Report on Security Requirements

            Computer security is actually the process of detecting and preventing the unauthorized access and utilization of confidential information. The measures of prevention play an important role in stopping hackers or unauthorized users from getting to any area of a system. Meanwhile, detection plays its role in determining if a person has tried to trespass the boundary and get to the system or not. It wouldn’t be wrong to say that computers at present are extension of normal tasks from communicating and shopping to investing and banking. Other than the personal use, organizations have the information in their systems that is more than just a little valuable. It might include historical data or records about the customers. An organization certainly doesn’t want a hacker to meddle with the work. On the other hand, a person may not consider a conversation important but wouldn’t want an intruder to get a hold on it (Brook, 2018).  

            Normally, unauthorized users or hackers don’t care about the identity of computer’s owner that they are using. They just want to use the computer of a person and utilize it to attack the systems of others. When it comes to using the computer of another person, original location isn’t revealed and it gives a huge advantage to hackers. These individuals are always keeping the track of the activities of a user and it is their objective to cause harm. Furthermore, hackers have the knack of finding the vulnerabilities of a system and using them to access networks.

            Similar to any other organizational asset, data resources, networks, software, hardware, and information systems must be secured and protected for ensuring beneficial use, performance, and caliber. The management of security is the safety, integrity, and accuracy of resources of information. With effective and proper security measures, losses, fraud, and errors can be reduced (Pfleeger & Pfleeger, 2012).

Threats of Security Requirements

            There are basically two kinds of threats. One of them is intentional threats and the other one is unintentional threats.

            Every threat that might be caused by the mistake of human, failure of system, and environment interference then it is an unintentional threat. Let’s consider than an individual is working on a database and is currently creating a chart. If there is breakdown of electricity and the data has not been saved, every important bit of information might be lost. However, this will be unintentional and it can be ignored or solved.

            Intentional threats are the ones which point towards purposeful actions that result in the damage or theft of computer resources, data, and equipment. When it comes to intentional threats, destruction of resources, sabotage, theft of information, denial of service threats, and viruses or malware are included. Most of these are considered as computer crimes when they are carried out (Brook, 2018).

Security Threats

            There are actually many cases when a person has some type of a relation with an organization and he tries to cause damage. Often, employees of the company are not satisfied with how they are treated and it becomes very difficult for them to adjust in there. As they are leaving, they choose to cause severe damage to the firm that it wouldn’t be able to recover from. Therefore, they become crackers.

            A cracker is actually used for describing every other person who purposefully trespasses the boundary of security and break into the network or computer a person for a harmful purpose. There are countless people that mistakenly use hacker as the term to explain a person who breaks into the computers of people for their specific agendas, normally to only cause harm. This misconception has been fueled by the popular media. A hacker actually is used for describing computer programmers with an access to advanced technologies of computer networks and computers. A hacker is an individual that determines vulnerabilities in networks and computers only to correct them effectively.

            It is right to say that the vulnerability of both computers and information systems is increased with the internet since they can be utilize for facilitating the attacks by crackers and criminals. A DoS attack is often used by crackers. It is actually a threat that floods different networks with an immense amount of traffic which is not suitable for the network to handle. Therefore, a network becomes useless to every other user. It will either consume the resources of the network so that users cannot access the service that they need or force the network to start again or reset. When DoS is prevented, there comes another threat that is even more dangerous.

            A virus is more or less a program that has the capability of infecting computers without the knowledge of users. It can easily copy itself and spread throughout the whole network of computers. Different types of virus and unique functions can be created such as deleting the files and locking the computers up. This virus can easily be sent using email. Once this file is downloaded, it will attach itself to every other program and infecting them. For example, it can infect a document by attaching to it. Whenever this document is opened, the virus will have the opportunity of replicating itself and finding other targets (Aycock, 2010).

            After viruses, there is another type of threat which is referred as data tempering. It means to enter something that is not right at all, fraudulent, and fabricated into the computer by deleting or changing the existing data. This type of attack is often led by the insiders and if done correctly, it can lead to a great loss for organizations since the attacker knows the vital points of the company. The last one is identity theft which is quite common these days. It refers to stealing the security number of an individual. It also includes consuming debits, making purchases, and borrowing money. Considering the fact that countless governments and private companies keep information regarding individuals in databases which are accessible, there are limitless opportunities for crackers and thieves to retrieve the information and misuse it (Malik, 2018).

Security Measures of Security Requirements

Following are some security requirements that must be fulfilled to avoid being too open to threats:

Installing a reliable program of antivirus

            As the time is moving on, computer technology is becoming more complex and sophisticated but so are the concerns regarding security. Making sure that the system is being protected by a good program of antivirus is essential regardless of how much advanced technology is being used.

            Viruses are normally created by cybercriminals to steal the data or corrupt it. If an antivirus solution is not present, the most important parts of information can easily be damaged by them. An antivirus program provides the security that plays an important role in identifying the virus and preventing it from replicating. Despite the complexity of the virus, a good program is able to keep it from reach the heart of the computer. After the identification of the virus or threat, it gives options about what should be done with the threat.

            It wouldn’t be wrong to say that crackers are the human forms of threats. Backdoor entries are used by them for accessing confidential information in networks like bank account and credit card information using which they ara capable achieving an entrance to the financial activities of an organization or user and transacting without any authorization. A reliable antivirus software not only detects viruses but also detects suspicious files along with spyware which are normally used by such crackers. It creates a wall between the crackers and the network which stops them from doing what they intend to (Shostack, 2014).

            One of the biggest advantages of using an application of antivirus is that it doesn’t let the infected data be lost. It serves as a firefighter and saves the important files by eliminating the virus only and not harming the original files. There are both unpaid and paid versions of antivirus programs that can be used by both organizations and users to keep their computers and databases safe. Although some programs cost more than the others, they are actually an insurance against the expenses that might impact you in the future. Malware and viruses are eventually known to decrease both the software and the hardware if they are not deleted. It doesn’t only slow the computer down but it also makes some processes impossible to be performed. An antivirus program doesn’t let that happen and ensures that the capability of computers is better than before.

            The installation of a software of antivirus is very important in the present time due to all the suspicious activities. There is a lot more at stake than what can be imagined and just a little carelessness can mean loss of valuable assets. One of the best things about antivirus programs is that there are many options available according to their prices. There is yet another important thing that the user must make sure of and it is about the updates of the program. It is critical to have the latest versions because new threats are always being invented and stronger protection is required against them.

Using complex passwords for Security 

            It can be said that almost every application and computer needs a password for giving access to the user. Even if it just the answers to the questions that you are creating, it is important to ensure that they are complex so that it is very tough for crackers to find their access and loopholes. For answers or solutions to the questions about security, their translation into another language should be considered using online tools which are free. It might make them very difficult and unpredictable to decipher, and very less susceptible to any type of social engineering.

            Using a space after or before the password is quite a good idea for confusing the cracker. This way, even when a user writing the password, it wouldn’t be unsafe since only the user knows where to put the space. Other than using symbols and alphanumeric characters, using a mix of lower and upper cases is also reliable.

            Passwords are considered the most basic type of security but when they are created with care, they create a very strong wall between the computer and the cracker. They don’t a user to purchase them or even spend a penny since every computer or network supports the idea of passcodes. Sometimes, a password is not that complex and it is quite simple to guess them. This shouldn’t happen because it exposes the computer to danger as with the unauthorized access, important files can be stolen and might be used against the owner of the network. In order to avoid this, a complicated password should be set and when it is not easy to remember the password, it can be written or saved (Shostack, 2014).

Installing encryption software

            Many e-commerce organizations have the business that deals with shopping online. They handle the personal information of countless purchasers and the same can be said about also their credit cards. These buyers know nothing about the fact that someone might steal the necessary information of their credit card to make transactions and purchase things by acting as them. Therefore, if an organization or person deals with data that belongs to numbers of social security, bank accounts, and credit cards on a hourly or daily basis, it is actually sensible to have a program for encryption. Encryption helps in keeping the data safe by changing the information of computers and networks into codes which cannot be read (Yang, Xiaoguang, Jianqiu, & Jianjian, 2016).

            This way, even when the information or data is stolen, it would only consume time of the cracker since it wouldn’t be possible for the cracker to decrypt it. Only that encryption program is capable of decrypting the codes and getting the information. Encryption is the most common measure of security which is used both organizations and individuals. The programs that are used for encryption can be found from different online sources but sometimes, they are not free. Additionally, it is important to check them prior to the use for ensuring whether they are as good as they are supposed or not.

Ignoring suspicious emails

            Viruses are commonly spread through email messaging and as the file is downloaded, the whole system gets infected bit by bit. That is why it is more than just a little important to make it a habit to never reply or even open an email that is somehow looking suspicious. It doesn’t matter that this email belongs to a known sender. If the email is somehow mistakenly opened, attachments shouldn’t be downloaded and the links in the message must not be opened. If a mistake is made, the user might become a victim of phishing scams, identity, and online financial thefts. Therefore, it is critical for the owner of confidential information to make sure that such a mistake is not made no matter what.

            Phishing emails actually appear to be sent from senders that the victim trusts like the bank that an organization might know or a person that is an investor. Using these identities, the cracker tries to acquire the confidential and financial information such card numbers and account details. For further safety and security, the email password should be changed in two to three months. Moreover, the same password shouldn’t be used for other accounts (Shostack, 2014).

Limiting access to confidential information

            Normally, in organizations, sensitive information is kept safe without any access to normal workers and sometimes, even managers. This approach allows companies to ensure that minimum number of people have an authorized gateway to the database. This way, a company can easily find the person to breach the barrier and steal the important data. Let’s say that the CEO of a firm has given access of database to only the HR manager and the finance manager. Now, if he detects any kind of breach or trespassing, he will know who can be the people to steal the information. If none of the said persons have stolen then it can be determined that a cracker has attempted to obtain the information.

            In order to properly limit the access, it is important to create a precise plan that indicates the type of access to whom. Using this approach, causalities can be minimized further.

Backing the information up

            It is just another security measure that individuals should be taking for accessing the information even when it is stolen or lost. Every other week, data should be backed up to the cloud or external hard disk. Backups should be automated for ensuring the safety of data. This way, even without the system, it is easy to use the data (Saleem, 2018).

            The user should determine the best time for backing the data up. Usually, the best time for carrying it out is at the end of the day when the work is finished. With the preparation of backup during the day when the computer is still being operated, then any application or data being used will not backed up in the source that has been chosen. Different types of media sources are used for storing backups. The selection of the media generally depends on the volume and type of information that has to be stored. Normally, organizations tend to store information in hard drives and cloud since they are capable of storing large amounts of data without lagging (Jouini & et.al, 2017).

Shutting the computer down

            One of the most common reasons why computer users are subjected to scam is that they often forget to properly log their computers off. When a computer is running in the absence of a user, a cracker might try to control it by sending a message. These type of viruses can be downloaded from even the internet. Therefore, it is important to check every message or file before downloading.

            An antivirus program can keep the computer safe even in the absence of the user. If the user doesn’t want to log the computer off then he can activate the program to watch out for any type of attack.

Securing Wi-Fi

            At present, Wi-Fi is protected by WPA2 technology or the second version of Wi-Fi Protected Access. However, just a few years ago, simple WEP or Wired Equivalent Privacy was utilized for securing the networks. Obviously, WPA2 is more secure since it is the updated version and builds a strong wall to keep crackers away. It is important to change the name of the router or access point which is also referred as SSID or Service Set Identifier. In addition, a complicated PSK (Pre-shared Key) should be used for creating an additional layer of security (Yang, Xiaoguang, Jianqiu, & Jianjian, 2016).

Securing laptops

            Nowadays, laptops are preferred more because they can easily be carried around. The same can be said about smartphones as well. Furthermore, they hold a lot of valuable information regarding business, study, and personal life. And it wouldn’t be wrong to say that it is the reason why they are also at a higher risk of being stolen or getting lost. Protecting them is more than just a little important and other than being lost, there is also a risk of someone hacking into them. That is why, users should prefer using password protection, encryption, or enabling the option of remote wiping (Saleem, 2018).

Communicating policies of cyber security to workers

            Having a written policy regarding cyber security in the form of don’ts and dos in the company is useful but it is definitely not sufficient enough. It must be ensured that the details are conveyed directly to every employee of the organization. The purpose of doing it is to make sure that workers are putting these details into practice. It is the only possible way of making these policies successful. These policies should also be changed with time (Olavsrud, 2017).

Conclusion on Security Requirements

            Stealing money and confidential data, or disruptions in the organizations are some potential and serious threats. Even though an organization cannot be completely safe, there are various practices of security for systems, processes, and people which can help in identifying security threats. The most important role is played by the user of the computer or network himself since suspicious behaviors or activities can be spotted. 

References of Security Requirements

Aycock, J. (2010). Spyware and Adware. Springer Science & Business Media.

Brook, C. (2018). Establishing a Data Loss Prevention Policy Within Your Organization. Retrieved February 13, 2019, from https://digitalguardian.com/blog/establishing-data-loss-prevention-policy-within-your-organization

Jouini, M., & et.al. (2017, December 12). Security Risk Management Model for Cloud Computing Systems:. Infrastructure as a Service. 10th International Conference, SpaCCS 2017, Guangzhou, China, , Proceedings ,, 594-608.

Malik, S. (2018). Top 5 Information Security Challenges for 2018 and How to Mitigate them through Information and Cyber Security Training. Retrieved February 13, 2019, from https://www.quickstart.com/blog/information-security-challenges-and-mitigating-them-through-information-and-cyber-security-training/

Olavsrud, T. (2017). 9 biggest information security threats through 2019. Retrieved February 13, 2019, from https://www.cio.com/article/3185725/security/9-biggest-information-security-threats-through-2019.html

Pfleeger, C. P., & Pfleeger, S. L. (2012). Analyzing Computer Security: A Threat/vulnerability/countermeasure Approach. Prentice Hall Professional.

Saleem, S. (2018). Do effective risk management affect organizational performance. European Journal of Business and Management , 3(3), 258-267.

Shostack, A. (2014). Threat Modeling: Designing for Security. John Wiley & Sons.

Yang, M., Xiaoguang, Z., Jianqiu, Z., & Jianjian, X. (2016). Challenges and solutions of information security issues in the age of big data. Wireless Communication over ZigBee for Automotive Inclination Measurement. China Communications, 13(3), 193-202.