Why computer incidents are so prevalent

- Increased reliance on commercial software with known vulnerabilities

- Attack on an IS that takes advantage of a particular system vulnerability
- Environment where software and data storage are provided via the internet
- Sharing of log in IDs and password by users
- Increased complexity in the computer environment
- High user expectations
- Expanding and changing systems
- Bring your own device (BYOD)

Types of exploits

- Virus
- Worm
- Trojan horse
- Distributed denial of service
- Root kits phishing attacks
- Smishing

Types of procreators

- Hackers
- Crackers
- Malicious insiders
- Industrial spies
- Hacktivist
- Cyber terrorist
- Cyber criminals

Protection

- Implement trustworthy computing – method of computing that delivers secure private and
reliable computing experiences based on sound business practices
a. Invest n expertise and technology required
b. Develop trust by educating consumers
c. Work with law enforcement agencies, industry experts, academia and private sectors to
create and enforce a secure computing
d. Provide user with a sense of control over their personal information
e. Contribute to standards and policies created by industry and government
f. Make privacy a priority in the design development and testing of product
- Reliability
a. Build system so as to continue providing services in the face of internal and external
disruption
b. System that can be restored to a previously known state with no data loss in the invent of
disruption
 c. They provide accurate and timely service whenever needed
d. Build system so that required changes and upgrades do not disrupt them
e. Build that they contain minimal software bugs
f. Build systems that they work as expected
g. Transparency business integrity
h. Be responsible ( take responsibility for problems and take actions to correct them)
i. Be transparent ( open in dealing with customers, keep motives clear, keep promises and
make sure customers know where they stand when dealing with the company

Establish a security policy

e.g ethics policy, information sensitivity policy , risk assessment policy, comm devise policy

- educating people and workers

- prevention of systems e.g firewall, IDS (intrusion detective system), antivirus, implementing safe guard
against attacks by malicious attackers, defending against cyber terrorism, address the most critical
internet security threats, conducting periodic IT security audit

- detection

- response e.g incident notification, protection of evidence and activity logs, incident containment,
eradication, incident follow up

(Assignment) General Data protection regulation – what it is