INFORMATION TECHNOLOGY

GRADE 10
COMPUTER SECURITY AND DATA MISUSE

Computer security refers to the protection of hardware and software resources against their
accidental or deliberate damage, theft or corruption ( in case of software). It can also be defined
as all the activities related to identifying, assessing and managing vulnerabilities, threats and
attacks on a computer system.

Computer misuse relates to a range of illegal activities during which a computer system or
computer network is accessed, or its data is accessed, modified or deleted without proper
authorization, its services obtained and used to commit a criminal act.

Cyberspace-generally refers to any data or resources that can be accesses via a network or the
space where the internet operates.

Cybercrime-any crime perpetrated using computers and networks.

Cyber security- all the activities related to identifying, assessing and managing the
vulnerabilities, threats and attacks originating from cyberspace. Eg. Of cyber security is a spam
filter in an email application program. Spam filters identify emails that are trying to scam
legitimate users and automatically delete them. It is the body of technologies, processes and
practices designed to protect networks, computers, programs and data from attack, damage or
unauthorized access.

Cyber security and computer security are closely related. Computer security is inward looking
with the focus on safeguarding local computer installations under our control while cyber
security looks outward to focus on providing safe guards when our computers systems connect to
external network such as the internet.

Data security is the protection of data against intentional or accidental damage.

Deliberate damage (HACKING)- This is the unauthorized access and use of networked or
stand alone computer system to steal or damage data and programs.

Accidental damage- this occurs through genuine errors by computer users, such as overwriting
the most recent data or entering incorrect commands. Damage can also occur as a result of
viruses transferred from secondary storage devices or via the internet.

Misuse of data
 Acts which are likely to cause unauthorized modification, removal or copying of the
contents of any computer system
 Directly or indirectly obtaining computer service without proper authorization e.g. Music
download from an illegal site
 Accessing programs or data on a computer with the intent to commit a crime
 Unauthorized access to a computer system

Computer misuse by individuals would include:

 Sending a personal email from a work computer during periods of work
 Gaining unauthorized access to the company’s online banking service
 Moving funds from a company account into a personal account

Computer misuse by an organization would include:

 Software piracy (where software is used without paying the appropriate fees)
 Industrial espionage (unauthorized access of a competitor’s computer system to copy
confidential data)

Computer misuse by a government would include:

 Intercepting private emails
  Altering election results
 Spreading “fake news”

Common ways in which computer systems and data may be misused are:

Individual Organization Government

 Cyberbullying  Copyright  Electronic
infringement eavesdropping
 Financial Abuse  Data Theft  espionage
(credit card fraud and  Denial of service
identity theft attacks
 Financial abuse

 Online publication of  Industrial espionage  Manipulation of data

obscene materials

 Phishing attacks  Software and music  Propaganda

piracy
 Violation of privacy  Transmission of
malware

Computer Misuse (Individual)

 Cyber bullying-a form of bullying or harassment using computer based communication.

 Identity theft-deliberate use of someone else’s identity, usually to gain a financial

advantage eg. False application for loans and credit cards, fraudulent withdrawals from
bank accounts, fraudulent use of online accounts, fraudulently obtaining other goods and
services

 Online Publication of obscene materials- obscene material is material of sexual nature

or material that offends against society’s morality. Obscene material is offensive to look
at and someone who accidentally views this material may feel invasion of privacy
because this is on their computer in their home. This can lead to emotional distress.

 Phishing attacks-the attempt to obtain sensitive information such as usernames and

passwords and credit card details by sending emails pretending to be from a legitimate
organization.

 Violation of privacy-privacy is the right of persons to choose freely under what

circumstances and to what extent they will reveal information about themselves. Privacy
relates to an individuals ability to control their personal information.

Computer Misuse (Organization)

 Copyright infringement-copyright is a legal right that gives the creator of an original

work exclusive rights over its use and distribution. Copyright is a form of intellectual
property applicable to certain forms of creative work such as books, maps, poetry and
plays. These rights includes reproduction, control over original works, distribution and
public performance.

Copyright infringement occurs when an entity that is not a rights holder reproduces,
creates an original work, distributes, performs or otherwise benefits from the copyrighted
work without obtaining the requisite permission and pay any associated fees. Copyright
can be infringed by individuals and companies alike.

 Software and music piracy-the unauthorized reproduction, distribution or use of

software products. Software or music piracy occurs when someone does not abide by the
rules to obtain permission from an owner. This type of piracy results from illegal use,
 sharing, selling or distribution of copies of software or music and prevents the rightful
owner from getting money due to them for their creative efforts.

 Data Theft-the unauthorized copying or removal of data from the legitimate owner’s
computer system. Data theft may be instigated internally by an employee or externally by
hackers exploiting poor security or lost/stolen storage devices or media. The effects on an
organization of data theft include reputational loss and loss of customers, possibly
leading to reduction in profits and in extreme cases the organization maybe forced to
cease operating.

 Denial of service attack (DOS) -a cyber attack where the intent is to prevent a service
from being delivered by a target system. A denial of service attack occurs when computer
systems or networks are overwhelmed with so much data and processing that it makes it
difficult or impossible for legitimate users to access their computer systems, devices or
other network services. For eg. Students trying to access their CXC results at the same
time.

 Financial Abuse-computer based fraud where individuals gain unauthorized access to

financial accounts and change the details of those accounts to their advantage.

 Industrial Espionage -Spying to gain information that can be used to further a purpose
or that can be used against the party being spied on.

Malware

This is software designed to disrupt, damage or gain unauthorized access to a computer system.
Viruses, worms, trojans, ransomware and spyware are all types of malware. The writers of
malware use a variety of means to spread malware and infect networks and devices. Malicious
programs can be delivered physically to a system via USB drive or other external storage device,
via the internet(when a user downloads a legitimate program), phishing attacks.

Name of malware Description

Ransomware A type of malware designed to infect a user’s system and encrypt
data: cyber criminals then demand a ransom payment from the
victim in exchange for promising to decrypt the systems data.
Spyware A type of malware designed to collect information and data on users
and observe their activities without their knowledge
Trojans A type of malware included with a legitimate program and activated
following installation, trojans execute (run) malicious functions
such as stealing usernames and passwords
Viruses A type of malware that resides in a host program and executes itself
when the program runs. It spreads by replicating itself and infecting
other programs or files; it can corrupt or delete data on a computer
system
Worms A type of malware that can self replicate without a host program;
worms typically spread without any human interaction or directives
from the malware authors.

Computer Misuse (Government)

 Propaganda-communication of information that is of a biased or misleading nature and

that is aimed at influencing the recipient. Propaganda can be used by various groups such
as activists groups, companies, the media and government bodies for various purposes.

 Electronic eavesdropping-the use of electronic devices to monitor electronic

communications between two or more groups without the permission of any of the
communicating parties.
Counter measures to mitigate effects of identified threats
Whether a threat is deliberate or accidental, all methods should be taken to prevent it from
occurring or to minimize its effects. A counter measure is a procedure, either physical or logical
that recognises, reduces, or eliminate a threat.
Data protection

Refers to computer users who can protect their data against loss or damage. It also refers to data
protection laws, which set down rules about what information can be kept by others about you.

Areas of counter measures

 Physical measures
 Software measures
 Personal security practices

Physical security measure- any mechanism that reduces the risk of unauthorized access to a
computer system’s hardware. These can be:

 Controlling access to location containing computer hardware

 Security personnel (well trained security guards) operating at access points to process
visitors and grant access to authorized persons only
 Include biometric systems, key cards, magnetic swipe cards, numeric keypads and
proximity cards at key access points which automatically record details of authorized
access or unauthorized attempts
 Secure locking mechanism fitted on computer system cases, peripheral devices and
storage cabinets
 Purchase purpose built cabinets or safe boxes that can withstand fire and flood events are
used to store removable storage media (flash drives, memory cards, cds and dvds) when
not in use.

Software measure- these are a combination of specialized system software and application
software used to protect computer systems. These include:

 Backup and recovery procedures- make a safety copy of important files regularly to a
removable storage device and keep at a remote location in a secure waterproof/fireproof
cabinet. Recover data from the copy in case of an event that causes data damage or loss

 Effective identity checking systems including biometrics-grant access to restricted areas

based on the presentation of a password or access code, fingerprint, retina or voice

 Encryption-this involves using a code so that the data cannot be understood. It involves
encrypting sensitive data before transmitting it over public networks or storing on
removable media. Also use higher levels of encryption for more sensitive data such as
access codes and credit card

 Firewall-this blocks dangerous content on a network. Restrict network traffic entering or

leaving a system usually blocking all traffic except email and access to the world wide
web. Use firewall as a barrier between a public network and the organization’s private
network.

 Malware detection and removal-set anti-virus tools to automatically scan for malware
all removable devices attached to a computer system and all network traffic including
incoming email and file transfer protocol (FTP) downloaded files. Keep up to date and
regularly run an anti-virus program to perform an in depth scan of all files on the
computer system. Immediately quarantine and/or remove identified threats.

 Operating systems updates- set the operating system to automatically download and
install updates.

Personal security practices-these are counter measures used by individuals to implement

computer security and cyber security. These include:
  Limit use of open wi-fi networks by exercising extreme caution when using open wifi
connection. Never use an open wifi connection for confidential work such as online
banking

 Follow password best practices-create secure but memorable passwords, never share
passwords, access codes, credentials or username with anyone

 Defend against identity theft-reduce the sharing of personal identifying information

including dates, places and names.

 Always be aware of phishing emails-remain alert whenever you receive an unsolicited

email, check URLs and hyperlinks before clicking; ensure that each is from a trusted
source and is legitimate

 Keep track of your mobile devices and removable storage devices

 Access sensitive files only on a secure network- don’t access sensitive files or carry out
banking transactions on free public wifi in the shopping mall or parks because they are
not secure

 Make regular backups of your own files. Work files should only be backed up by the
company and so should be copied by employees as this presents a security risk.

The effects of automation on job security

The introduction of computers has led to a change in the way persons work. Being able to use a
computer system has become an indispensable skill. Unskilled and low-skilled workers are
retraining and becoming more productive by using IT systems.

 In offices, typists have had to retrain to become skilled work processing clerks

 In education, teachers and lecturers need skills similar to those of modern office
personnel to access student records, produce test papers and maintain electronic mark
books

 Medical personnel need to access patient records, produce documents, plot charts and
graphs of patients progress and operate computerized life support systems

 Musicians now use computers as a creative tool to create, mix and distribute their music

 Mass media personnel also use computers in a creative way. Newspaper publishers must
be skilled in desktop publishing to layout their magazines and papers. Photo editing skills
are needed to enhance pictures ready for publication. In the visual mass media such as
television, the skills to create animations, charts and graphs must be mastered.

 Law enforcement officers require computer literacy skills including word processing to
fill in crime reports, database skills to access criminal records and specialist skills to
operate a variety of software such as fingerprint matching.

 In the movie industry staff must be able to exploit the power of computers, particularly
when editing the movie and in the production of special effects animation and computer
modelling.


Roles of various personnel in computer-related professions

Computer systems require a large number of skilled professionals to:

Develop software, maintain websites, manage databases, run social media, and keep computers
and network running smoothly. Some organizations base their business on their computer
systems for eg banks.
  Network engineer-responsible for the design and implementation of computer network
LANS, MANS AND WANS

 Computer programmer- writes programs based on specifications, prepares

documentation and maintains existing software.

 Computer support specialist-assists users who are having problems with their computer
systems

 Systems analysts- oversees activities relating to the design and development of new
information systems

 Database administrator-responsible for designing and maintaining the organization’s

database system

 Network administrator- responsible for day-to-day smooth running of the

organization’s network

 Software developer-works with the system analyst and develops the program
specifications that the programmers will work from

 Web developer-takes a web design from client and turns it into an operational website

 Social media specialist-responsible for planning and implementing a company’s social

media strategy and output which may include facebook, twitter, instagram etc

 System administrator-responsible for the day-to-day running and management of the

computer systems. Installs and updates software and ensures the system is secure.

Impact of Information and Communications Technology (ICT) on Education, Medicine,

Business, Law Enforcement and Recreation.

 Computers and their impact on education- access to information, computer aided

instruction, remote/distance learning , interactive computer based training allow student
to work at their own pace and at a time that is convenient to them, collaborative teaching
and learning, plagiarism; online tutoring.

 Computers and their impact on medicine- access to information (for both medical
personnel and patients), telemedicine, eHealth (online access to health services),
implications for the quality of healthcare, increase in self-diagnosis, easy access to
medical expertise in distant location (for example, teleradiology).

 Computers and their impact on business- E-commerce, Electronic Point of

Sale(EPOS), telecommuting Email.

 Computers and their impact on law enforcement-E-surveillance, finger printing,

Biometrics.

 Computers and their impact on Recreation-music and gaming