1. What Are the Various Types of Security Risks that Can Threaten Computers? A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software data, information, or processing capability. Computer security risks include computer viruses, unauthorized access and use, hardware theft, software theft, information theft, and system failure. Safeguards are protective measures that can be taken to minimize or prevent the consequences of computer security risks. A computer virus is a potentially damaging computer program designed to affect or infect a computer negatively by altering the way it works. Unauthorized access is the use of a computer or network without permission; unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
An individual who tries to access a computer or network illegally is called a cracker or a hacker. Hardware theft, software theft, and information theft present difficult security challenges. The most common form of software theft is software piracy, which is the unauthorized and illegal duplication of copyrighted software. A system failure is the prolonged malfunction of a computer.
2. How Does a Computer Virus Work and What Steps Can Individuals Take to Prevent Viruses? A virus spreads when users share the host program to which the virus is attached. A virus can replace the boot program with an infected version (boot sector virus), attach itself to a file (file virus), hide within a legitimate program (Trojan horse virus), or use an application’s macro language to hide virus code (macro virus).
The virus is activated when a certain action takes place (a logic bomb) or at a specific time (a time bomb).
Viruses can be prevented by installing an antivirus program, write-protecting a rescue disk or emergency disk, never starting a computer with a disk in drive A, scanning floppy disks for viruses, checking downloaded programs, and regularly backing up files.
3. How Can a Computer Be Safeguarded? An antivirus program protects a computer against viruses by identifying and removing any computer viruses found in memory. Access controls prevent unauthorized access and use by defining who can access a computer, when they can access it, and what actions they can take. Physical access controls and common sense can minimize hardware theft. A software license addresses software piracy by specifying conditions for software use. Encryption reduces information theft by converting readable data into unreadable characters.
Surge protectors power supplies guard against system failure by controlling power irregularities. 4. Why Is Computer Backup Important and How Is It Accomplished? A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. In case of system failure or the discovery of corrupted files, the backup can be used to restore the files by copying the backed up files to their original location.
Backup procedures specify a regular plan of copying and storing important data and program files. Organizations can accomplish a backup using one of, or combinations of, three methods: a full backup, which duplicates all files; a differential backup, which duplicates only files changed since the last fullback up; or an incremental backup, which duplicates only files changed since the last full or incremental backup. 5. What Are the Components of a Disaster Recovery Plan? A disaster recovery plan is a written plan describing the steps an organization would take to restore computer operations in the event of a disaster. A disaster recovery plan has four major components. An emergency plan specifies the steps to be taken immediately after a disaster strikes.
A backup plan details how an organization will use backup files and equipment to resume information processing. A recovery plan stipulates the actions to be taken to restore full information processing operations. A test plan contains information for simulating different levels of disasters and recording an organization’s ability to recover. 6.
What Are Issues Relating to Information Privacy? Information privacy refers to the right of individuals and organizations to deny or restrict the collection and use of information about them. Information privacy issues include unauthorized collection and use of information and employee monitoring. Unauthorized collection and use of information involves the compilation of data about an individual from a variety of sources. The data is combined to create an electronic profile that, without an individual’s permission, may be sold to other organizations.
Employee monitoring involves the use of computers to observe, record, and review an individual’s use of a computer, including communications, keyboard activity, and Internet sites visited. 7. What Are Ethical Issues with Respect to the Information Age? Computer ethics are the moral guidelines that govern the use of computers and information systems. Unauthorized use of computer systems, software theft, and information privacy are frequently discussed ethical issues. Other important ethical issues are the responsibility for information accuracy and codes of conduct that help determine whether a specific computer action is ethical or unethical.
8. What Are Internet-Related Security and Privacy Issues? Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises. On a vast network such as the Internet, the risk is even greater. To provide secure data transmission, many Web browsers use Internet encryption methods such as Secure Socket Layers and digital signatures. The most discussed ethical issue concerning the Internet is the availability of objectionable material.