Instructor: Timon Odhiambo Odingo

ICT, Crime and Security

Operating systems An operating system or OS is a software program

that enables the computer hardware to communicate and operate with the computer software. Without a computer operating system, a computer and software programs would be useless. The picture to the right is an example ofMicrosoft Windows XP, a popular operating system and what the box may look like if you were to purchase it from a local retail store.

Operating system types As computers have progressed and developed so have

the operating systems. Below is a basic list of the different operating systems and a few examples of operating systems that fall into each of the categories. Many computer operating systems will fall into more than one of the below categories.

GUI - Short for Graphical User Interface, a GUI Operating System contains graphics and icons and is commonly navigated by using a computer mouse. See the GUIdefinition for a complete definition. Below are some examples of GUI Operating Systems.

Operating system types Windows 98

Windows CE

Multi-user - A multi-user operating system allows for multiple users to use the same computer at the same time and different times. See the multi-user definition for a complete definition for a complete definition. Below are some examples of multi-user operating systems.

Linux and Variants(Ubuntu, Fedora, Kubuntu, Debain, UnixMac OSMS-DOSIBM OS/2 WarpUnix and VariantsWindows CEWindows 3.xWindows 95Windows 98

Windows 98 SEWindows MEWindows NTWindows 2000Windows XPWindows VistaWindows 7Windows 8Windows 8.1

Applications: Application software is all the computer software that causes a computer to perform useful tasks beyond the running of the computer itself. A specific instance of such software is called a software application, application program, application orapp.[1]

The term is used to contrast such software with system software, which manages and integrates a computer's capabilities but does not directly perform tasks that benefit the user. The system software serves the application, which in turn serves the user.Examples include accounting software, enterprise software, graphics software, media players, and office suites. Many application programs deal principally with documents.

Applications: . Many application programs deal principally with documents. Applications may be bundled with the computer and its system software or published separately, and can be coded as university projects.[2]

Application software applies the power of a particular computing platform or system software to a particular purpose.Some applications are available in versions for several different platforms; others have narrower requirements and are thus called, for example, a Geography application for Windows, an Android application for education, or Linux gaming. Sometimes a new and popular application arises which only runs on one platform, increasing the desirability of that platform. This is called akiller application.

Applications: An application suite consists of multiple applications bundled together. They usually have related functions, features and user interfaces, and may be able to interact with each other, e.g. open each other's files. Business applications often come in suites, e.g. Microsoft Office, LibreOffice and iWork, which bundle together a word processor, a spreadsheet, etc.; but suites exist for other purposes, e.g. graphics or music.Enterprise software addresses the needs of an entire organization's processes and data flow, across most all departments, often in a large distributed environment. (Examples include financial systems, customer relationship management (CRM) systems and supply chain management software). Departmental Software is a sub-type of enterprise software with a focus on smaller organizations and/or groups within a large organization. (Examples include travel expense management and IT Helpdesk.)

Applications: management and IT Helpdesk.)Enterprise infrastructure software provides common capabilities needed to support enterprise software systems. (Examples include databases, email servers, and systems for managing networks and security.)Information worker software lets users create and manage information, often for individual projects within a department, in contrast to enterprise management. Examples include time management, resource management, documentation tools, analytical, and collaborative. Word processors, spreadsheets, email and blog clients, personal information system, and individual media editors may aid in multiple information worker tasks.

Applications: Content access software is used primarily to access content without editing, but may include software that allows for content editing. Such software addresses the needs of individuals and groups to consume digital entertainment and published digital content. (Examples include media players, web browsers, and help browsers.)Educational software is related to content access software, but has the content and/or features adapted for use in by educators or students. For example, it may deliver evaluations (tests), track progress through material, or include collaborative capabilities.Simulation software simulates physical or abstract systems for either research, training or entertainment purposes.

Applications: Media development software generates print and electronic media for others to consume, most often in a commercial or educational setting. This includes graphic-art software, desktop publishing software, multimedia development software, HTML editors, digital-animation editors, digital audio and video composition, and many others.[10]

Product engineering software is used in developing hardware and software products. This includes computer-aided design (CAD), computer-aided engineering (CAE), computer language editing and compiling tools, integrated development environments, and application programmer interfaces.Applications can also be classified by computing platform such as a particular operating system, delivery network such as in cloud computing and Web 2.0 applications, or delivery devices such as mobile apps for mobile devices.

Applications: The operating system itself can be considered application software when performing simple calculating, measuring, rendering, and word processing tasks not used to control hardware via command-line interface or graphical user interface. This does not include application software bundled within operating systems such as a software calculator or text editor.Information worker software

Applications: . Many application programs deal principally with documents. Applications may be bundled with the computer and its system software or published separately, and can be coded as university projects.[2]

Application software applies the power of a particular computing platform or system software to a particular purpose.Some applications are available in versions for several different platforms; others have narrower requirements and are thus called, for example, a Geography application for Windows, an Android application for education, or Linux gaming. Sometimes a new and popular application arises which only runs on one platform, increasing the desirability of that platform. This is called akiller application.

A database is an organized collection of data. The data are typically organized to model relevant aspects of reality in a way that supports processes requiring this information. For example, modelling the availability of rooms in hotels in a way that supports finding a hotel with vacancies.

Database management systems (DBMSs) are specially designed software applications that interact with the user, other applications, and the database itself to capture and analyze data. A general-purpose DBMS is a software system designed to allow the definition, creation, querying, update, and administration of databases. Well-known DBMSs include MySQL, MariaDB, PostgreSQL, SQLite, Microsoft SQL Server, Microsoft Access, Oracle, SAP HANA, dBASE, FoxPro, IBM DB2, LibreOffice Base, FileMaker Pro andInterSystems Caché. A database is not generally portable across different DBMSs, but different DBMSs can interoperate by using standards such as SQL and ODBC or JDBC to allow a single application to work with more than one database.

ICT Security Introduction

Good security in an organization starts at the top, not with firewalls, shielded cables or biometrics.

Senior management has a much more significant role to play in achieving security than they may think.

Security vs. Privacy

Privacy deals with the degree of control that an entity, whether a person or organization, has over information about itself.

Security deals with vulnerability to unauthorized access to content.

What Should Sr. Management Know?

Security is not a technical issue; it is a management issue

Total security is a myth. Not all information is of equal value it is not technically possible to protect all

information assets Stakeholders will be increasingly less

tolerant of cyber-related vulnerabilities

Threats

Numerous adversaries are aligned against any firm's information, systems, and the critical infrastructures that support them. disgruntled current or former employees Hackers virus writers criminal groups those engaged in corporate espionage Terrorists foreign intelligence services information warfare by foreign militaries and various

other actors.

Barriers to Security

The worldwide diffusion of the Internet opens up new business opportunities (e.g., 3-R Framework)

It also increases an organization's vulnerability since so many more individuals of unknown origin and intent now have access to its systems

Clue IT In!

Organizations commonly look for technical certification when hiring IT staff, but how often is any effort made to educate new security workers on the organization's strategic focus or to communicate to them the criticality levels of their information assets?

Critical Infrastructures

Critical Infrastructure Protection Government-Industry Collaboration Management's Role in Critical

Infrastructure Protection To recognize that critical infrastructure

protection is an essential component of corporate governance as well as organizational security

Organization

Structure leads to locus of ownership of data and processes

Business Environment: threats are based on… Value of the firm's intellectual property The degree of change the firm is facing Its accessibility Its industry position

Culture SOPs Education, Training, and Awareness

Technology

Firewalls and Intrusion Detection Password Layering Public Key Infrastructure Secure Servers VPNs

Ok, So What? Managerial Implications

Asset Identification Risk Assessment The Control Environment

Physical Data Implementation Operations Administrative Application System Controls

Balancing Risks and Costs

Step 1: Identify information assets at an appropriate level of aggregation Step 2: Identify the financial consequences of these information assets being compromised, damaged, or lost Step 3: Identify the costs of implementing the control mechanisms that are being proposed to enhance organizational security Step 4: Estimate overall risk based on the likelihood of compromise Step 5: Estimate the benefits expected by implementing the proposed security mechanisms Step 6: Compare the expected benefits obtained in Step 5 with the cost estimates obtained in Step 3