E-mail spam
Because "spam" – junk e-mail is so cheap and easy to create, fraudsters increasingly use it to find investors for investment schemes or to spread false information about a company. Using a bulk e-mail program, spammers can send personalised messages to thousands and even millions of Internet users at a time. One of the fraud examples may be The "Risk-Free" Fraud which can involve you into “Exciting, low-Risk Investment Opportunities”. It may sounds like exotic investments, such as prime bank securities or a wireless cable projects for instance. And sometimes the investment products do not even exist they are merely scams. So be aware of opportunities that promise spectacular profits or "guaranteed" returns. If the deal sounds too good to be true, then it probably is.
The Sophos Security Threat Report reveals that more malware is hosted on U.S. Web sites and more spam is relayed from American computers, than any other country. As evidence of this, when an American Internet company, accused of collaborating with spammers and hackers, was disconnected from the Net in November, there was a staggering 75 percent drop in spam.
Fraud
As we know that the Internet serves as an excellent tool for anyone who wants to invest its money into any new business opportunities. The internet makes the researching easier and inexpensively. But the Internet is also an excellent tool for fraudsters. That's why people should always think twice before they invest their money in any opportunity they find through the Internet.
Fraud is a serious risk to computer security. In a broad strokes definition, fraud is a deliberate misrepresentation which causes another person to suffer damages, usually monetary losses. Someone may lie about his name, place of birth and family, but as long as he remains truthful about the product he sells, he will not be found guilty of fraud. Many fraud cases involve complicated financial transactions.
Most of the well-known frauds on internet take top tenth internet scams. They are summarised as follow:
- Fake Check Scams. Where consumers paid with checks for work or items sold, instructed to wire money back.
- General Merchandise and Action. Where goods are sold (not or through auctions) but never delivered or misrepresented.
- Nigerian Money Offers. False promises of riches if consumers pay to transfer money to their bank accounts.
- Lotteries. Request for payment to claim lottery winnings or get help to win, often foreign lotteries.
- Advance Fee Loans. False promises of business or personal loans, even if credit is bad.
- Prizes. Request for payment to claim prizes that never materialise.
- Phishing. Emails pretending to be from a well-known source, asking to confirm personal information.
- Friendship. Getting an online relationship convinces victim to send money.
-
Internet Access Service. Cost of Internet access and other services misrepresented or services never provided.
Below I would like to mention about other and may more destroyable computer’s risk. “Let me introduce you the viruses”. I would put a smile icon in, but it is a serious matter to discuss. So what actually a virus is and what is the biggest fears about being infected? Firstly a computer virus is a . And one of the biggest fears among new computer users is being infected by a computer virus or programs designed to destroy their personal data. Viruses are malicious software programs that have been designed by other computer users to cause destruction and havoc on a computer and spread themselves to other computers where they can repeat the process.
Once the virus is made, it is often distributed through shareware, e-mail, P2P programs, or other programs where users share data. It may happen to your computer, so you have to be aware of it.
But before seeking any solution, newest antivirus software, for instance, which you may think will prevent your computer from any viruses. We have to know how viruses may affect to be able to protect our computer and whereby all our data stored in it.
How viruses may affect files is a main issue. Let’s get through it in more details.
-
Viruses have the capability of infecting any file, but will generally infect executable files or data files, such as word or excel documents that are opened frequently and allow the virus to try infecting other files more often. Viruses can affect any files however, usually attack .com, .exe, .sys, .bin or any data files.
- It may increase the files size. Nobody can avoid it unfortunately, so did I. Once I did a copy to my USB device from other computer and having opened it I discovered eighty-five pages in the file instead of twenty-sixth of my original work.
-
Because most files are loaded into memory, once the program gets in it the virus can delete the file used to execute the virus. It can delete files as the file is run. It also can delete or corrupt files. If you download a file onto a disk don not think that you do not have to worry about a viruses. Once you have placed a file on a disk or moved a file from a disk to your hard drive, your computer may be infected. Virus is capable of loading itself into memory.
- It can convert .exe files to .com files. Viruses may use a separate file to run the program and rename the original file to another extension so the .exe is run before the com. Viruses also may be distributed through e-mail, also files can be attached with e-mail and if it executed can infect the computer. Today this is one of the most common ways computer viruses spread around the world.
-
It can reboot the computer when executed. Numerous computer viruses have been designed to cause a computer to reboot, freeze, or perform other tasks not normally exhibited by the computer. Even in the case where you don not download anything off of the Internet, many people create a site or a file to download with the intention of spreading a virus. In addition can be executed from just viewing a web page.
So once we will remember that a virus is a harmful program which runs on a computer may alter the information, files and damage data stored in it and how really a computer gets infected from virus, we can protect our computer from it by using an antivirus computer’s program. But having latest released antivirus software installed on your computer, it still does not mean that your computer is well protected.
Now we are familiar with how the viruses can affect on a computer. But how a computer gets infected from virus? There are some samples:
From:
- Infected Floppy Disk
- infected files downloaded from website
- infected files from a infected CD
- infected E-mail attachment
- running an unknown program or code on your computer.
What measures we can take then to prevent virus from entering into our computer?
1. We should only use floppies that are from known source and are properly scanned from an anti-virus.
2. We can install a good firewall on our computer.
3. We can install good anti-spyware on our computer.
4. Never open an E-mail from an unknown person or unknown source.
5. Install a good Anti-Virus on your computer.
6. In the Internet Explorer go to Tools icon then go to the Internet Options, then click the security tab and select highest security option on the slider. Then click apply and Ok. This step will help you from restricting harmful viruses and Trojans from entering into your computer.
The above instructions will help you reducing the risks of saving your computer from any Virus attack.
What if it is too late what we should do then when a virus attacks our computer? There are some recommendations:
1. First of all we should try to back-up our data that is most important to us.
2. If our computer is on network, just disconnect it from the network so that the virus should not spread in to the other computers.
3. Now run a good Anti Virus on the computer to scan for the viruses.
4. After the viruses are found by the anti-virus try to remove them with it.
5. Some times the viruses are internet Trojan horses or spyware, in that case you should use good anti-spyware to remove them.
General Controls
Information security belongs to one of the most important matters in the present personal or business environment. Any users want to protect their data. However, the problem is how to protect data best. There are many ways to protect or personal or business data. Some of preventions we have already mentioned above.
But if we want to minimise errors, disaster, computer crime, and breaches of security, special policies and procedures must be incorporated into the design and implementation of information systems.
The combinations of manual and automated measures can safe information systems.
The specific policies, technology and manual procedures for protecting computing resources and ensuring accuracy and reliability of information systems are called controls. (Informational System Security, chapter 18)
Computer systems are controlled by a combination of general controls and application controls.
General controls are those that control the design, security, and use of computer programs and the security of data files in general throughout the organisation. On the whole, general controls apply to all computerised applications and consist of a combination of system software and manual procedures that create an overall control environment.
General controls include the following:
• Physical hardware controls
• Computer operations controls
• Data security controls
• Administrative controls
Physical Controls
These controls include an environmental Protection against Physical hazard.
These hazards consist fire, water, temperature, dust, humidity or any environmental factor that might cause or damage computer or files. The large computer room the elaborate environmental control systems the room has. You have to make copies of important files in case of the fire. As recommendation you may need to keep the regular preventative maintenance of the hardware by qualified engineers. Magnetic tapes or disks should be kept in protective covers. Organisations that are critically dependent on their computers must also make provisions for emergency backup in case of power failure.
Make sure that computer hardware is physically secure and check for equipment malfunction. Computer hardware should be physically secured so that it can be accessed only by authorised individuals. Access to rooms where computers operate should be restricted to computer operations personnel.
Computer operation or organisational controls
Basically they are procedures to ensure that programmed procedures are consistently and correctly applied to data storage and processing.
They include controls over the setup of computer processing jobs, operations software and computer operations, and backup and recovery. Instructions for running computer jobs should be fully documented, reviewed, and approved by a responsible official person. Controls over operations software include manual procedures designed to both prevent and detect error.
Therefore your staff should be proper recruitmented and trained to ensure that all I.T. personnel have required knowledge and skills to perform their work.
For example, a human-operator error at a computer system at the Shell Pipeline Corporation caused the firm to ship 93,000 barrels of crude oil to the wrong trader. This one error cost Shell $2 million. Such error could have been avoided if the company had incorporated tighter operational safeguards.
Data Security Controls
Data security controls ensure that valuable business data files are not subject to unauthorised access, change, or destruction. Such controls are required for data files when they are in use and when they are being held for storage. It is easier to control data files in your systems, since access is limited to operators who run the batch jobs. However, on-line and real-time systems are vulnerable at several points. They can be accessed through terminals as well as by operators during production runs. For instance, one of yours dissatisfied employee may steal the business information for consideration. He or she can sell this type of information to inform different competitors about your company’s customers or business plans, etc.
When data can be input online through a terminal, entry of unauthorised input must be prevented. For example, a credit note could be altered to match a sales invoice on file. In such cases security can be developed as follow:
System software can include the use of passwords assigned only to authorised individuals. No one can log on to the system without a valid password. Additional sets of passwords and security restrictions can be developed for specific systems and applications. For example, data security software can limit access to specific files, such as the files for the accounts receivable system. Someone of your employee may have this type of profile and be able to update the system but can neither read nor update sensitive fields such as salary, medical history, or earnings data.
Another profile applies to a divisional manager, who cannot update the system but can read all employee data fields for his or her division, including medical history and salary. These profiles would be established and maintained by a data security system. A multilayered data security system is essential for ensuring that this information can he accessed only by authorised persons.
All these procedures are difficult to run within your company without any administrative control, in other words a procedural control.
Procedural controls
They are specified methods of performing tasks or activities. The idea is to have standards methods for common activities, so that results will be obtained in terms of quality, timeliness and security. Written policies and procedures establish formal standards can help you to control your information system operations. Procedures must be formalised in writing and authorised by the appropriate level of management. Accountabilities and responsibilities must be clearly specified.
Supervision of personnel involved in control procedures ensures that the controls for an information system are performing as intended. With supervision, weaknesses can be spotted, errors corrected, and deviations from standard procedures identified.
Application controls
Application controls are specific controls within each separate computer application, such as payroll or order processing. They include both automated and manual procedures that ensure that only authorised data are completely and accurately processed by that application.
The controls for each application should take account of the whole sequence of processing, manual and computer, from the first steps taken to prepare transactions to the production and use of final output.
Application controls focus on the following objectives:
1. Completeness of input and update. All current transactions must reach the computer and be recorded on computer files.
2. Accuracy of input and update. Data must be accurately captured by the computer and correctly recorded on computer files.
3. Validity. Data must be authorised or otherwise checked with regard to the appropriateness of the transaction. (In other words, the transaction must reflect the right event in the external world. The validity of an address change, for example, refers to whether a transaction actually captured the right address for a specific individual.)
4. Maintenance. Data on computer files must continue to remain correct and current.
Application controls can be classified as (1) input controls, (2) processing controls, and (3)
output controls.
Input controls check data for accuracy and completeness when they enter the system.
There are specific input controls for input authorisation, data conversion, data editing, and error handling. Input must be properly authorised, recorded, and monitored as source documents flow to the computer. For example, formal procedures can be set up to authorise only selected members of the sales department to prepare sales transactions for an order entry system. So the batches may require authorisation signatures before they can be entered into the computer.
Processing controls establish that data are complete and accurate during updating. The major processing controls are run control totals, computer matching, and programmed edit
checks.
Output control
It ensures that the results of computer processing are accurate, complete, and properly distributed. Typical output controls include the following:
• Balancing output totals with input and processing totals
• Reviews of the computer processing logs to determine that all of the correct computer jobs were executed properly for processing
• Audits of output reports to make sure that totals, formats, and critical details are correct and reconcilable with input
• Formal procedures and documentation specifying authorized recipients of output reports, checks, or other critical documents.
Summary conclusion
Today, we don't even know when we are being attacked. But if you know the answers on some simple questions as:
- How the information is used
- Who the information is shared with
- How users can access and correct information
- And finally how to protect all data stored on your computer
It might ensure all your computing resources of your company and protect their continued availability and usefulness.
To decide which controls to use, information system builders must examine various control techniques in your company in relation to each other and to their relative cost effectiveness.
Using all recommendations received through the assignment is essential for your computer to be protected from a variety of risks and threats.
A control weakness at one point may be neutralised by a strong control at another. Therefore it may not be cost effective to build strong controls at every point in the processing cycle if compensating controls exist elsewhere. The combination of all the controls that we discussed above and developed for a particular application will determine its overall control structure.
Bibliography:
http://www.computerhope.com/vlist.htm
http://www.infosectoday.com/Articles/Security_Threat_2009.htm
http://www.infosectoday.com/Articles/Security_Threat_2009.htm
http://www.fraud.org/internet/2007internet.pdf
http://www.computerhope.com/vlist.htm
http://www.infosectoday.com/Articles/Protecting_Critical_Business_Data.htm