Computer systems are exposed to security risks that threaten the security and integrity of both the system and data held in it. These threats are becoming increasingly sophisticated and seem to multiply by the day, resulting in endless headaches for IT professionals.
With each new piece of technology arriving on the scene, a security threat seems to accompany it. The key for IT is to constantly evaluate current security measures and policies to identify any shortcomings that may be exposing the company to risk.
Required:
Explain THREE main risks that threaten security and integrity of systems and data held in them and TWO ways to minimise such risks. (10 marks)
View Solution
Security risks
- Hackers and eavesdroppers. They try to gain unauthorized access to computer systems. They may attempt to damage a system or steal information. Data that is transmitted across telecommunications links is exposed to the risk of being intercepted or examined during transmission (eavesdropping).
- Viruses may destroy information or data.
- Hoaxes: These are virus that may be encountered by recipients and which can waste precious time by resending information to others.
- Denial of service attack: This involves an organized attack or the sending of excessive volumes of information deliberately to a server to slow it down or hinder its functions.
- Natural disasters such as fires and floods may damage the place where the system is stored.
- Hardware and software failure systems may malfunction for a number of reasons.
- Human error: Operators may accidentally damage or delete information held on a system.
- Operational injury such as repetitive strain injury (RSI) is a risk faced by computer operators. (Any 3)
Risks can be minimized by the following:
- Antivirus may be used to prevent, remove and detect viruses.
- Firewall can be used to check the in-flow of certain files that may harm a system.
- Encryption: To conceal information from unauthorized users.
- Electronic signatures: This involves the use of keys to unscramble data that has been protected to reach rightful recipient who will have the unscrambling key.
- Authentication: This is a procedure that makes sure a message has come from an authorized sender.
- Dial-back security: This operates by requiring persons wanting access to dial into a network and identify themselves first.
(Any 2)