INTRODUCTIONWhat is Secure Computing?Computersecurity (Also known as cyber security or IT Security) is information security as applied to computers and networks. The field covers all theprocesses and mechanisms by which computer-based equipment, information andservices are protected from unintended or unauthorized access, change ordestruction. Computer security also includes protection from unplanned eventsand natural disasters. Otherwise, in the computer industry, the term security — or thephrase computer security — refers to techniques for ensuring that data stored in a computer cannot be read orcompromised by any individuals without authorization. Most computer securitymeasures involve data encryption andpasswords. Data encryption is the translation of data into a form that isunintelligible without a deciphering mechanism.
A password is a secret word or phrase that gives a user access toa particular program or system.Diagram clearly explain the about the secure computingWorking conditions and basicneeds in the secure computing:If you don’t take basicsteps to protect your work computer, you put it and all the information on itat risk. You can potentially compromise the operation of other computerson your organization’s network, or even the functioning of thenetwork as a whole.1. Physical security:Technical measures like login passwords,anti-virus are essential. (More about those below) However, asecure physical space is the first and more important line of defense.Is the place you keep your workplace computersecure enough to prevent theft or access to it while you are away? While the Security Department provides coverage across theMedical center, it only takes seconds to steal a computer, particularly aportable device like a laptop or a PDA.
A computer should be securedlike any other valuable possession when you are not present.Human threats are not the only concern. Computers can be compromised by environmental mishaps (e.g., water, coffee) orphysical trauma. Make sure the physical locationof your computer takes account of those risks aswell. 2. Access passwords:The University’s networks and shared information systems areprotected in part by login credentials (user-IDs and passwords).
Access passwords are also an essential protection for personalcomputers in most circumstances. Offices are usually open and sharedspaces, so physical access to computers cannot be completely controlled.To protect your computer, you should consider settingpasswords for particularly sensitive applications resident on the computer(e.
g., data analysis software), if the software provides that capability. 3.
Prying eyeprotection:Because we deal with all facets of clinical, research,educational and administrative data here on the medical campus, it is importantto do everything possible to minimize exposure of data tounauthorized individuals. 4. Anti-virus software:Up-to-date, properly configured anti-virus software is essential. Whilewe have server-side anti-virus software on ournetwork computers, you still need it on the client side (your computer).
5. Firewalls:Anti-virus products inspect files on your computer and inemail. Firewall software and hardware monitor communications between yourcomputer and the outside world.
That is essential for any networkedcomputer.6. Software updates:It is critical to keep software up to date, especially the operatingsystem, anti-virus and anti-spyware, email and browser software.
The newest versions will contain fixes for discovered vulnerabilities.Almost all anti-virus have automatic update features (includingSAV). Keeping the “signatures” (digital patterns) of malicioussoftware detectors up-to-date is essential for these products to be effective.
7. Keep secure backups:Even if you take all these security steps, bad things can stillhappen. Be prepared for the worst by making backup copies ofcritical data, and keeping those backup copies in a separate, securelocation. For example, use supplemental hard drives, CDs/DVDs, or flash drives to store critical,hard-to-replace data. 8. Report problems:If you believe that your computer or any data on it has beencompromised, your should make a informationsecurity incident report. That is required by Universitypolicy for all data on our systems, and legally required for health, education,financial and any other kind of record containing identifiable personalinformation.
Benefits of secure computing:· Protect yourself – Civil liability:You may be held legally liable to compensate a third party should theyexperience financial damage or distress as a result of their personal databeing stolen from you or leaked by you.· Protect your credibility – Compliance:You may require compliancy with the Data Protection Act, the FSA, SOX or otherregulatory standards. Each of these bodies stipulates that certain measures betaken to protect the data on your network.· Protect your reputation – Spam: A common use for infected systems is to join them to a botnet (acollection of infected machines which takes orders from a command server) anduse them to send out spam. This spam can be traced back to you, your servercould be blacklisted and you could be unable to send email.
· Protect your income – Competitive advantage: There are a number of “hackers-for-hire” advertising their services on theinternet selling their skills in breaking into company’s servers to stealclient databases, proprietary software, merger and acquisition information,personnel detailset al.· Protect your business – Blackmail:A seldom-reported source of income for “hackers” is to·break into your server,change all your passwords and lock you out of it. The password is then soldback to you. Note: the “hackers” may implant a backdoor program on your serverso that they can repeat the exercise at will.· Protect your investment – Free storage:Your server’s harddrive space is used (or sold on) to house thehacker’s video clips, music collections, pirated software or worse. Your serveror computer then becomes continuously slow and your internet connection speedsdeteriorate due to the number of people connecting to your server in order todownload the offered wares.