Health Sciences College at – Aleith  Computer Skills
______________________________________________________________________
Chapter 6. DATA SECURITY
1. Information security
1- Definition
Information Security: The protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and availability.
2- CIA triad Security
The CIA triad of information security was created to provide a baseline standard
for evaluating and implementing information security regardless of the
underlying system and/or organization.
o Confidentiality: Ensures that data or an information system is accessed
by only an authorized person. User Id’s and passwords, access control
lists (ACL) and policy based security are some of the methods through
which confidentiality is achieved.
o Integrity: Integrity assures that the data or information system can be
trusted. Ensures that it is edited by only authorized persons and remains
in its original state when at rest. Data encryption and hashing algorithms
are key processes in providing integrity.
o Availability: Data and information systems are available when required.
Hardware maintenance, software patching/upgrading and network
optimization ensures availability.
1
Health Sciences College at – Aleith  Computer Skills
______________________________________________________________________
3- Malware
Malware is a software used or created to disrupt computer operation, gather
sensitive information, or gain access to private computer systems.
• Types of Malware
o Viruses
o Trojan horses
o Worms
o Spyware
o Zombie
o Spam
o Adware
2
Health Sciences College at – Aleith  Computer Skills
______________________________________________________________________
• Viruses
o A program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes.
o Viruses copy themselves to other disks to spread to other
computers.
o They can be merely annoying or they can be destructive to your files.
• Trojan Horses
o A Trojan horse program has the appearance of having a useful and
desired function.
o A Trojan horse neither replicates nor copies itself, but causes
damage or compromises the security of the computer.
o These are often used to capture your logins and passwords.
• Worms
o A computer worm is a self-replicating computer program.
o It uses a network to send copies of itself to other nodes (computers on
the network) and it may do so without any user intervention.
o It does not need to attach itself to an existing program.
• Spyware
o Spyware is a type of malware installed on computers that collects
information about users without their knowledge.
o The presence of spyware is typically hidden from the user and can
be difficult to detect.
o Spyware programs steal important information, like passwords and
other personal identification information, and then send it off to
someone else.
• Zombie
3
Health Sciences College at – Aleith  Computer Skills
______________________________________________________________________
o Zombie programs take control of your computer and use it and its
internet connection to attack other computers, networks, or to
perform other criminal activities.
• Spam
o Spam is an email that you did not request and do not want. It is a
common way to spread viruses, Trojans Horses, etc.
• Adware
o Adware (short for advertising-supported software) is a type of
malware that automatically delivers advertisements.
o Common examples of Adware include pop-up ads on websites and
advertisements displayed by software.
4- Hackers
• Hackers are attackers who intend to access systems in order to disrupt
information security by either destroying, leaking, modifying or spying
information.
5- Forms of Cyber - Attacks
4
Health Sciences College at – Aleith  Computer Skills
______________________________________________________________________
• The forms of attacks by hackers differ from systems to disrupt information
security. The single penetration may consist of one or more attacks, not
necessarily all of the attacks.
Each penetration process is distinct in itself, depending on the state of the
system and the capabilities of the attacker. The following are some
common forms of cyber-attacks:
o Phishing: Phishing attack is the practice of sending emails that
appear to be from trusted sources with the goal of gaining personal
information.
o Denial-of-service (DoS) and distributed denial-of-service (DDoS)
attacks: A denialof- service attack overwhelms a system’s resources
so that it cannot respond to service requests. A DDoS attack is also
an attack on system’s resources, but it is launched from a large
number of other host machines that are infected by malicious
software controlled by the attacker.
2. Information Protection and privacy
1- Introduction
• Privacy is the claim of individuals, groups, or institutions to determine for
themselves when, how, and to what extent information about them is
communicated to others.
• In our digital age today, infringing on your privacy and identity on the
Internet is one of the most important threats facing network/Internet users.
As we are always close to our homes in order to preserve our privacy, we
must take care of our privacy on the Web. Today, computers, mobile
phones, and Internet space are among the most important areas of
privacy.
2- Privacy threats
5
Health Sciences College at – Aleith  Computer Skills
______________________________________________________________________
• Companies and data collection
• Privacy in social media
• Electronic Bullying
• Stealing and losing devices (PCs, Smartphones)
• Online identity theft
3- How can you prevent?
▪ Install protection software.
▪ Be careful when working with files from unknown or questionable sources.
▪ Do not open e-mail if you do not recognize the sender.
▪ Download files only from reputable Internet sites.
▪ Install firewall.
▪ Scan your hard drive for viruses monthly.
6