A computer system threat is anything that leads to loss or corruption of data or physical damage to the hardware and/or infrastructure. Knowing how to identify security threats is the first step in protecting computer systems. The threats could be intentional, accidental or caused by natural disasters.
In this article, we will introduce you to the common computer system threats and how you can protect systems against them.
What is threat ?
The ISO 27005 defines a threat asa potential cause of an incident that may result in harm of systems and organization. The cause could be physical such as someone stealing a computer that contains vital data. The cause could also be non-physical such as a virus attack. In these tutorial series, we will define a threat as a potential attack from a hacker that can allow them to gain unauthorized access to a computer system.
What are Physical Threats?
A physical threat is a potential cause of an incident that may result in loss or physical damage of the computer systems.
The following list classifies the physical threats into three (3) main categories;
- Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware etc.
- External: These threats include lightening, floods, earthquakes etc.
- Human: These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.
To protect computer systems from the above mentioned physical threats, an organization must have physical security control measures.
The following list shows some of the possible measures that can be taken:
- Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out fire. Unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room.
- External: Lightening protection systems can be used to protect computer systems against such attacks. Lightening protection systems are not 100% perfect, but to a certain extent, they reduce the chances of lightening causing damage. Housing computer systems in high lands is one of the possible ways of protecting systems against floods.
- Humans: Threats such as theft can be prevented by use of locked doors and restricted access to computer rooms.
A non-physical threat is a potential cause of an incident that may result in;
- Loss or corruption of system data
- Disrupt business operations that rely on computer systems
- Loss of sensitive information
- Illegal monitoring of activities on computer systems
The non-physical threats are also known as logical threats. The following list is the common types of non-physical threats;
- Key loggers
- Denial of Service Attacks
- Distributed Denial of Service Attacks
- Un-authorized access to computer systems resources such as data
To protect computer systems from the above mentioned threats, an organization must have logical security measures in place. The following list shows some of the possible measures that can be taken
To protect against viruses, Trojans, worms etc, an organization can use anti-virus software. In additional to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting website that are most likely to download unauthorized programs onto the user’s computer.
Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in form of user ids and strong passwords, smart cards or biometric etc.
Intrusion-detection/prevention systems can be used to protect against denial of service attacks.There are other measures too that can be put in place to avoid denial of service attacks.
- A threat is any activity that can lead to data loss/corruption through to disruption of normal business operations.
- There are physical and non-physical threats
- Physical threats cause damage to computer systems hardware and infrastructure. Examples include theft, vandalism through to natural disasters.
- Non-physical threats target the software and data on the computer systems.