Security Threats
Threat is defined as computer program, a person, or an event that violates (or breaks) the security system. A threat causes loss of data and attacks the data privacy. There are different threats to data security. The main threats to data security are as follows:
1- Unintentional ThreatThreat is defined as computer program, a person, or an event that violates (or breaks) the security system. A threat causes loss of data and attacks the data privacy. There are different threats to data security. The main threats to data security are as follows:
- Unintentional Threat
- Intentional Threat
The word 'unintentional' means 'by mistake or by chance'. The authorized user may delete sensitive data by mistake or accidentally. The data may also be corrupted or deleted due to:
- technical failure of hardware
- sudden breakdown of electric supply
- failure of some program running on the computer
- viruses etc.
There are following solutions for unintentional threat:
- Backup: Backup of data should be taken regularly. The backup of data can be used to recover the deleted data.
- Antivirus: Latest antivirus software should be used to scan all data coming into the computer.
The word 'intentional' means 'planned or with purpose'. The unauthorized (or authorized) user may delete sensitive data intentionally. The user may be an angry employee of an organization or any other unauthorized person. Usually, hackers can delete the sensitive data. A hacker is a person who is technically a computer expert. He breaks security of the computer system for deleting or modifying data. He gets access to data through computer network using computer software or tools or other techniques.
Solutions
There are following solutions for intentional threat:
- Users Rights: The users must be assigned proper rights to minimize the intentional threats. Only the authorized users that have rights to access data may be allowed to delete or modify data after following a step-by-step process.
- Password: A proper password protection should be used. A log file should also be maintained to keep track of all the activities performed on the data/files. Authorized users should change their passwords periodically. Very short passwords should be avoided.
- Encryption: Some strong encryption algorithm should be used. Data encryption is a technique in which sensitive data is encoded before its storage or transmission over a network. If any one (unauthorized person) gets access to the data, he may not be able to understand it.
- Place Computer & Data in Locked Room: Computers and all backing storage devices should be placed in locked rooms. Only authorized users should access these resources.