Security Threats and Controls

Security Threats and Controls

By the end of the lesson you should be able to: Define data security Identify security threats and control measures

Data Security refers to the process of protecting computer hardware, software, and communication systems against unauthorized access, destruction, or even modification

Control refers to procedure, action, device, or technique that reduces or eliminates the vulnerability of an information system

Data Security Principles

These are also known as information security triads. They include Confidentiality, Integrity, and Availability.

Confidentiality refers to the ability of a system to ensure that the information system is only accessed or disclosed to authorized parties.

Integrity ability of a system to ensure that can only be modified or altered by authorized parties

Availability ability of a system to ensure that information system assets are usable by and accessible to all authorized parties

Other Pillars of Data Security

  • Authentication
  • Nonrepudiation
  • Auditability

Security Threats and Control Measures

A threat refers to a set of circumstances that has the potential to cause loss or harm to information or information system gadgets. Threats mostly exploit a vulnerability (weakness) in an information system. Vulnerability is a weakness in the system.

Threats from System Failure

  • Hardware failure due to improper use
  • unstable power supply
  • network breakdown
  • natural disaster
  • storage failure
  • exploits

Threats from Malicious Programs

  • bootsector viruses
  • file viruses
  • hoax viruses
  • trojan horse
  • worms
  • Backdoors