part of violating any law Not attempting to break the security of any computer network or user Not posting commercial messages to groups without prior permission Computer Related Privacy Issues A password is an un-spaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user A password is typically 8 or more characters long With letters, number and special characters as well as lower and upper cases depending on the system set up Passwords are case-specific/case sensitive Password hints Don't pick a password that someone can easily guess if they know who you are (for example, your National Identity Number, birthday, or maiden name) Do not pick a word that can be found in the dictionary (since there are programs that can rapidly try every word in the dictionary!) Implications of theft of a laptop or mobile phone Misuse of confidential files Loss of files Loss of important contact details Possible misuse of telephone numbers Privacy is infringed Misuse of personal information Access to social media space Access to confidential communication email and such like Different types of ‘virus’ Generally, there are three main classes of viruses: 1. File infectors 2. System or boot-record infectors 3. Macro viruses Real names of ‘viruses’ 1. Trojan horse 5. Malware 2. Worm 6. Adware 3. Ransomware 4. Spyware Virus Point(s) of Entry As a file attached to an e-mail message Via instant messengers On an infected flash As a download via the internet Hackers Anti-virus measures Do not open e-mail attachments unless they are from a trusted source Install a firewall program Buy anti-virus software that can screen e-mail attachments Computer Hacking Ethical hacking Black hat hackers Online security challenges Sniffing Spoofing Snooping Phishing Social engineering How to improve security 1. Intrusion Detection Systems (IDS) 2. Intrusion Prevention Systems (IPS) 3. Firewalls Computer Health and Safety (Ergonomics) Good Working Environment Appropriate positioning of monitors, keyboards and adjustable chairs Use of a mouse mat Common health problems Injuries to wrists caused by prolonged typing (Repetitive Stress Injury - RSI) Eye strain caused by screen glare Back problems associated with poor seating or bad posture Psychological challenges Safety precautions Make sure cables are safely secured Ensure power points are not overloaded Proper lighting Taking of breaks Safe distance from screen Ethical considerations Understand software copyright Copyright issues apply to: Computer software Graphics Text Audio Video Facts themselves are not copyrighted, but how they are presented on a website is Software Shareware Freeware Open source Group Exercise You have been invited to give a presentation. Discuss how you would demonstrate and enhance your credibility as a speaker. [10] Demonstrate the structure of the following documents employed in organisations: Report, Press Release, Memoranda, Circular, Notice [15] Work in groups of not more than 3 Submission: Word processed document and PowerPoint slides
