Page 250 - DCAP104_EXPOSURE_TO_COMPUTER_DISCPLINES
P. 250

Unit 13: Understanding the Need of Security Measures



            13.3.7 Bottom Line                                                                    Notes
            There are tools to assist in recovery from disk problems, but how do you know all the data is OK?
            These tools do not always recover good copies of the original files. Active action on your part
            before disaster strikes is your best defense. It’s best to have a good, current backup and, for better
            protection, a complete up-to-date integrity-check map of everything on your disk.

                          Hardware attackers’ goals are usually tied to the IC’s applications. Most goals
                          can be classified into one or more of three categories:
                          (a) Information leakage attackers extract information directly from an IC,
                              passively or actively, as an individual component, and/or as a deployed
                              element of an integrated system. Information to be protected includes the
                              IP associated with a chipset and its design, data associated with both the
                              hardware and deployed software, and data embedded or downloaded to
                              the IC either prior to or during operation

                          (b) Tampering attackers eavesdrop on or modify the data associated with the
                              IC once it is deployed in operation, independently or as part of an integrated
                              subsystem, by prolonged inspection and monitoring; and
                          (c) Denial of service attackers modify the internal circuit structure of an IC
                              to cause the circuit to malfunction or shut down under certain operating
                              conditions.
            13.4  Threat to Data


            Threat is defined as a computer program, a person, or an event that violates the security system.
            A threat causes loss of data and attacks the data privacy. Most of the data of an organization
            stored inside the computer is very important and more valuable than the computer hardware
            and software. It can be damaged due to many reasons. You must protect your data from illegal
            access or from damage.
            13.4.1 Main Source

            The following are the main threats to data security.
             (a) Some authorized user of the data may unintentionally delete or change sensitive data. There
                 are two solutions to this problem.
             (b) Firstly, the users must be assigned proper rights to minimize such events. Only the
                 authorized user with certain rights may be allowed to delete or modify data after following
                 a step-by-step process.
             (c) Secondly, periodic backup of data should be taken to recover the deleted data.
             (d) A proper password protection should be used to use any resource. A log file should also
                 be maintained to keep track of all the activities performed on the data.
              (e) Some strong encryption algorithm should be used, so that if anyone gets access to the data,
                 he could not be able to make any sense out of it.
              (f) Latest antivirus software should be used to scan all data coming into the organization.
             (g) Computers and all backing storage devices should be placed in locked rooms. Only
                 authorized users can access these resources.
             (h) Authorized users must be asked to change their passwords periodically.




                                             LOVELY PROFESSIONAL UNIVERSITY                                   243
   245   246   247   248   249   250   251   252   253   254   255