2. The presentation is being carried out to lay down a solution to a
problem arising related to computer security. Various security
strategies are being discussed in this presentation. These
strategies would help in successfully coping up with the
computer security issues. The security strategies
recommended to address the issue and the effectiveness of
mitigation strategy in controlling the issue are also discussed
in the presentation.
3. The computer security is the protection
of assets from unauthorized access,
alteration, use or destruction.
Therefore, for such protection an
effective strategies is must needed.
4.
5. COMPUTERSECURITY ISSUES
There are some computer security issues which are normally faced
by the organization or by an individual as well. Following are
some of the issues:
Computer
security
issues
Internet
and
network
attacks
Informati
on theft
System
failure
Hardwar
e and
software
theft
Unauthor
ized
access
and use
6. SECURITY STRATEGIES
• To cope up with the computer security issues, the
organization or an individual can use the following
security strategies to prevent the security of their system
and data or information.
• These strategies will help the organization to improve
the level of security and safety of data.
7. PROACTIVE STRATEGY
This strategy includes a set of predefined steps that can be
taken to prevent the computer systems from the attacks before
they occur.
This includes identifying how an attack could possibly affect
or damage the system and the vulnerabilities it exploits.
This pattern may help in determining the areas of
vulnerability that pose the greatest risk to the enterprise.
8.
9. The proactive strategy has basically three steps:
Determining the damage that the attack will cause
Determining the vulnerabilities and weaknesses that the
attack will exploit (Klöti.et.al. 2013).
Minimizing the vulnerabilities and weaknesses that are
determined to be weak points in the system for that
specific type of attack.
10. KEY FINDINGS OF PROACTIVE STRATEGY
Use of policies for data security
Understanding about the sensitive data
It goes beyond the technology implementation
Take initiative for data security
Use of data centric security
11. REACTIVE STRATEGY
The reactive strategies defines the steps that must
be taken after or during an attack.
It identifies the damage that was caused and the
vulnerabilities that were exploited in the attack.
This strategy will determine the why it took place,
repair the damage that was caused by it and
implement a contingency plan (Easttom II, 2016).
12. BENEFITS OF REACTIVE STRATEGY
Following are the key benefits of strategy:
Provides control over the use of computer system
Improve the accountability
Determine the level of threat
Anticipate the future changes
Help to assess the amount of damage and install
13. SECURITY BY DESIGNSTRATEGY
• A software is designed from the ground up to
be secure.
• It includes code reviews and unit testing are
used to make modules more secure.
• Audit trails tracking system activity for
determining the extent of the breach.
14. BENEFITSOF SECURITY BY DESIGN STRATEGY
Following are the major benefits of using the particular
strategy:
Integration of methodologies
Detecting and resolving problems
Improve flexibility and adaptable architecture
Integration of application for better security
15. It is an effective means of ensuring the security, stability and
consistency of a computing environment.
Proper planning and pre-deployment activities are required for a
successful deployment of application white listing technology.
It can be deployed in support of policy which defines
applications which users are allowed to run or can run in the
course of their duties.
16. • Administrative privileges are designed to allow access of only
trusted personnel.
• Accounts with administrative privileges to a window domain
typically have the ability to effect changes or to see such
information from any system on that domain (Goldman.et.al, 2011).
• These privileges introduce a number of potential points of
weakness into that system.
17. PASSWORDS ANDAPPROPRIATE USER AUTHENTICATION
STRATEGY
The best strategy for protecting the data from being accessed by an
unauthorized user.
The user authorization can be verified in any security system via
piece of information like password, something possessed by an
individual like ID, credit and a biometric characteristic of the
individual like finger print (White, 2015).
Through this the important and relevant information can be safe from
the authorized users.
18.
19. A proper planning is a best strategy to overcome from the
problems related to eventuality of hardware failure or loss
and data loss or corruption.
Depending on the types of threats, disaster recover plans
may rely on one of a mix of strategies (Cichonski.et.al.
2012).
20. The user using the computer system are require to
inform under this strategy to be careful of any
suspicious e-mails.
According to this, the user are should be careful
when the email is from the known source, caution
should be exercised when opening attachments or
clicking on links in emails.
21. IMPLEMENTATION OF A VULNERABILITY MANAGEMENT
PROGRAM
The most of the worms and viruses try to exploit bugs
and vulnerabilities within the operating system and
applications.
The vulnerabilities can be introduced in network
everyday (Song, 2010). It is important to regularly review
the network and applications running on it for new
vulnerabilities.
22. After this, a proper plan is then prepare for proper
management of vulnerabilities.
The vulnerabilities can be managed by through patching,
upgrading, or managing the vulnerabilities using tools like
firewalls and Intrusion Detection Systems.
The discovered vulnerabilities should also be rated and
prioritized regarding their criticality and their impact (Rid
& McBurney, 2012).
23. The critical data or information should be daily or periodically
must be regularly backup.
It is useful when a network gets infected with a computer virus
or system or hardware crash.
These backups must be stored safely in the offsite location .
Regular monitoring of network and system logs assist in
indentifying the computer virus or other criminal attacks.
24. Log files for the backups should be checked regularly in
order to insure that the backups succeeded.
Log files for anti-virus software deployed should be
regularly checked to ensure that PC are running the latest
version of antivirus.
These strategies ensure that the chances of attacks and their
impact is reduced and minimized to a greater extend.
25. DEVELOPMENT OF INCIDENT RESPONSE PLAN
The incident response plan outlines the roles and
responsibilities that people may have in the event of
a computer virus infecting the network or indeed
any other type of security breach (Hsiao.et.al. 2014).
The plan is prepared and drawn up by the agreed
relevant parties before an incident occurs.
26. CRYPTOGRAPHY STRATEGY
This strategy is best when the confidentiality and security of
data and information is to be maintained.
The modern cryptography exists at the intersection of the
disciplines computer science, mathematics and electrical
engineering.
It is conversion of the information from a readable state to
apparent nonsense (Kahate, 2013)
Only the authorized user can be decodes such encrypted data
or information.
27.
28. RECOMMENDED SECURITY
STRATEGIES
To address the current issue the best strategy that would be
recommended is a proactive and reactive strategy.
These strategy is best because it provides a suitable way to
identify and reduced the affects of the security issues before
their cause.
It the impacts and core area of infection are not identified
before then the reactive strategy would help in repairing the
damage caused through an implemented contingency plan.
29. ACTIVITIES FOR IMPROVING
COMPUTER SECURITY
Using the following recommendation the security of
computer could be improved:
Use of Linux
Disable add-ons
Deploy a hardware based firewall
Enforce Strict password policies
Use of content filter
30. EFFECTIVENESS OF MITIGATION
STRATEGY
The mitigation strategy would be effective in controlling the
issues with respect to other strategies in the following ways:
Ensures that the identified issues before their cause are removed
to the best possible way.
The damage occurred after their cause are repaired to the best
possible way as suggested in the contingency plan.
The organization is always ready to fight against the computer
security issues with the proactive and reactive plans without
causing any disturbance in the operations of the organization.
Computer security issues:
Internet and network attacks: In the current scenario, internet is one of the key foundation of sharing the information and communication. However the organization and individual use the network security procedure that helps to maintain the effectiveness in services but attack of virus and malware is major security threat for the network that organizations are using.
Information theft: The use of pen drives, data card and mobile phones are increasing the threat for the information theft as staff members or external person can store information through these devises which can create security issues for organization.
System failure: For security of information and data the leading organizations has implemented the system that protect from the unauthorized access but the situation like failure of system is influencing the process of managing the security level.
Hardware and software theft: The issue of security in computer is theft of hardware and software that can be done by the individual and group who has the access of using the system.
This is an important strategy that transform the data into an unusable form, reducing the risk in the case of unauthorized access. For improvement in the security and protection of sensitive data this kind of strategy is more beneficial and useful that helps to coded the information and block the illegal activities.
Process of encryption:
Encoding: For security purpose and protecting the data it is being used for change the presentation of data and information that developed through coded form.
Channel: The data that need to be share through internet sources will go through channel. The encoding of data helps to protect the information from theft .
Decoding: At the receiver end the data and information could be read or review by using the decoding.