Introduction to Computer Security
Computer security refers to the protection of computer systems and networks from the theft,
damage, or unauthorized access of data, as well as protection from the disruption or misdirection
of services. With the growing reliance on technology for sensitive operations, computer security
has become a critical aspect of information technology (IT). It ensures the confidentiality,
integrity, and availability (CIA triad) of data by employing various measures like firewalls,
encryption, intrusion detection systems (IDS), and security policies.
The goals of computer security include:
Confidentiality: Ensuring that information is accessible only to those authorized to access
it.
Integrity: Protecting data from being altered by unauthorized parties.
Availability: Ensuring that systems and data are available when needed.
Programmed Threats
Programmed threats are malicious software (malware) or techniques designed to exploit
vulnerabilities in computer systems. These can be categorized into various types, including:
1. Viruses: Programs that attach themselves to legitimate software and replicate themselves,
spreading from one computer to another.
2. Worms: Standalone programs that self-replicate and spread through networks without
needing to attach to other programs.
3. Trojan Horses: Malicious programs disguised as legitimate software that deceive users
into running them, thereby granting unauthorized access.
4. Ransomware: A form of malware that encrypts a user's data, demanding payment in
exchange for the decryption key.
5. Spyware: Software that gathers user information without their knowledge, often for
marketing purposes or identity theft.
6. Phishing: A social engineering attack where attackers impersonate legitimate entities to
steal sensitive data like login credentials.
�Data Protection Principles
Data protection is essential to ensure privacy and security, especially with the increasing amount
of sensitive information processed by organizations. The key principles governing data protection
include:
1. Lawfulness, Fairness, and Transparency: Personal data should be processed lawfully,
fairly, and transparently to the data subject.
2. Purpose Limitation: Data should only be collected for specified, legitimate purposes and
not further processed in a manner incompatible with those purposes.
3. Data Minimization: Only the data necessary for the intended purpose should be collected
and processed.
4. Accuracy: Personal data must be accurate and kept up to date, with measures taken to
erase or rectify inaccurate information.
5. Storage Limitation: Personal data should be kept no longer than necessary for the purpose
for which it is processed.
6. Integrity and Confidentiality: Data must be processed in a way that ensures security
against unauthorized or unlawful processing, accidental loss, destruction, or damage.
7. Accountability: Organizations must be able to demonstrate compliance with these
principles.
Security Policies
Security policies are formalized guidelines and procedures that govern how an organization
protects its data, systems, and resources. These policies provide the framework for implementing
security measures, defining acceptable behavior, and managing risks.
Key aspects of security policies include:
1. Access Control Policies: Define who has access to certain data or systems and under what
conditions. It includes user authentication mechanisms (e.g., passwords, biometrics).
2. Data Classification Policies: Establish how different types of data (e.g., public, private,
confidential) should be handled and protected based on their sensitivity.
� 3. Incident Response Policies: Outline procedures for responding to security breaches,
including detection, containment, eradication, and recovery.
4. Acceptable Use Policies: Define how users are expected to behave when using the
organization's IT resources, including acceptable internet usage and email conduct.
5. Password Management Policies: Set standards for creating, changing, and protecting
passwords to ensure they remain strong and secure.
6. Encryption Policies: Define when and how encryption should be used to protect sensitive
data, both at rest and in transit.
7. Disaster Recovery and Business Continuity Plans: Ensure that critical systems and data
can be restored quickly in the event of a disaster, minimizing downtime and impact on
business operations.
By combining robust security policies with an understanding of the various types of programmed
threats and implementing strong data protection principles, organizations can better secure their
computer systems against an evolving landscape of security challenges.
