Week 2:

What is Computer Security? Definition and Basics

COMPUTER SECURITY
Computer security involves controls to protect computer systems, networks, and data from breach,
damage, or theft.
Defining Computer Security
If you want a computer to be perfectly secure, you could fill it with concrete and dump it in the ocean. This
would protect any information on the computer from inappropriate use. Unfortunately, the computer would
be completely unusable, so you probably don't want to do that! Since you want to use and keep your
computer safe, you should practice good computer security. Computer security allows you to use the
computer while keeping it safe from threats.
Computer security can be defined as controls that are put in place to provide confidentiality, integrity, and
availability for all components of computer systems. These components include data, software, hardware,
and firmware. This is a complex definition. Let's illustrate the definition by showing you a day in the life of
Samantha, a security manager just hired for a small company. The company doesn't have any computer
security yet, so she knows to start with the very basics.
Components of Computer Systems
Samantha's first order of business is learning about the components of the computer systems she needs to
protect. She asks the IT manager what kind of hardware, firmware, and software the company uses.

• Hardware is the physical part of

the computer, like the system memory
and disk drive.

• Firmware is the permanent

software that runs the processes of the
computer and is mostly invisible to the
user, like the start-up functions that
make elements of the hardware work
together.

• Software is the programming

that offers services to the user and
administrator. The operating system,
word processor, computer games, and
Internet browser are all examples of
software commonly found on a
computer.

these components tell Samantha what

hardware, software, and firmware she must
protect.
She doesn't know what types of data she'll
need to protect yet, but Samantha will work
with people across the company to learn what
information is stored and processed in the
computer systems. Samantha knows that
she'll have to learn about which data is
important to the company, and she'll have to
protect its confidentiality, integrity, and
availability.

What is an Information Security Assurance?

Information assurance and security is the management and protection of knowledge, information, and data.
It combines two fields: Information assurance, which focuses on ensuring the availability, integrity,
authentication, confidentiality, and non-repudiation of information and systems. Information security,
centers on the protection of information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability.

The CIA Triad

For confidentiality, she'll have to ensure that information

is available only to the intended audience. That
confidentiality includes the privacy of information that may
be personal and sensitive. Protecting the data's integrity
is also a concern. The company needs certainty that
information does not become inaccurate because of
unintended changes. Finally, she'll work with the IT
manager to protect the data's availability or the ability for
allowed persons to access the computer and its information whenever necessary. The protection of these
qualities is her top goal as a security manager. These qualities are called the CIA triad.
In summary, the CIA Triad:

• Confidentiality is ensuring that information is available only to the intended audience

• Integrity is protecting information from being modified by unauthorized parties
• Availability is protecting information from being modified by unauthorized parties

Computer Security Controls

In simple language, computer security is making sure information and computer components are usable but still
protected from people and software that shouldn't access or change it. The protection comes from controls or
technical, physical, and procedural choices that limit access to the computer components.
Samantha knows that controls for computer security could include virus protection, locked computer cabinets,
and regular review of the people with access to the computer. She'll have to choose controls for computer
security carefully to align the necessary user access with the minimum amount of unnecessary ability.
Samantha spends her first few weeks as security manager learning about the computer systems, data, and
security needs of her company. She learns about the function each department performs and the ways that they
use computers. When she understands the company's use of technology, she is ready to start adding computer
security controls for the company.
In simple language, computer security is making sure information and computer components are usable but still
protected from people or software that shouldn’t access it or modify it.
Selecting Appropriate Controls
So how can Samantha start putting computer security in place? First, Samantha considers the threats to
the computers and the CIA triad of their data. These threats help her determine which controls are needed
to protect the computer system and its data.

She also must determine other needed controls that are dictated by laws applicable to the information. For
instance, credit card information must be protected according to the rules of Payment Card Industry
standards. Some personal health information must be protected according to the rules of the Health
Insurance Portability and Accountability Act.

Once she knows the threats, Samantha makes security choices according to the difficulty and cost to put
them in place. She may also choose a control based on the amount of threat it can prevent. She chooses to
start with controls that are simple to implement and inexpensive, such as virus protection and software
security updates.

Samantha knows that all companies need these types of security, and they prevent some very large
security headaches. She also considers stronger controls that could be useful in protecting very private
information but cost more or are difficult to implement, and she makes a note to research if they are
necessary for her company.

Samantha also makes up a schedule to test the computer security controls when they are installed. She
has had bad experiences in the past where virus protection software installation failed and no one realized
it. At another workplace, the IT manager turned automatic security updates off!

From these experiences, she knows that computer security measures should be tested when put in place
to make sure they are working and then re-tested on a regular schedule to determine if they are still in
place and functioning correctly. This is called an audit of the security controls, and her audit schedule is a
way to keep security in place as a computer system changes throughout its life cycle.

Samantha spends two months implementing basic computer security controls across the company and
putting an audit schedule together. There are other types of security she thinks would be a good idea, so
she grabs a marker for her whiteboard and starts brainstorming the best choices for her budget.
Other Components Information Security Assurance?

The components of Information Security Assurance are confidentiality, integrity, availability, authenticity
and non-repudiation; where:
Confidentiality refers to the concealment. It means that the information is visible to the authorized eyes
only. Keeping the information from unauthorized viewers is the first step to information security. This
component gains importance, especially in fields that deal with sensitive information like social security
numbers, addresses, and such.
Integrity means the ‘originality’ of the information. This component aims to make sure that the information
is intact and unaltered. As a result, assuring that the information is not altered by mistake, malicious action
or even a natural disaster falls within the scope of integrity.
Availability of the information is a pretty straightforward concept. It refers to having access to the
information when needed. Availability gains additional importance because of the malicious attacks that aim
to hinder authorized users from accessing the data.
Additional components are:
Authenticity refers to the state of being genuine, verifiable, or trustable. Accountability, on the other
hand, refers to the ability to trace back the actions to the entity that is responsible for them. It is especially
important for fault isolation, detection, nonrepudiation, and deterrence.
Why is computer security important?
The Internet has transformed our lives in many good ways. Unfortunately, this vast network and its
associated technologies also have brought in their wake, the increasing number of security threats. The
most effective way to protect yourself from these threats and attacks is to be aware of standard
cybersecurity practices.
There are various types of computer security which is widely used to protect the valuable information of an
organization.

What is Computer Security and its types?

One way to ascertain the similarities and differences in Computer Security is by asking what is being
secured. For example,

• Information security is securing information from unauthorized access, modification & deletion
• Application Security is securing an application by building security features to prevent Cyber Threats
such as SQL injection, DoS attacks, data breaches, etc.
• Computer Security means securing a standalone machine by keeping it updated and patched
• Network Security is by securing both the software and hardware technologies
• Cybersecurity is defined as protecting computer systems, which communicate over the computer
networks
It’s important to understand the distinction between these words, though there isn’t necessarily a clear
consensus on the meanings and the degree to which they overlap or are interchangeable.
So, Computer security can be defined as controls that are put in place to provide confidentiality, integrity,
and availability for all components of computer systems.

Lesson Summary
Let's review. Computer security is the process of making sure all parts of a computer system are
protected appropriately and yet still perform their purpose. Computer security requires an understanding of
the system usage and confidentiality, integrity, and availability requirements. When these qualities are
understood, controls can be chosen to fulfill the protection and legal requirements for the computer system.
To keep the system secure, security teams should perform regular tests of installed controls.
In simple language, computer security is making sure information and computer components are usable but
still protected from people or software that shouldn’t access or modify it.
 The extent of responsibilities in computer security, also known as cybersecurity, can vary based on the
specific role and organizational structure. However, here is a comprehensive list of responsibilities
commonly associated with professionals working in computer security:
1. Risk Assessment:
• Identify and assess potential security risks to computer systems, networks, and data.
• Conduct regular risk assessments to stay ahead of evolving threats.
2. Security Policy Development:
• Develop and implement security policies, procedures, and guidelines to ensure compliance with
industry standards and regulations.
3. Access Control:
• Manage and control user access to computer systems and networks.
• Implement and maintain strong authentication mechanisms.
4. Incident Response:
• Develop and implement incident response plans to promptly address security breaches or incidents.
• Conduct post-incident analysis to identify vulnerabilities and improve future response strategies.
5. Vulnerability Management:
• Regularly assess and address vulnerabilities in hardware, software, and network infrastructure.
• Apply security patches and updates promptly.
6. Security Awareness Training:
• Conduct security awareness programs to educate employees and users about potential threats and
best practices.
• Foster a security-conscious culture within the organization.
7. Security Auditing and Monitoring:
• Monitor network traffic and system logs for unusual or suspicious activities.
• Conduct regular security audits to ensure compliance and identify potential weaknesses.
8. Security Architecture Design:
• Design and implement secure network architectures and infrastructure.
• Work with development teams to integrate security into applications and systems.
9. Encryption:
• Implement and manage encryption mechanisms to protect sensitive data in transit and at rest.
10. Firewall and Intrusion Detection/Prevention Systems:
• Configure and manage firewalls to control and monitor network traffic.
• Implement and maintain intrusion detection/prevention systems to identify and respond to malicious
activities.
11. Security Incident Investigation:
• Investigate security incidents to determine the root cause and implement corrective actions.
• Work closely with law enforcement or other relevant entities in the case of cybercrime.
12. Security Testing:
• Conduct penetration testing and vulnerability assessments to identify and remediate weaknesses.
• Perform security code reviews for applications.
13. Mobile Device Security:
• Implement security measures for mobile devices, including smartphones and tablets.
• Enforce mobile device management policies.
14. Cloud Security:
• Ensure the security of data and applications hosted in cloud environments.
• Implement cloud security best practices and compliance measures.
15. Regulatory Compliance:
• Stay informed about relevant laws, regulations, and industry standards related to cybersecurity.
• Ensure the organization's compliance with applicable regulations.
16. Security Reporting:
• Prepare and present regular security reports to management, highlighting key metrics and trends.
17. Collaboration with IT and Development Teams:
• Collaborate with IT and development teams to integrate security measures into the development
lifecycle.
18. Threat Intelligence Analysis:
• Stay updated on the latest cybersecurity threats and vulnerabilities.
• Analyze threat intelligence to defend against emerging threats proactively.
19. Disaster Recovery and Business Continuity:
• Develop and maintain plans for disaster recovery and business continuity in the event of a security
incident.
20. Emerging Technologies Evaluation:
• Evaluate and assess the security implications of new and emerging technologies.
• Advise on the adoption of secure technologies.
These responsibilities highlight the diverse and critical role that computer security professionals play in
safeguarding organizations against cyber threats. Depending on the organization's size and structure,
these responsibilities may be distributed among different roles or concentrated within a dedicated
cybersecurity team.
Threat Categories:

Computer security involves protecting computer systems, networks, and data from various threats. Threats
in computer security can be categorized into different types based on their nature and intent. Here are
some common threat categories:
1. Social Engineering Attacks
a. Manipulation: Techniques to manipulate individuals into divulging confidential information or
performing actions that compromise security.
Common cyber threats that leverage social engineering tactics to gain access to sensitive information.
While most of these attacks occur online, several can rear their heads in physical spaces like offices,
apartment buildings, and cafes.
Phishing
The most pervasive way of implementing social engineering, hackers will use
deceptive emails, websites, and text messages to steal sensitive personal or
organizational information from unsuspecting victims.
Despite how well-known phishing email techniques are, 1 in 5 employees still
click on those suspicious links
Spear Phishing
This email scam is used to carry out targeted attacks against individuals or businesses. Spear phishing is
more intricate than your average mass phishing email, as it requires in-depth research on potential targets
and their organizations
Baiting
This type of attack can be perpetrated online or in a physical
environment. The cyber criminal usually promises the victim a
reward in return for sensitive information or knowledge of its
whereabouts.
Malware
A category of attacks that includes ransomware, victims are
sent an urgently worded message and tricked into
insta
lling
mal
ware on their device(s).
Ironically, a popular tactic is telling the victim that
malware has already been installed on their
computer and that the sender will remove the
software if they pay a fee.
• Viruses: Programs
that attach themselves to other
programs and spread when those
programs are executed.

• Worms: Self-replicating programs that

spread across networks and systems without user
intervention.
 • Trojans: Malicious software disguised as legitimate
programs, tricking users into installing them.

Pretexting
This attack involves the perpetrator assuming a
false identity to trick victims into giving up
information. Pretexting is often leveraged
against organizations with an abundance of
client data, like banks, credit card providers, and
utility companies.

Quid Pro Quo

This attack centers around an exchange of
information or service to convince the victim to
act. Normally, cyber criminals who carry out
these schemes don’t do advanced target
research and offer to provide “assistance,”
assuming identities like tech support
professionals.

Tailgating:
This attack targets an individual who can give a criminal
physical access to a secure building or area. These
scams are often successful due to a victim’s misguided
courtesy, such as if they hold the door open for an
unfamiliar “employee.”
 Vishing
In this scenario, cyber criminals will leave urgent
voicemails to convince victims they must act quickly to
protect themselves from arrest or another risk. Banks,
government agencies, and law enforcement agencies
are commonly impersonated personas in vishing scams.

Water-Holing
This attack uses advanced social engineering
techniques to infect a website and its visitors with
malware. The infection is usually spread through a
website specific to the victims’ industry, like a popular
website that’s visited regularly.

2. Denial of Service (DoS) and Distributed

Denial of Service (DDoS) Attacks:
• DoS Attacks: Overloading a system, service, or network to make it unavailable to users.
• DDoS Attacks: Coordinated attacks from multiple sources to overwhelm and disrupt a
target.
3. Man-in-the-Middle (MitM) Attacks:
• Eavesdropping: Interception of communication between two parties without their
knowledge.
• Session Hijacking: Unauthorized access to an ongoing session between two parties.
4. Brute Force Attacks:
• Password Guessing: Repeated attempts to guess passwords until the correct one is found.
5. Zero-Day Exploits:
• Exploiting Unknown Vulnerabilities: Taking advantage of software or hardware
vulnerabilities before the developer releases a fix.
6. Insider Threats:
• Malicious Insiders: Employees or individuals with access to systems intentionally causing
harm.
• Negligent Insiders: Unintentional security breaches due to carelessness or lack of
awareness.
7. Ransomware:
 • Encrypting Data: Malicious software that encrypts a user's data, demanding a ransom for
its release.
8. Spyware and Adware:
• Spyware: Software that secretly monitors and collects user information without their
knowledge.
• Adware: Unwanted software that displays advertisements, often intrusive and potentially
harmful.
9. Physical Threats:
• Theft or Loss: Physical theft of devices or loss of equipment containing sensitive
information.
10. IoT-Based Threats:
• Insecure IoT Devices: Exploitation of vulnerabilities in Internet of Things devices to gain
unauthorized access or control.
Understanding these threat categories helps in implementing effective security measures to safeguard
computer systems and networks against a wide range of potential risks.
Examples of Social Engineering Attack Scenarios
Savvy cyber criminals know that social engineering works best when focusing on human emotion and risk.
Taking advantage of human emotion is much easier than hacking a network or looking for security
vulnerabilities.
The following are some familiar notes successful social engineering attacks hit again and again.
Fear
You receive a voicemail saying you’re under investigation for tax fraud and must call immediately to prevent
arrest and criminal investigation. This social engineering attack happens during tax season when people
are already stressed about their taxes.
Cyber criminals prey on the stress and anxiety of filing taxes and use these fear emotions to trick people
into complying with the voicemail.
Greed
Imagine if you could transfer $10 to an investor and see this grow into $10,000 without any effort on your
behalf. Cyber criminals use the basic human emotions of trust and greed to convince victims that they
really can get something for nothing.
A carefully worded baiting email tells victims to provide their bank account information, and the funds will be
transferred the same day.
Curiosity
Cyber criminals pay attention to events capturing a lot of news coverage and then take advantage of
human curiosity to trick social engineering victims into acting. For example, after the second Boeing MAX8
plane crash, cyber criminals sent emails with attachments that claimed to include leaked data about the
crash.
The attachment installed a version of the Hworm RAT on the victim’s computer.
Helpfulness
Humans want to trust and help one another. After researching a company, cyber criminals target two or
three employees with an email that looks like it comes from the targeted individuals’ manager.
The email asks them to send the manager the password for the accounting database—stressing that the
manager needs it to ensure everyone gets paid on time.
The email tone is urgent, tricking the victims into believing they are helping their manager by acting quickly.
Urgency
You receive an email from customer support at an online shopping website that you frequently buy from,
telling you they need to confirm your credit card information to protect your account.
The email language urges you to respond quickly to ensure that criminals don’t steal your credit card
information.
Without thinking twice, you send the information, which results in the recipient using your details to make
thousands of dollars of fraudulent purchases.
Case Study Scenario: Samantha, a security manager just been hired by a small company. The company
doesn't have any computer security yet, so she knows to start with the very basics. What would it be?
Based on the format presented below, provide your answers and submit it on MONDAY, February 12, 2024
@ 2:00 – 3:00 p.m.

Reported Crimes:
1. Disgruntled Employees
The report highlights that financial motivations are not the sole driving force behind cyber incidents,
emphasizing the significance of grudges in security threats. Insider threats, constituting only 5.4% of
incidents, are underscored as impactful due to the malicious actors' intimate knowledge of sensitive
data locations. Notably, 75% of insider threat cases involve disgruntled ex-employees who misuse or
compromise company data even after leaving. It also suggests that economic downturns may amplify
these risks, as increased layoffs and frustrations could drive individuals toward cybercrime. The ease
of entry into cybercrime, attributed to its low cost and potential high returns, is noted, with hacking-as-
a-service tools becoming more accessible on the dark web, allowing even unskilled individuals to
engage in cyber threats.
• A disgruntled employee may engage in various criminal activities, such as theft, vandalism, or
even sabotage against their employer.
• Motivations can include personal grievances, financial struggles, or a desire for revenge
against the organization.
2. Organized Crime or Drug Cartel:
• Organized crime groups and drug cartels are often involved in serious criminal activities like drug
trafficking, money laundering, and violence.
• These groups may engage in activities that pose a threat to public safety and national security.
• Cybercriminals are adopting new tactics to expand their malicious activities, including partnering
with criminal networks like drug cartels. A report from cybersecurity firm IntSights reveals that
this strategy is prevalent in Latin America, targeting financial institutions and governments,
with stolen funds discreetly moved between countries. The impact includes financially
devastating breaches in Colombia and Brazil, along with widespread scams draining bank
accounts.
• Organized crime groups, such as the "Bandidos Revolution Team" in Mexico, recruit skilled
hackers to exploit ATMs and attack banks, resulting in multimillion-dollar losses. The
collaboration between violent drug gangs and hackers poses a significant emerging threat.
• Cybercriminals leverage channels like dark web forums and popular messaging services such as
WhatsApp and Facebook Messenger for coordination. Additionally, new techniques like
'Carding,' involving fraudulent use of stolen credit cards, and fraud tactics like BINero are on
the rise in Spanish-language dark web sites. These developments highlight the evolving and
increasingly sophisticated nature of cyber threats.
3. Cybercriminals
Cybercriminals, whether individuals or teams employ technology to engage in malicious activities
aimed at stealing sensitive information for profit. They often operate within underground markets on the
deep web, trading in hacking tools and stolen data. These underground markets specialize in specific
products or services. The legal landscape regarding cybercrime is dynamic and varies globally,
presenting ongoing challenges for law enforcement in detecting, apprehending, charging, and
prosecuting individuals involved in cybercrimes.

4. Hackers:
• Definition: Hacking, as a technical activity, is not inherently criminal. Hackers are individuals who
explore and innovate within computer systems, aiming to understand their functionalities, whether
for positive or negative purposes.
 • Intent: Not all hackers engage in cybercrime; ethical hackers, also known as white hat hackers, use
their skills for beneficial purposes, such as identifying vulnerabilities and enhancing cybersecurity.
Example: A well-known example is the case of ethical hacker Kevin Mitnick, who, after serving a sentence
for computer-related crimes, transformed into a white hat hacker. He now runs a cybersecurity consulting
firm, helping organizations strengthen their security by exposing vulnerabilities through legal and ethical
means.

5. Cybercriminals:
• Definition: Cybercriminals leverage hacking techniques with malicious intent, infiltrating computer
systems to exploit vulnerabilities for personal gain or to cause harm.
• Intent: Their actions involve illicit motives, including data theft, financial fraud, or disrupting
operations for personal or financial benefit.
Example: The WannaCry ransomware attack in 2017 is a notable instance of cybercriminals exploiting a
vulnerability in Microsoft Windows systems. The attackers encrypted users' files and demanded ransom
payments in Bitcoin, impacting organizations globally and highlighting the destructive capabilities of
cybercriminals.
6. Threat Actors:
• Definition: Threat actors conduct targeted attacks, actively pursuing and compromising specific
entities' infrastructure for various motives.
• Intent: Unlike cybercriminals, threat actors have a focused intent, often involving strategic and
deliberate efforts to infiltrate a particular target.
Example: The advanced persistent threat (APT) group known as APT29 or Cozy Bear, attributed to
Russian intelligence, is an example of threat actors conducting sophisticated cyber-espionage. They have
been implicated in various high-profile attacks, including targeting government agencies and organizations
for intelligence gathering.
7. Government
Government-Sponsored Hackers:

Definition: Government-sponsored hackers are individuals employed or supported by a government to

engage in cyber activities for national interests, including intelligence gathering, espionage, or strategic
objectives.
Intent: Their actions are driven by political, ideological, or national security goals, distinguishing them
from cybercriminals who primarily seek personal gain.
Example: The Stuxnet worm, discovered in 2010, is attributed to being a joint operation by the United
States and Israel. This government-sponsored cyber weapon was designed to target Iran's nuclear
program by damaging industrial equipment. The incident exemplifies the use of cyber capabilities by
governments to achieve geopolitical objectives through strategic cyber-operations.
In summary, while hacking itself is a neutral technical activity, examples like Kevin Mitnick showcase how
individuals can transition from engaging in cybercrime to contributing positively as ethical hackers. The
WannaCry ransomware attack illustrates the malicious intent of cybercriminals, while APT29 exemplifies
the targeted and strategic activities of threat actors in the real world.
Case Study:
1. Executive Summary:
• Background:
• Overview:
2. Initial Assessment:
• Security Landscape:
• Existing Threats:
• Security Assessment:
3. Key Initiatives:
• Asset Inventory:
• Security Policy Development:
• Employee Training:
4. Progress Evaluation:
• Monitoring:
• Access Control:
5. Conclusion:
• Summary:
• Backup and Recovery:
• Network Security:
• Incident Response Plan:
• Regular Audits and Monitoring: