In the context of Information Systems Security, write short notes on ALL of the following headings:-
a. Why are computer systems more vulnerable to destruction, error, abuse and misuse than manual systems?
b. What is meant the term Risk Assessment?
c. What are Worms and Viruses?
d. Outline the process of Public Key Encryption.
Information Systems Security is the safeguarding of the computer system from attacks or destruction. Computer systems are vulnerable due the following reasons.
a. Destruction/error/abuse/misuse: –
i. Hardware failure due to natural causes; electrical failure; etc.
ii. Software failure; bugs; poor design etc.
iii. Human errors.
iv. Theft/corruption of data.
v. System penetration illegal access.
vi. Complex computer system difficult to replicate manually.
vii. As data is more compact, potential loss is greater.
viii. As data is more compact potential damage abuse/misuse greater.
ix. Advent of networks has greatly increased the potential of unauthorised access. Paper based systems are less compact and intercommunication is much harder.
b. Risk Assessment: –
Risk can be defined as the product of the amount that may be lost due to a security exposure and the probability or frequency that such a loss will occur. Potential threats may be identified past experience, use of experts or brainstorming techniques as well as their anticipated frequency (once per month etc.) and potential monetary cost. The controls that might be necessary to counter the threat are also estimated and a judgment made whether the control costs are more or less than the threat and if so should the control procedures be implemented. Controls may be general or application controls.
]General controls are those controls which are not specific in nature. This may include things like authorization of use and the general awareness of the risks the employees.
Application controls are those controls over the inputs, processing and the output. This may includes things such are validation checks and maintenance of data.
c. Worms & Viruses: –
A worm is a program that transfers itself from computer to computer over a network and plants itself as a separate file on the target computer. This program is destructive in nature and may destroy data or utilize tremendous computer and communication resources but does not replicate like viruses.
A worm does not change other programs but can run independently and travel from machines to machines over the network. Worms can also have portions of themselves running on many different machines.
A virus is contagious and is a set of illicit instructions which are passed onto any other programs or documents with which it comes into contact. Viruses are malicious computer programs. Traditional viruses attach themselves on other executable code, infect the user‘s computer, replicate themselves on the user‘s hard disk and then damage data, hard disk or files. Viruses attack the following parts of a computer:-
o Executable program files
o File directory systems
o Boot and system areas that start the computer
o Data files
d. Public Key Encryption (PKE): –
Encryption means encoding a message into some form of code so that only the person receiving the message can decode the message. PKE uses two keys, a public key and a private key. The sender uses the public key to encrypt a message which is transmitted over the internet. When the message is received the recipients use their own private key to decode the message.
In encryption the message is converted from the plain text into a secure code called cipher text and cannot be understood before decryption to plain text again.
Encryption key is piece of information that is used within the encryption logarithm to make encryption or decryption process unique making the user to require a correct key to decipher the meaning.
Encryption logarithm is a mathematically based function or calculation which encrypts or decrypts.
In the PKE the two keys work together as a pair. The public key is known to everyone but the private key is known to an individual thus the only person who can decrypt the message.