COMPUTER SECURITY

INTRODUCTION

The presentation is being carried out to lay down a solution

to a problem arising related to computer security. Various

security strategies are being discussed in this

presentation. These strategies would help in successfully

coping up with the computer security issues. The security

strategies recommended to address the issue and the

effectiveness of mitigation strategy in controlling the issue

are also discussed in the presentation.

OVERVIEW

The computer security is the protection of assets from unauthorized access, alteration, use or destruction. Therefore, for such protection an effective strategies is must needed.

COMPUTER SECURITY ISSUESThere are some computer security issues which are normally faced

by the organization or by an individual as well. Following are

some of the issues:

Computer security issues

Internet and

network attacks

Information theft

System failure

Hardware and

software theft

Unauthorized

access and use

SECURITY STRATEGIES

• To cope up with the computer security issues, the

organization or an individual can use the following

security strategies to prevent the security of their system

and data or information.

• These strategies will help the organization to improve

the level of security and safety of data.

PROACTIVE STRATEGY This strategy includes a set of predefined steps that can be

taken to prevent the computer systems from the attacks

before they occur.

This includes identifying how an attack could possibly affect

or damage the system and the vulnerabilities it exploits.

This pattern may help in determining the areas of

vulnerability that pose the greatest risk to the enterprise.

The proactive strategy has basically three steps:

Determining the damage that the attack will cause

Determining the vulnerabilities and weaknesses that the

attack will exploit (Klöti.et.al. 2013).

Minimizing the vulnerabilities and weaknesses that are

determined to be weak points in the system for that specific

type of attack.

KEY FINDINGS OF PROACTIVE STRATEGY

Use of policies for data security

Understanding about the sensitive data

It goes beyond the technology implementation

Take initiative for data security

Use of data centric security

REACTIVE STRATEGY

The reactive strategies defines the steps that must be taken

after or during an attack.

It identifies the damage that was caused and the

vulnerabilities that were exploited in the attack.

This strategy will determine the why it took place, repair

the damage that was caused by it and implement a

contingency plan (Easttom II, 2016).

BENEFITS OF REACTIVE STRATEGY

Following are the key benefits of strategy:

Provides control over the use of computer system

Improve the accountability

Determine the level of threat

Anticipate the future changes

Help to assess the amount of damage and install

SECURITY BY DESIGN STRATEGY

• A software is designed from the ground up to be

secure.

• It includes code reviews and unit testing are

used to make modules more secure.

• Audit trails tracking system activity for

determining the extent of the breach.

BENEFITS OF SECURITY BY DESIGN STRATEGY

Following are the major benefits of using the particular

strategy:

Integration of methodologies

Detecting and resolving problems

Improve flexibility and adaptable architecture

Integration of application for better security

APPLICATION WHITE LISTING

It is an effective means of ensuring the security, stability and

consistency of a computing environment.

Proper planning and pre-deployment activities are required for a

successful deployment of application white listing technology.

It can be deployed in support of policy which defines applications

which users are allowed to run or can run in the course of their

duties.

MINIMIZING ADMINISTRATIVE PRIVILEGES

• Administrative privileges are designed to allow access of only

trusted personnel.

• Accounts with administrative privileges to a window domain

typically have the ability to effect changes or to see such

information from any system on that domain (Goldman.et.al, 2011).

• These privileges introduce a number of potential points of weakness

into that system.

PASSWORDS AND APPROPRIATE USER AUTHENTICATION STRATEGY

The best strategy for protecting the data from being accessed by an unauthorized

user.

The user authorization can be verified in any security system via piece of

information like password, something possessed by an individual like ID, credit

and a biometric characteristic of the individual like finger print (White, 2015).

Through this the important and relevant information can be safe from the

authorized users.

DISASTER RECOVERY PLANNING

A proper planning is a best strategy to overcome from the

problems related to eventuality of hardware failure or loss

and data loss or corruption.

Depending on the types of threats, disaster recover plans

may rely on one of a mix of strategies (Cichonski.et.al.

2012).

INFORMING USERS ABOUT THE SUSPICIOUS E-MAILS

The user using the computer system are require to

inform under this strategy to be careful of any

suspicious e-mails.

According to this, the user are should be careful when

the email is from the known source, caution should be

exercised when opening attachments or clicking on

links in emails.

IMPLEMENTATION OF A VULNERABILITY MANAGEMENT PROGRAM

The most of the worms and viruses try to exploit bugs and

vulnerabilities within the operating system and applications.

The vulnerabilities can be introduced in network everyday

(Song, 2010). It is important to regularly review the network

and applications running on it for new vulnerabilities.

After this, a proper plan is then prepare for proper

management of vulnerabilities.

The vulnerabilities can be managed by through patching,

upgrading, or managing the vulnerabilities using tools like

firewalls and Intrusion Detection Systems.

The discovered vulnerabilities should also be rated and

prioritized regarding their criticality and their impact (Rid &

McBurney, 2012).

MAINTAINING BACKUPS AND MONITORING LOGS AND SYSTEM

The critical data or information should be daily or periodically

must be regularly backup.

It is useful when a network gets infected with a computer virus or

system or hardware crash.

These backups must be stored safely in the offsite location .

Regular monitoring of network and system logs assist in

indentifying the computer virus or other criminal attacks.

Log files for the backups should be checked regularly in

order to insure that the backups succeeded.

Log files for anti-virus software deployed should be

regularly checked to ensure that PC are running the latest

version of antivirus.

These strategies ensure that the chances of attacks and

their impact is reduced and minimized to a greater

extend.

DEVELOPMENT OF INCIDENT RESPONSE PLAN

The incident response plan outlines the roles and

responsibilities that people may have in the event of a

computer virus infecting the network or indeed any

other type of security breach (Hsiao.et.al. 2014).

The plan is prepared and drawn up by the agreed

relevant parties before an incident occurs.

CRYPTOGRAPHY STRATEGY

This strategy is best when the confidentiality and security of data

and information is to be maintained.

The modern cryptography exists at the intersection of the disciplines

computer science, mathematics and electrical engineering.

It is conversion of the information from a readable state to apparent

nonsense (Kahate, 2013)

Only the authorized user can be decodes such encrypted data or

information.

RECOMMENDED SECURITY STRATEGIES

To address the current issue the best strategy that would be

recommended is a proactive and reactive strategy.

These strategy is best because it provides a suitable way to

identify and reduced the affects of the security issues

before their cause.

It the impacts and core area of infection are not identified

before then the reactive strategy would help in repairing the

damage caused through an implemented contingency plan.

ACTIVITIES FOR IMPROVING COMPUTER SECURITY

Using the following recommendation the security of computer

could be improved:

Use of Linux

Disable add-ons

Deploy a hardware based firewall

Enforce Strict password policies

Use of content filter

EFFECTIVENESS OF MITIGATION STRATEGY

The mitigation strategy would be effective in controlling the issues with

respect to other strategies in the following ways:

Ensures that the identified issues before their cause are removed to the

best possible way.

The damage occurred after their cause are repaired to the best possible

way as suggested in the contingency plan.

The organization is always ready to fight against the computer security

issues with the proactive and reactive plans without causing any

disturbance in the operations of the organization.

THANK YOU