IT470: Computer Security Fundamentals

1

Running Header: Safeguarding Business Data

4

Safeguarding Business Data

Student 1

Computer Security Fundamentals

1. How is personal information safeguard? Provides some standard procedures mainly used by businesses to safeguard their data.

We can protect our personal information by using strong passwords or encrypting our data. We should infuse each password with numbers, upper case letters, or symbols to make the password as difficult as possible to figure out when protecting the data online. When it comes to encrypting the data, we should protect our browser while making online transactions with encryption software guards because the information can be sent over the Internet.

Many companies in different countries are trying to keep the data of customers safe and prioritized the security system (Rossi, B. 2019). There are several ways to protect data by business owners such as backing the data up with an automated backup system on a regular basis, taking advantage of virtual servers, maintaining firewalls to block the data from the outside world, using anti-virus and spam filters, and so on (Bawden-Davis, J. 2012).

2. What are the vulnerabilities? Provides some examples.

The term “vulnerability” means a word of “weakness” and it can be exploited in a cyberattack to earn unauthorized access to the personal data on a computer system (Tunggal, A. 2021). Vulnerabilities are the way for attackers to access system memory, run codes, to install malware. In this way, they can steal, destroy, or modify sensitive data on a database.

3. What do we mean by secured system? Name some of the best practices for securing your personal computer.

We can understand the term “secured system” that something is secured by a system of interworking components and devices on a personal computer. The act of data protection is the essential way of safeguarding important information from loss or theft (Gillis, A. 2020). There are many ways to secure personal data such as using security software, maintaining current software and updates, not clicking random links, restricting remote access, deploying encryption when possible, and others.

 

 

Reference

Rossi, B. (2019, December 3). 10 Ways Businesses Can Protect Customer Data. Retrieved from  https://www.information-age.com/10-ways-businesses-can-protect-customer-data-123459341/ (Links to an external site.)   

Bawden-Davis, J. (2012, August 22). 6 Ways To Safeguard Your Small Business’ Data. Retrieved from  https://www.americanexpress.com/en-us/business/trends-and-insights/articles/6-ways-to-safeguard-your-small-business-data/ (Links to an external site.)   

Tunggal, A. (2021, March 16). What Is CVE? Common Vulnerabilities And Exposures Explained. Retrieved from  https://www.upguard.com/blog/cve#:~:text=A%20vulnerability%20is%20a%20weakness%20which%20can%20be,or%20modify%20sensitive%20data.%20What%20is%20an%20exposure%3F (Links to an external site.)

Gillis, A. (2020, October 14). 10 Tips To Keep Personal Data Safe And Secure. Retrieved from  https://whatis.techtarget.com/10-Tips-to-Keep-Personal-Data-Safe-and-Secure#:~:text=Antivirus%20software%20is%20a%20security%20software%20program%20designed,networks%20and%20IT%20systems%20to%20protect%20personal%20data

Student 2

1) Personal information safeguarded

Information collected during the intake process of interaction and the arrangement of sensitive service can contain details regarding a personal history and necessities. As per nature of requirements or services that has shelter, different types of records may need to store securely to guarantee confidentiality and security. Most organizations keep sensitive personal information in their files names, credit card, Social Security numbers, or other account data that recognizes customers or employees records. This information is important to fill of requests, to meet payroll, or to perform other essential business necessities. If sensitive data falls into some one's wrong hand, it can prompt fraud, identity theft, or damages. With that said a given the expense of a security breach of losing your customers' trust and may lead to any event, protecting against a lawsuit of safeguarding personal information is just good business. A few companies may have the habit of in-house to carry out an appropriate plan. Others may think to accommodate to recruit a third party contractor toward helping to keep data secure (Safeguarding Confidential Information | Knowledge Base | Information Technology Services | CSUSB, n.d.).

Standard procedures mainly used by businesses to build security plan on 5 key principles:

1. Take Stock - Know what personal information you have in your files and on your computers.

2. Scale Down - Keep only what you need for your business.

3. Lock It - Protect the information that you keep.

4. Pitch It - Properly dispose of what you no longer need.

5. Plan Ahead - Create a plan to respond to security incidents

Here, business can prevent unauthorized disclosure of this information by (Safeguarding Your Data, n.d.):

- Only revealing information that has agreed to have released.

- Sharing the information only within an organization employees who need to know.

- Do not encourage to use personal credentials for authentication to other persons with access to any information systems containing confidential information.

- Access to person’s files need be strictly restricted to persons in the accommodation to ensure rights to privacy and confidentiality.

- Regular follow up on software updates and install all possible security updates in all computer servers and laptops and company applications.

- Keeping up with confidentiality of information endlessly, including after the customer has left the program.

- Keep install and maintain branded antivirus software in all computer terminals and laptops and set them on auto-install and update to install the latest antivirus.

- Enable screen savers with authentication with auto-locking passwords for all network systems.

- Activate an auto security system especially if the office department is at high-risk for robbery.

- Use cautiousness when accessing official or personal e-mail, and never trust any unexpected e-mails. Company protocol should be there to instruct employees to never open an unknown attachment without first running an antivirus verification of its type and checking it with an antivirus protocols. If in doubt, hit phishing email or delete it.

2) Vulnerabilities

A vulnerability seem to a known and some of the time unknown weakness in a resource that can be exploited by threat actors. Testing for vulnerabilities is essential to guaranteeing the suffering security of your association's systems. Just in the identification of these weaknesses, one would be able to develop a system to remediate before it's too late of no return. Vulnerabilities can be exploited by various strategies including buffer overflows, SQL injection, cross-site scripting (XSS) and open-source exploit kits that search for known vulnerabilities and security weaknesses in web applications. Numerous vulnerabilities target popular software of the company, placing numerous clients by using software at an increased danger of a data breach, or supply chain attack. Such zero-day exploits are enrolled by MITRE as a Common Vulnerability Exposure (CVE) (What Is a Vulnerability?, n.d.).

Types of Vulnerabilities

1. Configuration-based Vulnerabilities

2. Missing Security Patches

3. Weak or Default Credentials

4. Zero-Day Vulnerabilities

Some examples of vulnerabilities:

· Hardware - Vulnerability to dust, poor encryption, soiling, humidity, natural disaster, or firmware vulnerability.

· Software - Lack of audit trail, insufficient testing, side channel attacks, memory safety violations, design flaws, input validation errors, timing attacks and UI failures.

· Network - Man-in-the-middle attacks, unprotected communication lines, lack of authentication, insecure network architecture, or default authentication.

· Organizational - Lack of audit, security, continuity plan or incident response plan.

· Physical site - Area subject to unreliable power source, natural disaster or no keycard access.

· Personnel - Poor password management, poor recruiting policy, poor adherence to security training, lack of security awareness and training, or downloading malware via email attachments.

3) Secured system

A computer system that has safeguard that is provided through hardware and software that stops against interception of data, corruption of data, and any loss of data from unauthorized access (Secure Systems for Recording & Sharing Information | DeltaNet | DeltaNet, n.d.).

One can secure your own personal computer with following best practices (The Three Principles of a Secure System, 2015)-

- Keep your software programs and operating system regularly updated.

- Install and RUN an anti-virus software program.

- Make sure your firewall is enabled.

- If you need to enable file and print sharing, allow access only to authorized users. - Review these options in the network settings on your computer.

- Maintain regular backups and consider employing a file encryption program if the information stored on your workstation is highly confidential

- Investigate your workstation configuration & disk drives on a regular basis, to look for suspicious files, programs, or drastic changes in free space on disk.

- Dispose of Information Properly before discarding your computer or portable storage devices

References

Safeguarding Confidential Information | Knowledge Base | Information Technology Services | CSUSB. (n.d.). Retrieved July 18, 2021, from https://www.csusb.edu/its/support/it-knowledge-base/detail?id=9459598f98f1174e5d7cb447cc95050915699f018e

Safeguarding Your Data. (n.d.). Retrieved July 16, 2021, from https://www.lsu.edu/it_services/its_security/security-awareness/safeguarding-your-data.php

Secure Systems for Recording & Sharing Information | DeltaNet | DeltaNet. (n.d.). Retrieved July 16, 2021, from https://www.delta-net.com/compliance/information-security/faqs/secure-systems-for-recording-sharing-information

The Three Principles of a Secure System. (2015, December 1). The State of Security. https://www.tripwire.com/state-of-security/security-awareness/the-three-principles-of-a-secure-system/

What is a Vulnerability? | UpGuard. (n.d.). Retrieved July 16, 2021, from https://www.upguard.com/blog/vulnerability