Summative study notes

Explain the objectives of computer and mobile device security.

The primary objective of computer and mobile device security is to safeguard sensitive

information stored on and transmitted by devices. This is achieved through regulatory

compliance, ensuring organizations adhere to data protection laws and avoid legal

repercussions. Additionally, security policy enforcement is essential to create a

uniform standard across all devices, minimizing the risk of data breaches. Another key

objective is to facilitate bring your own device (BYOD) policies safely. Organizations

must implement security measures that allow employees to use personal devices

without compromising company data. This requires a proactive approach to monitor

and secure these devices continuously. Mobile device security also aims to provide

remote control of device updates to ensure that all devices are equipped with the latest

security features, thus protecting against vulnerabilities. Application control is vital to

prevent the installation of harmful apps, enabling organizations to manage which

applications can be used on devices that access corporate resources. Moreover,

automated device registration is a key objective, allowing organizations to quickly and

efficiently enroll new devices into their security framework. This contributes to a more

streamlined process and enhances overall security management. Finally, effective

mobile device security incorporates regular data backups to ensure that critical

information can be restored in case of data loss.

Define and explain how computer and network security threats works.
Computer and network security threats encompass various malicious activities and
software

designed to damage, disrupt, or gain unauthorized access to computer systems and

networks.
Summative study notes

Malware, an umbrella term for malicious software, includes viruses, spyware, adware,
Trojan

horses, and worms. Viruses attach themselves to legitimate programs and spread when
those

programs are executed, while spyware secretly gathers information about a user’s
activities.

Adware displays unwanted advertisements, often collecting user data without consent.
Trojan

horses disguise themselves as legitimate software but execute harmful actions once
activated,

and worms self-replicate across networks, causing widespread damage. Phishing and
spear

phishing are deceptive tactics where attackers impersonate trustworthy entities through
email

or messages, aiming to steal sensitive information like login credentials. Insider security
threats

arise when individuals within an organization misuse their access to compromise

systems, often

leading to data breaches or sabotage. Understanding these threats is crucial for

developing

robust cyber security measures to protect sensitive information and network integrity.

Explain two types of identity theft and how to mitigate them

Financial identity theft
Financial identity theft is when one person uses another’s personal data for
financial benefit. This is the most common form of identity theft.
How to mitigate: The good news is that it’s easy to protect yourself against
financial identity theft by checking your bank accounts, credit card
Summative study notes

statements, and bills. If you see an unexplained charge, contact your credit
card company or bank immediately to report it and don’t share your bank info
with others.
Medical identity theft
This might not seem like a real form of identity theft, but it happens. Medical
identity theft is when a criminal poses as another person to obtain health care
services.
How to mitigate: you can help minimize the risk of medical identity theft by
regularly reviewing your medical claims and don’t share your medical history
(such as hospital name, doctors that treated you).

Q4:
Updating software when it becomes out-dated is crucial, especially because newer
versions often contain essential security enhancements that protect users against
evolving cyber threats. Security updates are critical as they address vulnerabilities
discovered over time; out-dated software can leave exploitable gaps that hackers
target to access systems or steal data. Evidence shows that software companies
actively monitor and respond to these vulnerabilities, releasing updates or "patches"
to strengthen weak points and ensure that users’ systems remain safeguarded.
These updates not only block hackers but also include better encryption, more
robust access controls, and improved data protection standards, directly reducing
the risk of breaches. Additionally, the longer software remains unupdated, the higher
the risk of security flaws accumulating, sometimes allowing attackers a "gateway"
into a system. Most modern software reminders—especially in cloud-based
services—are designed to be frequent for this reason, urging users to adopt the
latest improvements. Organizations that delay updates or ignore end-of-life
announcements, where manufacturers end support for a version, risk using
unsupported, vulnerable software. Research supports that updated software also
optimizes system performance, requiring fewer resources and running smoother. As
technology progresses, these updates are designed to keep up with the latest
security demands, making them critical for both performance and data protection in a
continually shifting cyber landscape.
Summative study notes

Discuss the mechanisms to safeguard mobile and media devices.

Safeguarding mobile and media devices is essential in today's digital environment,

where these devices serve as central hubs for our personal, professional, and financial

lives. Mobile devices facilitate web browsing, messaging, banking, and data storage,

making them attractive targets for cybercriminals. Implementing strong passwords

and biometrics, such as fingerprint recognition, adds a crucial layer of security,

reducing the risk of unauthorized access if a device is lost or stolen. Public and

unencrypted Wi-Fi connections pose additional risks, as hackers can intercept

sensitive information shared over these networks. Therefore, using VPNs on unsecured

networks provides protection by encrypting browsing activities, making it difficult for

attackers to eavesdrop. Enabling device encryption further secures data by rendering

it unreadable without the correct password, protecting sensitive information even if

the device falls into the wrong hands. Antivirus applications play a vital role in

detecting and preventing malware, which could otherwise compromise privacy and

security by accessing personal data. Regular software updates address security

vulnerabilities, ensuring that devices remain protected against the latest threats. In

addition, practices like disabling auto fill, logging out of applications, and downloading

apps from trusted stores minimize exposure to cyber threats. Collectively, these steps

create a comprehensive approach to mobile device security, protecting users from data

breaches, identity theft, and privacy invasions. In a world where mobile devices are

indispensable, prioritizing their security is crucial to maintaining data integrity and

personal privacy.
Summative study notes

Q6
Securing email communications is essential because email remains a primary vector
for cyber-attacks, often exploited by cyber-criminals to infiltrate organizations, steal
sensitive information, and disrupt workflows. Evidence shows that email is
particularly vulnerable to attacks such as phishing, malware, and social engineering,
which target employees to gain unauthorized access to sensitive data or network
systems. Even a minor loophole in email security can introduce dangerous threats,
such as ransom ware or spyware, which can impact entire organizations. This risk is
especially heightened in remote work environments, where employees rely on email
to communicate and access company data, creating more points of vulnerability. The
importance of email security is further underscored by the fact that standard email
defences alone are often inadequate. Basic measures may block known threats but
are insufficient against sophisticated, evolving techniques used by attackers, such as
AI-powered attacks and machine learning poisoning. These advanced methods allow
hackers to circumvent traditional security layers, making it crucial for organizations to
adopt more robust security measures, including real-time threat detection, AI
analysis, and machine learning systems. Given the vast implications—ranging from
sensitive data breaches to reputational harm—strengthening email security is critical
to safeguarding organizational information, preserving business continuity, and
maintaining employee trust in secure communication channels.

Q7:
Data backup is the process of creating copies of essential information to protect
against data loss or corruption, ensuring that critical data can be restored if needed.
The importance of data backups is reflected in their role in maintaining system
integrity during unforeseen events, such as natural disasters, cyber-attacks, or
hardware failures. Evidence shows that a lack of proper data backup measures often
leads to severe security incidents, where sensitive business records are
compromised due to mismanagement or inadequate controls. Data backups not only
safeguard business continuity but also shield confidential information from potential
breaches and ransom ware threats. A secure data backup strategy involves several
best practices, such as restricting access to backups, encrypting backup files, and
incorporating backups into disaster recovery plans. These steps minimize risks
associated with unauthorized access and data manipulation. Backups should be
stored on separate networks or in secure, offsite locations, using fireproof and
media-rated safes for physical media. Furthermore, testing backup systems regularly
ensures reliability and verifies that data is retrievable when needed. Therefore, a
well-executed data backup plan is critical for organizations to mitigate security risks
and maintain data integrity in the face of unexpected challenges.