|[ LiB ]|
As recently as a few years ago, computer security was the concern of only the people in the corporate IT department. But with the increasing connection of computers into networks and the rise of computer criminals, security now must be everyone's business. You must know the basics of information security to proceed in your career with computers.
Just as keeping physical assets safe is the job of the corporate security department, keeping computer assets safe is the job of information security.
Understand the term information security and the benefits to an organization of being proactive in dealing with security risks such as: adopting an information security policy with respect to handling sensitive data, having procedures for reporting security incidents, making staff members aware of their responsibilities with respect to information security.
The goal of information security is to protect the intangible information assets of your organization. Consider all the information that's stored on computers in your organization: financial records and projections, plans for future product launches, customer lists, perhaps even confidential information such as medical or payroll records. These are all things that you need to protect. Any organization using computers should have a plan to deal with security risks. Here are some factors to consider:
The plan should include a written information security policy so that all employees understand the risks involved and the information that must be protected.
Sensitive information should be limited to only those people and those computers where it is necessary to do the job.
There should be a clear procedure for reporting security incidents, confirmed or suspected, to IT professionals who can carry out a proper investigation.
Policy manuals and periodic training should be used to make sure that all staff members understand the importance of information security.
Know about privacy issues associated with computers, such as adopting good password policies. Understand what is meant by user ID and differentiate between user ID and password. Understand the term access rights and know why access rights are important.
Part of information security is ensuring that information is kept private from those who should not have access. One way that you do so is by requiring people to type passwords to use their computers. But passwords are worthless if they're too easy to guess. Your company should have a password policy that specifies which passwords are acceptable. Some typical rules for a password are as follows :
Passwords must be at least seven characters long.
Words in the dictionary are not allowed as passwords.
Passwords must contain characters from at least three of these four classes: uppercase letters, lowercase letters , numerals, and symbols.
Passwords must be changed at least once every 60 days.
Passwords cannot be written down.
It's important to understand the difference between a password and a user ID. A user ID is the name by which a computer user is known on the network. Your user ID is public knowledge; anyone who needs to send you email, for example, will need your user ID. In contrast, your password should be known only to yourself.
Most operating systems support the concept of access rights . Access rights allow the computer operator to specify who can work with certain information. For example, users in the accounting department might have the right to add data to the general ledger, whereas other users might only have the right to view the information or might even be locked out entirely. Proper application of access rights gives your network administrator a valuable tool in preserving the security and privacy of information.
Know about the purpose and value of backing up data, software to a removable storage device.
One of the threats to information is that computer hardware is imperfect. Hard drives , for example, can break, making it difficult or impossible to retrieve the information that they store. That can be an annoyance if the information is a program that you use frequently or a disaster if the information is a customer list or other critical business information.
Such disasters are the reason that data should be backed upthat is, copied to another location, such as a Zip disk or a data cartridge, that can be removed from the computer. For good information security, you should back up critical information on a regular basis and store the backups in a different location from that of the original computers.
Be aware of possible implications of theft of a laptop computer, PDA, mobile phone such as: possible misuse of confidential files, loss of files, loss of important contact details if not available on a separate source, possible misuse of telephone numbers .
Finally, don't overlook the importance of securing the physical computer hardware. This step is most important for laptop computers, which are designed to be easily portable. Consider the possible effects of having your laptop, PDA, or smart phone (programmable cellular phone) stolen:
Information in confidential files might be read by an unknown number of outsiders.
You might lose files that you did not have stored on another device, such as a desktop computer.
You might lose important contact information such as phone numbers that you never backed up to another location.
If you have a file containing credit card or calling card numbers, someone could easily misuse those numbers.
One of the major threats to computers is the computer virus. It's important to understand how to prevent viruses from infecting your computer.
Understand the term virus when used in computing and understand that there are different types of viruses. Be aware when and how viruses can enter a computer system.
A computer virus is a software program that can spread from computer to computer across a network without any human intervention. Viruses can also perform a variety of destructive activities on your computer, from deleting files to sending email in your name. Thousands of different computer viruses have been detected around the world. In most cases, no one knows who is responsible for writing these malicious programs, even though there are stern legal penalties for knowingly releasing a computer virus.
There are several ways in which a virus can enter a computer system:
The most common way for viruses to enter a computer is by the user of the computer double-clicking on an attachment to an email message.
Viruses can also be transmitted on diskettes, Zip disks, or other removable media.
Some viruses take advantage of errors in other software to spread themselves . For example, a malicious Web page might download a virus to your computer by exploiting an error in your Web browser.
Know about antivirus measures and what to do when a virus infects a computer. Be aware of the limitations of antivirus software. Understand what "disinfecting" files means.
If your computer begins acting strangely (shutting down, displaying odd messages, sending email without your intervention), it's possible that it has been invaded by a computer virus. In that case, it's time to deploy antivirus measures by running a virus scan . Specialized software known as antivirus software can check your computer's memory and hard drive for signs of a virus.
This process is not completely foolproof because virus writers are constantly coming up with ways to hide viruses from scanning software. Of course, the scanning software vendors are constantly updating to defeat the viruses as well, so you should make sure your antivirus software is up-to-date before performing a virus scan.
Often you can visit the Web site of the antivirus software maker to gather or download updates to your antivirus software.
If a virus is found on your computer, most antivirus software will offer to disinfect the file that contains the virus. Disinfection removes the virus and returns the file to its original working order. Unfortunately, some viruses damage the files that they infect . In these cases, you have no alternative but to delete the infected files.
You'll learn more about using antivirus software in Chapter 3.
Understand good practice when downloading files, accessing file attachments, such as: use of virus scanning software, not opening unrecognised email messages, not opening attachments contained within unrecognized email messages.
The best way to deal with viruses is to not allow your computer to become infected in the first place. Here are some things you can do to protect yourself from computer viruses:
Install antivirus software, and run virus scans on a regular basis. Some antivirus software will automatically scan your computer when you turn it on. Some can also be configured to check all new files for viruses automatically. You should activate both of these features.
Keep your antivirus software up-to-date. Most antivirus software allows you to automatically download updates from the Internet at regular intervals.
If you are using an email application that recognizes richly formatted email, turn off any preview function that automatically displays new messages. Instead, you should only open email that comes from people you recognize. (Of course, this step might not be practical if you are required to deal with email from potential new customers.)
Email can contain attached files , which are documents or programs that are delivered along with the email message. These attached files are one of the most common vectors of virus infection. You should never open an attached file unless you were specifically expecting to receive it.
If you are running instant-messaging (IM) software, do not accept file deliveries from users you do not recognize.
|[ LiB ]|