What is a computer security risk?
A computer security risk is any event or action that could cause loss of or damage to computer hardware, software, data, information, or processing capability.
Some breaches to computer security are accidental, others are planned intrusions. Some intruders do no damage; they merely access data, information or programs on the computer before logging off. Other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data.
Computer systems are vulnerable to many threats which can inflict various types of damage resulting in significant losses. Damage can range from minor errors which sap database integrity to fires which destroy entire computer centers. Losses can stem from the actions of supposedly trusted employees defrauding the system to outside hackers roaming freely through the Internet. The exact amount of computer-related losses is unknowable; many losses are never discovered and others are covered up to avoid unfavorable publicity.
A wide variety of threats face today's computer systems and the information they process. In order to control the risks of operating an information system, managers and users must know the vulnerabilities of the system and the threats which may exploit them. Knowledge of the threat environment allows the system manager to implement the most cost-effective security measures. In some cases, managers may find it most cost-effective to simply tolerate the expected losses.
The following threats and associated losses are based on their prevalence and significance in the current computing environment and their expected growth.
A computer virus is a potentially damaging computer program that affects a computer negatively by altering the way the computer works without user knowledge or permission.
A worm is a program that copies itself repeatedly...