A common body of knowledge for information security is formed when information from around the globe is grouped together for the purpose of being used as a guideline on how to secure information. There are, however no universally accepted common body of knowledge for information security, though ongoing efforts are made to establish one limitation that occurs in current developments of such a body of knowledge, is that it frequently focuses primarily on professionals in industry and leaves no room or opportunity for low-level users (such as end users) who require a scaled-down version of this knowledge. The aim of the common body of knowledge that is developed as part of the basis for the Information Security Retrieval and Awareness model proposed in this paper is twofold: to focus specifically on users with little or no formal background on how to properly secure information they work with, yet also not to exclude professionals.
Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. This damage can range from errors harming database integrity to fires destroying entire computer centers. Losses can stem, for example, from the actions of supposedly trusted employees defrauding a system, from outside hackers, or from careless data entry clerks. Precision in estimating computer security-related losses is not possible because many losses are never discovered, and others are “swept under the carpet” to avoid unfavorable publicity. The effects of various threats varies considerably: some affect the confidentiality or integrity of data while others affect the availability of a system.
According to threats are categorized according to the type of information system asset that is affected, the categories are: Software, hardware, data, personnel, administration, network, physical. There are roughly 15 leading information system threats, among those threats are: data processing errors, network breakdowns, software breakdowns, and viruses. Viruses are one of the most popular threats to computer systems. One can define a computer virus as ” a total recursive function which applies to every program and obtains its infected form such that can infect other programs”
Among whole lot of viruses that exist there are a number of viruses:
Malicious Codes/programs and backdoors. Malicious codes and programs refer to
virus (that reproduces by attaching to another program), worm (an independent program that reproduces by copying itself from one system to another, usually over a network)
and trojan programs (an independent program that appears to perform a useful function but that hides another unauthorized program inside it). Infected on a machine and permits an attacker to control the compromised machine’s network. Malicious code can cause significant security breaches such as jeopardize the availability of information once it infects programs/files and corrupts them thus making them inaccessible. A trojan program installed successfully in your PC, can permit an intruder to access or modify any information available in the PC and worst still the software configuration of a computer can be changed to permit subsequent intrusions.
Hard disk boot sector – The virus infects the DOS boot sector of the hard drive.
Extending – The virus extends the size of the infected program file
Boot sector – The virus infects the partition table of the hard disk or even the floppy disk boot sector.
Disk corruption – The virus corrupts all of part of the disk.
File linkage – Directly or indirectly corrupts the file linkage.
Resident – The virus installs itself in memory.
Runtime slow down – The virus affects system run-time operations.
Types of countermeasures
IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection; this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries
There are a number of countermeasures that can be done to prevent threats from interfering with the functionality of information systems.
Software – User entrance logs, system recovery, multi-user system, automatic debug and test, access control to program source, verification of system modified, convert channels and Trojan code.
Hardware – Remote mirroring, surveillance system use, entrance limitation, Uninterruptable power supplies and periodical disk checking.
Data – Information backup, data access controls, user access rights, enforced path, event logging, information handling procedures, management of removal media, and disposal of media.
Network – Antivirus software, encryption, user authentication, instruction detection systems, firewalls, alternative circuits, digital signatures, limitation of connection time.
Unsecured Windows file sharings. – Anyone with File and Print sharing enabled and using share level access are exposed to this threat, a common source of security problem under Windows operating systems. The flaw in an unsecured windows shares can be exploited by intruders in an automated way to place tools on large numbers of Windows based computers attached to the Internet. An unsecured windows shares together with DOS tools can become a great opportunity for intruders to launch DOS attacks. It was discovered recently that there is a flaw in the way that Windows handles the passwords for file sharing. An attacker still can access a password protected shared driving without knowing the full password just the first character of it. A special program can be easily written to exploit the problem and in fact are already circulating around the Net, to be abused by intruders everywhere.
The emerging trends in network security threats are leading more and more towards the need for pro-active Intrusion Prevention Systems, and further away from the traditional Intrusion Detection Systems with alert only capabilities. The goal of a security program is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss.