Social & Economic Impact of ICT: Implications of Misuse & Cybersecurity

Social & Economic Impact of ICT

Implications of Misuse & Cybersecurity

Lesson Objectives

  • At the end of this lesson students should be able to:

    1. Define computer security and cybersecurity

    2. Explain the elements of security risk:

    • Vulnerability

    • Threat

    • Attack

    • Countermeasure

    1. Identify and describe common forms of computer misuse

    2. Distinguish between entities impacted by misuse:

    • Individual

    • Organization

    • Government

Definitions and Key Concepts

  • Computer Security: Refers to the protection of hardware and software resources against accidental or deliberate damage, theft, or corruption.

  • Cybersecurity: Involves techniques for protecting computers, networks, programs, and data from unauthorized access or attacks.

Elements of Security Risk

  • Vulnerabilities: Weakness or flaw in computer systems that can be exploited.

  • Threats: Conditions that pose risks; can cause loss or harm to computing systems.

  • Attacks: Attempts to exploit vulnerabilities and access systems illegally.

  • Countermeasures: Actions or techniques that mitigate vulnerabilities.

Computer Vulnerability

  • Defines computer vulnerability as a weakness or flaw in one or more computer systems or their connectivity. Vulnerabilities can be classified into external or internal categories.

External Vulnerabilities

  • Natural Disasters: Minimal or no protection against hurricanes, earthquakes, and volcanoes.

  • Electrical Issues: Lack of protection from power surges affecting hardware and data integrity.

  • Terrorist Activities: Targeting buildings housing computer systems in acts such as bombings or arson.

Internal Vulnerabilities

  • Human Errors: Mistakes like overwriting or erasing critical data.

  • Lack of Backup Procedures: Failure to create backups of essential files.

  • Physical Security Lapses: Not securing hardware/software in locked areas; no password protections implemented.

  • Inadequate Antivirus Measures: Absence of antivirus programs to examine email attachments.

  • Flawed Propriety Software: Software internally produced that may contain security flaws.

  • Former Employee Access: Retained passwords and security information of ex-employees.

  • Fraudulent Activities: Employees trying to illegally obtain money using the company's name.

Threats to Computing Systems

  • A threat is a set of circumstances posing potential loss or harm, stemming from human error or natural disasters.

    • Example: Phishing emails designed to deceive users into giving personal information.

Cyber Attacks

  • Definition: Any attempt to harm a computer system by exposing, altering, or stealing data, or denying access to legitimate users.

    • Common Attack Types:

    • Phishing Attacks: Fraudulent emails to obtain personal information.

    • SQL Injection: Inserting malicious SQL statements to manipulate databases.

    • Denial of Service (DoS): Overloading targeted systems with excessive data traffic.

    • Malware: Malicious software designed to disrupt operations.

Misuse of Information

  • Cybercrimes: Criminal activities conducted via computers or the internet, including but not limited to:

    • Cyberbullying

    • Copyright infringement

    • Data theft

    • Denial of service attacks

    • Transmission of viruses

    • Identity theft

Specific Forms of Misuse

  • Propaganda: Utilizing computer systems to disseminate biased information to influence public perception or discredit oppositions.

  • Phishing: Fraudulent emails mimicking legitimate organizations to extract sensitive information.

  • Denial of Service (DoS): Attacks that hinder legitimate users’ access to specific systems or services by flooding them with traffic.

  • Copyright Infringement: Unauthorized use of copyrighted material, including media like music, software, and textual content.

  • Identity Theft: Crime where an imposter acquires personal identifiers of individuals, like Social Security numbers, to impersonate them.

Prevention Strategies for Identity Theft

  • Regular Monitoring: Check bank and credit card statements for unauthorized transactions.

  • Secure Transactions: Utilize secure websites for online purchases.

  • Avoid Public Computers: Limit entry of personal information on public systems to minimize risk.

Additional Misuse Concepts

  • Electronic Eavesdropping: Illegally monitoring electronic communications without consent; includes voice, fax, and email monitoring.

  • Industrial Espionage: Gathering secret commercial information via spying to gain competitive advantages.

  • Software Piracy: Legal violation involving unauthorized use, copying, or distribution of software.

  • Virus Dissemination: The process of spreading malicious software that compromises system integrity and data.

Data Security Concepts

  • Data Security: Encompasses both physical and software methods to protect data against unauthorized access and corruption, ensuring data integrity.

  • Data Integrity: Refers to the accuracy, completeness, and consistency of data within a system over time.

Factors Compromising Data Integrity

  • Human Error: Mistakes like data entry inaccuracies or unintentional deletions.

  • Natural Disasters: Events like fires or floods that impact the physical integrity of systems.

  • Malicious Activities: Actions taken to fraudulently alter or delete data.

  • Hardware Malfunctions: Breakdowns leading to data loss.

  • Viral Infections: Software that disrupts normal operations.

Countermeasures

  • Countermeasure Definition: An action, device, procedure, or technique aimed at removing or reducing a vulnerability.

Types of Countermeasures

  • Physical Measures: Includes but not limited to:

    • Reinforced doorways

    • Fireproof safes

    • Backup procedures at remote locations

    • Distribution of responsibilities among employees to avoid concentration of control.

    • Use of locks, security personnel, alarms, and surveillance systems.

  • Software Measures:

    1. Password Protections: Safeguarding files and systems.

    2. Access Logs: Records detailing system activities and accesses.

    3. Data Encryption: Ensuring data confidentiality during storage and transmission.

    4. Firewalls: Systems to protect networks by filtering incoming traffic.

    5. Anti-Virus Software: Tools for identifying and removing malware from devices.

Key Questions for Reflection

  • Name two external and internal sources that could make computer systems vulnerable.

  • State the terms that describe:

    • The protection of data against damage

    • The protection of hardware and software resources against damage

    • An attempt to exploit a weakness in a system

  • Differentiate between:

    • Computer fraud and propaganda

    • Phishing and identity theft

  • Identify the type of software threat with regard to instances of unauthorized access and data overwhelm tactics.

    • Examples include hacking attempts and DoS attacks for computer systems.

Conclusion

  • Understanding the impact of cybersecurity regulations and their implications on entities ranges from individuals to governmental bodies, reflecting the importance of safeguarding information in an increasingly interconnected digital landscape.