Week 1 Security for Software Engineers and Roles

Question 1

Why is Computer Security Important?

Answer 1

Computer security is essential for protecting valuable assets, maintaining trust, complying with regulations, ensuring business continuity, and safeguarding individuals, organizations, and society as a whole in an increasingly interconnected and digitized world.

Question 2

What are the reasons that computer security is important?

Answer 2

• Protection of Information: Computers store vast amounts of sensitive and confidential information, including personal data, financial records, intellectual property, and proprietary business information. Ensuring the security of this data is essential to prevent unauthorized access, theft, or disclosure.
• Prevention of Cyber-Attacks: With the increasing frequency and sophistication of cyber-attacks, robust computer security measures are necessary to defend against threats such as malware, ransomware, phishing, and denial-of-service (DoS) attacks. These attacks can disrupt operations, cause financial losses, damage reputations, and compromise the integrity of systems and data.
• Preservation of Trust: Trust is crucial in the digital age, both among individuals and organizations. Maintaining the trust of customers, partners, and stakeholders requires demonstrating a commitment to protecting their privacy and security. Breaches or lapses in computer security can erode trust and lead to significant consequences for businesses and institutions.
• Compliance and Legal Obligations: Many industries are subject to regulations and legal requirements regarding the protection of sensitive information, such as the Health Insurance Portability and Accountability Act (HIPAA) in healthcare or the General Data Protection Regulation (GDPR) in the European Union. Adhering to these regulations necessitates implementing adequate computer security measures.
• Business Continuity: Cyber-attacks and security breaches can disrupt operations, leading to downtime, loss of productivity, and financial harm. By investing in computer security, organizations can minimize the risk of such disruptions and ensure the continuity of their business operations.
• Protection of Critical Infrastructure: Critical infrastructure sectors, including energy, transportation, healthcare, and finance, rely heavily on computer systems and networks. Securing these systems is vital to safeguarding essential services, public safety, and national security.

Question 3

What are the consequences of security violations?

Answer 3

• Financial Losses: Security breaches can result in direct financial losses for organizations due to costs associated with investigating the incident, mitigating damage, implementing security improvements, and potential legal settlements or regulatory fines. Additionally, organizations may suffer from loss of revenue, customer trust, and market value.
• Reputation Damage: Security violations can severely damage an organization’s reputation and erode public trust. News of a security breach can tarnish a company’s image, leading to negative publicity, loss of customer confidence, and a decline in brand loyalty. Rebuilding trust after a breach can be a lengthy and challenging process.
• Legal and Regulatory Consequences: Organizations that fail to adequately protect sensitive information may face legal and regulatory consequences. Depending on the nature and scope of the violation, companies may be subject to lawsuits from affected individuals, investigations by regulatory agencies, and fines for non-compliance with data protection laws and regulations.
• Operational Disruption: Security breaches can disrupt normal business operations, leading to downtime, loss of productivity, and disruption of services. Organizations may experience system outages, data loss, or corruption, resulting in delays, inconvenience, and financial repercussions.
• Data Breach Costs: In the event of a data breach, organizations may incur costs related to notifying affected individuals, providing credit monitoring services, and offering identity theft protection. These costs can be substantial, particularly for large-scale breaches involving millions of individuals.
• Loss of Intellectual Property: Security violations can result in the theft or compromise of valuable intellectual property, trade secrets, and proprietary information. This can have long-term consequences for an organization’s competitiveness, innovation, and market position.
• Impact on Customers and Users: Security breaches can have a direct impact on individuals whose personal information is compromised. This may lead to identity theft, financial fraud, unauthorized account access, and other forms of cybercrime. Victims may suffer financial losses, damage to their credit scores, and emotional distress.
• National Security Risks: In cases where security violations involve critical infrastructure or sensitive government systems, the consequences can extend to national security. Breaches targeting essential services such as energy, transportation, or healthcare can pose significant risks to public safety and national defense.

Question 4

What is the C.I.A triad?

Answer 4

C.I.A triad, assurances to users or clients of information systems

Question 5

What does C.I.A mean?

Answer 5

• Confidentiality: The assurance that the information system will keep the user’s private data private. Attacks on confidentiality are known as disclosure attacks. This occurs when confidential information is disclosed to individuals against the owner’s wishes.
• Integrity:The assurance is that the information system will preserve the user’s data. Attacks on integrity are called alteration attacks, when information has been maliciously changed or destroyed so it is no longer in a form that is useful to the owner.
• Availability:Availability enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.

Question 6

What are the different types of hackers?

Answer 6

• White hat hackers
• Grey hat hackers
• Black hat hackers

Question 7

What are the code of ethics for white hat hackers?

Answer 7

• Protect

White hats have the responsibility to protect society from computer threats.
They do this by protecting computer systems from being compromised by attackers. They also have the responsibility to teach people how to safely use computers to help prevent attacks.

• Act Honorably

They must act honorably by telling the truth all the time. They have the responsibility to always inform those who they work for about what they are doing.

• **Provide Service **

They should also give prudent advice. They should treat everyone else fairly. White hats should provide diligent and competent service.

• Advance the Profession
  They should show respect for the trust and privileges that they receive. They should only give service in areas in which they are competent. They should avoid conflicts of interest or the appearance thereof

Question 8

What are the advantages of attackers?

Answer 8

• The defender must defend all points;
  the attacker can choose the weakest point
• The defender can defend only against known attacks;
  the attacker can probe for unknown vulnerabilities
• The defender must be constantly vigilant;
  the attacker can strike at will
• The defender must play by the rules;
  the attacker can play dirty