1) Malicioussoftware could be compromised our personal computer.Ø Malicioussoftware is virus, worm, Trojan horse, key logger, network sniffer, and dialer. 2) Infrastructureor service problems could be compromised our personal computer.Ø Itmay be failure of Software, Hardware.
Ø Itmay be failure of electricity which ispower outage or power surgeØ Itmay be failure of network which is cable cut or saturation.Ø Itmay be failure of Air-conditioning, System upgrades, and Service providers.Ø Itmay overload of CPU, memory, storage, and network. 3) Humanerrors could be compromised our personal computer.Ø Humankeep weak security.
· It may be loss of laptops, smartphones,and USB-sticks.· It may be no encryption, and passwordleaks of cracks.· It may be computer console left unlocked.Ø Humanare misunderstanding computer interface or other mistakes.Ø Itmay be deleting data and corrupting data.Ø Confiscationof machines could be compromised our personal computer. 4) Downloadingfree software could be compromised our personal computer system.
When user download a freesoftware sometime it will introduce malware, viruses or buggy software. 5) Thepersonal computer system could be compromised by without install operatingsystem updates.Any computer user is to always install securityupdates, when they become available for your operating system. Bugs areunfortunately created when operating systems are developed that could causesecurity.
6) The personal computer system could becompromised by haven’t installed applications up-to-dateThe personal computer as secure as possible, user needto make sure these programs are updated when new security fixes are released.The problem is that many people just ignore alerts about new updates, eventhough these updates fix security problems that could allow hackers into yourcomputer. 7) The personal computersystem could be compromised by withoutInstall ,update, and use anti-virus softwareThe computer has antivirus softwarerunning on machine. By having an antivirus program running, files and emailswill be scanned as use them, download them, or open them. If a virus is foundin one of the items people are about to use, the antivirus program will stop you from being able to runthat program and infect yourself.
8) The personal computersystem could be compromised by having poor password. 9) The personal computer system could becompromised by haven’t up to date windows. Hackers oftendiscover new ways to bypass Windows’ built-in security features configured. 10) Thepersonal computer system could be compromised by don’t turn on the windows firewall.Windows has a built-in ‘firewall’ that protects your PC from unwantedattention via the internet. 11) Thepersonal computer system could be compromised by don’t use the latest version of the web browser.
Web browsers are vital applications, but just like other software, theycan contain bugs. Once a web browser has been compromised in this way, a hackercan monitor everything you type, including passwords to credit card numbers.That’s why it’s vital to use the latest version of your web browser -anythingother than this may be a security risk. 12) Thepersonal computer system could be compromised by falling for phishing emails.
13) The personal computer systemcould be compromised by don’t use the windowsmalicious software removal tool. 14) The personal computer system could be compromised by attachments from people you don’t know. 1.2The possible attack vectors. These are the possible attackvectors.Ø Denialof Service Attack (DoS Attack)Ø KeystrokeloggersØ MalwareØ PhishingØ SQLInjection AttackØ Cross-SiteScripting (XSS)Ø SessionHijacking AttackØ Man-in-the-middleAttackØ CredentialReuseØ ChatRoomsØ E-mailattachmentsØ Pop-upwindowsØ InstantmessagesØ WebPages Task 02Congratulations! You are electedmember of the newly established computer and data security team in ABCinstitution.1. Makea list of all possible risks that can have an impact on the security andstability of your data and internal and external information and technologyservices.
2. Makea list of recommendations to lower the risks. Question01 2.1The possible risks that can have an impact on the security and stability ofyour data and internal and external information andtechnology services. Ø Wecan have an impact on the security by capture every username and password typedon the keyboard by install key logger. Then a hacker can use your computer tolog into your accounts, and carry out institution related data and internal andexternal information.Ø Wecan have an impact on the security and stability of our data and internal andexternal information by send malicious emails to all the contacts in your emailfolders in order to spread viruses, malware, and spyware.
Ø Ifthe device or software failures, we can have an impact on our technologyservices.Ø Wecan have impact on our technology services by the environmental issues.(Environmental issueslike heat, cold, humidity, static, and electricity)Ø Developmentof loss databases can have an impact on our technology services.Ø Denialof Service (DOS) attack can have an impact on our technology services.
Ø IfShare the confidential data and information of the institution with others bytrust them, It may be use that valuable data by others in different dangerouspurpose.Ø Carelessnesscan have impact on the security and stability of your data and internal andexternal information and technology services.It means when the equipmentor service will be failure, we request to get help from other knowledgeablepeople who are related in that equipment or service.
The person who are supportto another institution or sell our institution’s confidential data andinformation to other institution’s owners. Question02 2.2Recommendations to lower the risks. Ø Encryptioncan reduce the stealing password by the hackers.Encrypting data as it isstored and transmitted. Ø Implementingstrict access control mechanisms and data classification will be reduce thestealing password files by the hackers.Ø Maintainingbackups to replace the failed data, information, and service will be reduce animpact on our technology services become from the device or software failures.Ø Wecan reduce the risk of confidentiality related by training personnel on properprocedures will be reduce the risk.Ø Wecan reduce the risk of integrity related by use Strict Access Control,Intrusion Detection and Hashing.Ø Wecan reduce the Denial of Service attack risk by use of certain firewall androuter configurations.Ø Webbrowsing will be keep our personal data.Ø CloudServices will be keep our personal data.Ø Filestorage and archiving will be keep our personal data.Ø Socialnetworking will be keep our personal data.Ø Wirelessservices will be keep our personal data.Ø PersonalSecurity will be keep our personal data.Search Engines willbe keep our personal data.