Aspects Of Computer Security

Significant risks?

So what are the significant risks? To state the obvious that depends on how you use your system, but to generalise there are 5 main areas:-

  1. Data loss due to physical loss or damage, i.e. theft, fire, etc. It is beyond the remit of this text to advise about physical security but data loss due to fire or theft can be relatively easily coped with by the simple expedient of having a regular backup routine. In a recent survey only 7% of companies keep backups on a daily basis.

  2. Virus infection, i.e. from disks or Internet usage. Viruses are computer programs, exactly the same as word processors, spreadsheets, accounts packages, etc. or they are application viruses, i.e. macros such as the ones used in many word processors, spreadsheets, etc. In fact they can be any executable code, even the boot sectors of disks. They are usually introduced into computer systems by floppy disks or downloaded from the Internet. When they are executed they can cause great damage or simply produce unexpected results, i.e. slowing the system down or shutting down applications without warning. One thing all viruses have in common is that they are specifically designed to replicate themselves when disks or files are moved from machine to machine either physically or over a network, including the Internet. They are usually installed without the users knowledge or permission.

  3. Worm infection, i.e. from email, etc. Worms (Trojan horses) are similar to viruses in that they require an application to load and run them. The application can be the operating system itself, in this sense they are the same as any other program, or something as simple as an email reader like Outlook Express. The point about worms is that they appear to be something they are not and are usually run deliberately by the user when he thinks he is running another application. A good example of this is opening a Microsoft Word document attached to an email.

  4. Data access from hi-tech vandals outside the organisation, for example hackers. These are people who try to connect onto your system without your knowledge or permission. Due to the sort of people involved they don't usually do any damage. Some leave messages, sometimes cryptic, indicating that the system has been compromised. Others are less helpful.

  5. Data loss due to poorly trained people inside the organisation. This probably accounts for a large part of the amount of data that organisations lose. Whether it's the the employee who overwrites the new data with the old when supposedly doing the backup, or someone accidentally overwriting the data on their servers hard disk, it pretty much amounts to the same thing. KEEP A BACKUP AND TEST IT FROM TIME TO TIME.

Some of the above is pretty obvious - some less so. However, the amount of valuable data lost to staff who haven't been properly trained and poor, or non-existent, backups almost certainly exceeds the amount lost to hackers, crackers, script kiddies, etc.

Security Policy < Previous - Next > Hackers,Crackers etc. The Usual Suspects

© Copyright Andrew Bennett 2006