Campbell_DiscComp_17e_PPT_Mod05 copy.pptx

Full Transcript

Discovering
Computers:
Digital
Technology, Data,
and Devices, 17e
Module 5: Digital Security,
Ethics, and Privacy:
Avoiding and Recognizing
Threats
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved.
Rights
May not
Reserved.
be scanned,
Maycopied
not be or
scanned,
duplicated,
copied
or posted
or duplicated,
to a publicly
or posted
accessible
to a publicly
website,
accessible
in whole website,
or in part.
in whole or in part. 1
 Icebreaker: Interview Simulation

You may have heard of Facebook hackers who use people’s personal
data to make fake IDs, log into people’s social networks, and more.

What precautions can you take to help avoid getting into this type of
situation?

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2
 Module Objectives (1 of 1)
By the end of this module, you should be able to:
Identify risks associated with technology use
Identify cybercrimes and criminals
Recognize issues related to information accuracy, intellectual property rights, and
green computing
Describe ways to safeguard against various types of Internet and network attacks
Discuss techniques to prevent unauthorized computer access and use
Identify risks and safeguards associated with wireless communications
Discuss issues surrounding information privacy
Describe how schools and businesses protect themselves
Explain the importance of inclusivity and digital access
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3
Risks Associated with Technology Use
(1 of 5)
A risk is any possibility that something
might occur resulting in an injury or a
loss.
A digital security risk is any event or
action that could cause a loss of or
damage to computer or mobile device
hardware, software, data, information,
or processing capability.
Types of digital security risks
include threats to our information,
physical health, mental health, and the Figure 5-1 You can protect
environment. yourself from digital security
risks.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4
 Cybercrimes and Criminals (2 of 5)
State-sponsored attackers are employed by the government to launch computer attacks
against their enemies through nation-state actors.
The term, cyberwarfare, describes an attack whose goal ranges from disabling a
government’s computer network to crippling a country.
These attackers try to steal and then use your credit card numbers, online financial account
information, or Social Security numbers using data mining.
Data mining is the process of sifting through Big Data to find the important questions that
will yield fruitful results.
A cyber extortionist is an individual who threatens to expose confidential information,
exploit a security flaw, or launch an attack that will compromise the organization’s network.
Social engineering is a category of attack that attempts to trick the victim into giving
valuable information to the attacker.
− Examples include hoaxes and phishing

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5
Risks Associated with Technology Use
(3 of 5)
Any illegal act involving the use of a computer or related devices is generally
referred to as a computer crime and the term cybercrime refers to online or
Internet-based illegal acts, such as distributing malicious software or committing
identity theft.
Software used by cybercriminals is called crimeware. Cybersecurity is the
practice of protection against digital threats, including unauthorized or illegal
access to data.
Digital forensics, or cyber forensics is the discovery, collection, and analysis
of evidence found on computers and networks.
A digital forensics examiner must have knowledge of the law, technical
experience with many types of hardware and software products, superior
communication skills, familiarity with corporate structures and policies, a
willingness to learn and update skills, and a knack for problem-solving.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6
Risks Associated with Technology Use
(4 of 5)
A digital detox is a period of time during which an individual refrains from using
technology.
Threat actor is a more general and common term used to describe individuals who launch
attacks against other users and their computers.
The dark web is a part of the web that is accessed using specialized software, where users
and website operators can remain anonymous while performing illegal actions.
Script kiddies are individuals who want to attack computers.
A hacker is a person who intends to access a computer system without permission.
A cracker is someone who accesses a computer or network illegally but has the intent of
destroying data, stealing information, or other malicious action.
Hacktivists are attackers who are strongly motivated by principles or beliefs.
Cyberterrorists attack a nation’s computer networks, like the electrical power grid, to
cause disruption and panic among citizens.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7
 Cybercrimes and Criminals (5 of 5)
Table 5-1 Social engineering principles.
Principle Description Example

Authority Directed by someone impersonating “I’m the CEO calling.”
authority figure or falsely citing their
authority
Intimidation To frighten and coerce by threat “If you don’t reset my password, I will call your
supervisor.”
Consensus Influenced by what others do “I called last week and your colleague reset my
password.”
Scarcity Something is in short supply “I can’t waste time here.”

Urgency Immediate action is needed “My meeting with the board starts in five
minutes.”
Familiarity Victim well-known and well-received “I remember reading a good evaluation on you.”

Trust Help a person known to you “You know who I am.”

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8
 Ethics and Society (1 of 4)

The standards that determine whether an action is good or bad are
known as ethics.
Technology ethics are the moral guidelines that govern the use of
computers, mobile devices, information systems, and related
technologies.
Frequently discussed areas of computer ethics include information
accuracy, intellectual property rights, and green computing.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9
 Ethics and Society (2 of 4)

Information Accuracy
Information accuracy is a concern
today because many users
access information maintained by
other people or companies, such
as on the Internet.
With graphics equipment and
software, users can easily digitize
Figure 5-3 A digitally edited photo
photos and then add, change, or that shows a fruit that looks like an
remove images. apple on the outside and an orange
on the inside.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10
 Ethics and Society (3 of 4)
Intellectual Property Rights
Intellectual property rights are the rights to which creators are
entitled to their work.
Creative Commons is another source for finding content that may
or may not be used, along with any restrictions or payment needed
to use it.
A common infringement of copyright is piracy, where people illegally
copy software, movies, and music.
These issues with copyright law led to the development of the
digital rights management strategy.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11
 Ethics and Society (4 of 4)

Green Computing
Green computing involves
reducing electricity and
environmental waste while using
computers, mobile devices, and
related technologies.
Organizations can implement a
variety of measures to reduce
electrical waste.
Figure 5-5 A list of suggestions to make
computing healthy for the environment.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 12
Internet and Network Attacks (1 of 6)
Information transmitted over networks has higher degree of a security risk than
information kept on an organization’s premises.
These types of attacks can affect your privacy, personal information, finances, and
more.
Malware is short for malicious software which consists of programs that act
without a user’s knowledge and deliberately alter the operations of computers and
mobile devices.
Malware can deliver its payload, or destructive event or prank, on a computer
or mobile device in a variety of ways.
A common way that computers and mobile devices become infected with viruses
and other malware is through users opening infected email attachments.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 13
Internet and Network Attacks (2 of 6)
Table 5-2 Common types of malware.
Type Description
Adware A program that displays an online advertisement in a banner, pop-up window, or pop-under window
on web pages, email messages, or other Internet services
Ransomware A program that blocks or limits access to a computer, phone, or file until the user pays a specified
amount of money
Rootkit A program that hides in a computer or mobile device and allows someone from a remote location to
take full control of the computer or device
Spyware A program placed on a computer or mobile device without the user’s knowledge that secretly collects
information about the user and then communicates the information it collects to some outside source
while the user is online
Trojan horse A program that hides within or looks like a legitimate program. Unlike a virus or worm, a Trojan horse
does not replicate itself to other computers or devices
Virus A potentially damaging program that affects, or infects, a computer or mobile device negatively by
altering the way the computer or device works without the user’s knowledge or permission
Worm A program that copies itself repeatedly, for example, in memory or on a network, using up resources
and possibly shutting down the computer, device, or network

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 14
Internet and Network Attacks (3 of 6)
Botnets
A compromised computer or device, known as a zombie, is one
whose owner is unaware that the computer or device is being
controlled remotely by an outsider.
A botnet, or zombie army, is a group of compromised computers or
mobile devices connected to a network that are used to attack other
networks, usually for nefarious purposes.
A bot is a program that performs a repetitive task on a network.
Cybercriminals install malicious bots on unprotected computers and
devices to create botnets.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 15
Internet and Network Attacks (4 of 6)
Denial of Service Attacks
A DoS attack is a type of attack, usually on a server, that is meant to overload the server
with network traffic so that it cannot provide necessary services, such as the web or email.
A more devastating type of DoS attack is the distributed DoS (DDoS) attack in which
multiple computers, such as a zombie army, are used to attack a server or other network
resource.
The damage caused by a DoS or DDoS attack usually is extensive.
Back Doors
A back door is a program or set of instructions in a program that allows users to bypass
security controls when accessing a program, computer, or network.
A rootkit can be a back door.
Some worms leave back doors, which have been used to spread other worms or to
distribute spam from the unsuspecting victim’s computers.
Programmers often build back doors into programs during system development to save
development time.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 16
Internet and Network Attacks (5 of 6)
Spoofing is a technique intruders use
to make their network or Internet
transmission appear legitimate to a
victim’s computer or network.
Two common types of spoofing schemes
are IP and address spoofing.
✔ IP spoofing occurs when an
intruder computer tricks a network
into believing its IP address is
associated with a trusted source.
✔ Address spoofing occurs when Figure 5-5 Spoofers alter the
the sender’s email address or components and header of an email
other components of an email message so that it appears the message
header are altered. originated from a different sender.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17
Internet and Network Attacks (6 of 6)
Practices for Protection from Viruses and Other Malware
Use virus protection software
Use a firewall
Be suspicious of all unsolicited email and text messages
Disconnect your computer from the Internet
Download software with caution
Close spyware windows
Before using any removable media, scan it for malware
Keep current and back up regularly

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18
 Knowledge Check Activity 5-1

True or False?

Rootkit is the only type of malware that is a back door.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 19
Knowledge Check Activity 5-1: Answer

Rootkit is the only type of malware that is a back door.

Correct Answer: True

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 20
 Secure IT: Protect Yourself and Your
Data (1 of 7)
Your digital footprint is the record of everything you do online.
A digital footprint can be nearly impossible to completely erase.
Firewalls and access controls protect data and information on computers and
other devices For most computer users, the greatest risk comes from attackers
who want to steal their information for their own financial gain.
The risks you face online when using the Internet or email include:
✔ Online Banking
✔ E-commerce Shopping
✔ Fake Websites
✔ Social Media Sites

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 21
Secure IT: Protect Yourself and Your
Data (2 of 7)
Table 5-3 Uses of personal information.
Organization Information Valid Use Invalid Use

School Telephone Call you about an advising Give to credit card company
number appointment who calls you about applying
for a new credit card

Hospital Medical history Can refer to past procedures Sell to drug company who
when you are admitted as a sends you information about its
patient drugs

Employer Personal email Will send to you the latest Provide to a local merchant
address company newsletter who is having a holiday sale

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 22
Secure IT: Protect Yourself and Your
Data (3 of 7)
Mobile users today often access their company networks through a
virtual private network (VPN).
A VPN is a private, secure path across a public network that allows
authorized users to secure access to a company or other network.
A VPN provides the mobile user with a secure connection to the
company’s network server as if the user has a private line.
VPNs help ensure that data is safe from being intercepted by
unauthorized people by encrypting data as it transmits from a
laptop, smartphone, or other mobile devices.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 23
 Secure IT: Protect Yourself and Your
Data (4 of 7)
Firewalls protect network resources
from outsiders and to restrict
employees’ access to sensitive data,
such as payroll or personnel records.
A proxy server is a server outside the
organization’s network that controls
which communications pass in and out
of the organization’s network.
Both Windows and Mac operating
systems include firewall capabilities,
including monitoring Internet traffic to
and from installed applications.
Figure 5-8 How a firewall works.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 24
 Secure IT: Protect Yourself and Your
Data (5 of 7)
Unauthorized access is the use of a computer or network without
permission. It is possibly an illegal activity.
Organizations take several measures to help prevent unauthorized
access and use.
An organization’s acceptable use policy (AUP) should specify the
acceptable use of technology by employees for personal reasons.
An organization should document and explain AUP to employees.
The AUP also should specify the personal activities, if any, that are
allowed on company time.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 25
 Secure IT: Protect Yourself and Your
Data (6 of 7)
Many organizations use access controls to minimize the chance that a
perpetrator, intentionally or an employee accidentally may access confidential
information on a computer, mobile device, or network.
The computer, device, or network should maintain an audit trail that records
access attempts, both successful and unsuccessful.
To protect against data loss caused by hardware, software, or information theft or
system failure, backup is required.
Online backup services use special software on the computer to monitor what files
have changed or have been created. Cloud backup services can save you the cost
of maintaining hardware.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 26
 Secure IT: Protect Yourself and Your
Table 5-4 Various backup
Data (7 of 7)
methods.
Type of Description Advantages Disadvantages
Backup
Full Backup Copies all of the files on Fastest recovery method; all files Longest backup time
media in the computer are saved

Differential Copies only the files that Fast backup method; requires Recovery is time-consuming because
backup have minimal storage space to back the last full backup and the differential
changed since the last full up backup are needed.
backup
Incremental Copies only the files that Fastest backup method; requires Recovery is most time-consuming
backup have minimal storage space to back because the last full backup and all
changed since the last full or up; only most recent changes incremental backups since the last full
incremental backup saved backup are needed.

Selective Users choose which folders Fast backup method; provides Difficult to manage individual file
backup and files to include in a great flexibility backups; least manageable of all the
backup backup methods
Continuous data All data is backed up The only real-time backup; Very expensive and requires a great
protection whenever very fast recovery of data amount of storage
a change is made.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27
 Wireless Security (1 of 5)
Protect Mobile Devices
Along with the protection of devices from theft, it is also necessary to protect the privacy of
your information.
Some risks from attacks on Wi-Fi networks include the following:
✔ Reading wireless transmissions or viewing or stealing computer data
✔ Injecting malware or downloading harmful content
Precautions
When using public Wi-Fi, be sure you are connecting to the approved wireless network.
Limit the type of activity you do on public networks to simple web surfing or watching
online videos.
Accessing online banking sites or sending confidential information that could be intercepted
is not a good idea.
Configuring your Wi-Fi wireless router to provide the highest level of security is an
important step.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28
 Wireless Security (2 of 5)

Table 5-5 Configuration settings for wireless routers.

Wireless Router Explanation Recommended Configuration
Settings
Access password This requires a password to access the Create a strong password so that attackers
configuration settings of the device. cannot access the wireless router and turn
off the security settings
Remote management Remote management allows the Turn off remote management so that
configuration settings to be changed someone outside cannot access the
from anywhere through an Internet configuration settings
connection.
Service Set Identifier The SSID is the name of the local Change this from the default setting to a
(SSID) wireless network. value that does not reveal the identity of
the owner or the location of the network
(such as MyWireNet599342)

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29
 Wireless Security (3 of 5)

Table 5-5 Configuration settings for wireless routers
(continued).
Wireless Router Settings Explanation Recommended Configuration

Wi-Fi Protected Access 2 WPA2 encrypts the wireless data Turn on WPA2 and set a strong pre-shared
(WPA2) Personal transmissions and also limits who can key, which must also be entered once on
access the Wi-Fi network. each mobile device
Wi-Fi Protected Setup (WPS) WPS simplifies setting up the security Turn off WPS due to its security
on a wireless router. vulnerabilities
Guest access Guest access allows temporary users Turn on guest access when needed and
to access the wireless network without turn it back off when the approved guests
any additional configuration settings. leave
Disable SSID broadcasts This prevents the wireless router from Leave SSID broadcasts on; turning them
advertising the wireless network to off only provide a very weak degree of
anyone in the area. security and may suggest to an
attacker that your network has valuable
information

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30
 Wireless Security (4 of 5)

Secure Your Wireless Network
The following list provides suggestions for securing your wireless network.
Immediately upon connecting your wireless access point and/or router, change the
password required to access administrative features
Change the SSID, or network name, from the default to something
Do not broadcast the SSID
Enable an encryption method, and specify a strong password
Enable and configure the Media Access Control (MAC) address control feature; a
MAC address is a unique hardware identifier for your computer or device
Choose a secure location for your wireless router so that unauthorized people
cannot access it

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31
 Wireless Security (5 of 5)

Cloud Data Privacy
The cloud offers a tremendous amount of storage space at a
relatively low cost; the security of data and the reliability of cloud
companies trigger concerns.
Two types of risks arising from cloud computing include:
✔ Personal risks: International laws and industry regulations
protect sensitive and personal data.
✔ Business risks: Ownership and security of data should be
included in any contract between a business and a cloud storage
provider.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 32
 Information Privacy (1 of 11)

Authentication is the process of ensuring that the person
requesting access to a computer or other resources is authentic and
not an imposter.
Different methods of authentication are:
✔ Passwords
✔ Biometrics
✔ 2 FA
✔ CAPTCHA
✔ Encryption

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 33
 Information Privacy (2 of 11)

Passwords
A username—a user ID
(identification), log-on name, or
sign-in name—is a unique
combination of characters,
numbers, or alphabets that
identifies one specific user.
A password is a secret
combination of letters,
numbers, and/or characters that
only the user should know.
Figure 5-9 User sign in requiring
password.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 34
 Information Privacy (3 of 11)
Table 5-6 Ten most Table 5-7 Numbers of
common passwords. possible passwords.
Rank Password Password Number of Average attempts to
length possible Break Password
1 123456 Passwords
2 123456789
3 qwerty 2 9025 4513

4 password
3 857,375 428,688
5 1111111
6 12345678 4 81,450,625 40,725,313
7 abc123
8 password1 5 7,737,809,375 3,868,904,688

9 1234567
6 735,091,890,625 367,545,945,313
10 12345

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 35
 Information Privacy (4 of 11)
Use a password manager, which is a program that helps you create and store
multiple strong passwords in a single user vault file that is protected by one strong
master password.
Password managers use two-step verification and advanced encryption
techniques to ensure information is stored securely.
Some organizations use passphrases to authenticate users.
A PIN (personal identification number), sometimes called a pass code, is a
numeric password. PINs provide an additional level of security.
A possessed object is any item that you must possess, or carry with you, to gain
access to a computer or computer facility. For example, badges, cards, smart
cards, and keys.
The card you use in an ATM (automated teller machine) is a possessed object
that allows access to your bank account.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 36
 Information Privacy (5 of 11)
Biometrics
Biometric security uses the unique
characteristics of your face, hands, or
eyes to authenticate you.
Some of the different types of biometrics
include:
✔ Retina
✔ Fingerprint
✔ Voice
✔ Face
✔ Iris
✔ Hand Figure 5-10 Facial
✔ Signature recognition.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 37
 Information Privacy (6 of 11)

Two-Factor Authentication is
multiple types of authentication.
The most common authentication
elements that are combined are
passwords and codes sent to a
cell phone using a text message.
Its short form is 2FA.
It makes authentication stronger.

Figure 5-12 Two-factor
authentication.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 38
 Information Privacy (7 of 11)

CAPTCHAs
CAPTCHA stands for “Completely
Automated Public Turing test to tell
Computers and Humans Apart.”
A CAPTCHA is a program developed
at Carnegie Mellon University that
displays an image containing a
series of distorted characters to
identify and enter to verify that user
input is from humans. Figure 5-13 CAPTCHAs
verify human usage.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 39
 Information Privacy (8 of 11)
Encryption
Encryption is the process of scrambling information in such a way that it cannot
be read unless the user possesses the key to unlock it so that it is returned to a
readable format (decryption).
A digital signature is an electronic, encrypted, and secure stamp of
authentication on a document issued by a CA organization.
Browser Security
Although all browsers are different, each can be configured for stronger security
through different settings.
Some of the important security settings include:
✔ Cookies, scripting, plug-ins, pop-ups, and clear browsing data

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 40
 Information Privacy (9 of 11)
Protect your Personal and Financial Information
Your personal information includes not only your identity but your financial information.
Attackers can impersonate you, either to cause distress or for their financial gain.
You can, and should, take several steps to prevent your information from being stolen and
falling into the hands of attackers.
Actions to Protect Your Personal and Financial Information
The United States has laws in place to help users monitor and protect their financial
information that is stored by a credit reporting agency.
You can request one free credit report annually to review your credit history and determine
if an attacker has secretly taken out a credit card or even a loan in your name.
You can also have a credit freeze (as well as a thaw) put on your credit information so that
it cannot be accessed without your explicit permission. These are also free.
It is a good idea to monitor your credit information regularly.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 41
 Information Privacy (10 of 11)
Protecting Your Online Profile
Several general defenses can be used for any social networking site.
First and foremost, you should be cautious about what information you post.
Second, you should be cautious regarding who can view your information.
Finally, you should pay close attention to information about new or updated security
settings.
Privacy Laws
Information collected and stored about individuals should be limited.
Once collected, provisions should be made to protect the data.
Personal information should be released outside the organization collecting the data
only when the person has agreed to its disclosure.
The individual should know that the data is being collected and have the opportunity to
determine the accuracy of the data.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 42
 Information Privacy (11 of 11)
Table 5-8 Some U.S. privacy laws.
Law Purpose
Children’s Internet Protection Act Protects minors from inappropriate content when accessing the Internet in
schools and libraries
Children’s Online Privacy Protection Act (COPPA) Requires websites to protect personal information of children under 13 years of
age
Digital Millennium Copyright Act (DMCA) Makes it illegal to circumvent antipiracy schemes in commercial software; outlaws
sale of devices that copy software illegally
Freedom of Information Act (FOIA) Enables public access to most government records

HIPAA (Health Insurance Portability and Protects individuals against the wrongful disclosure of their health information
Accountability Act)
PATRIOT (Provide Appropriate Tools Required to Gives law enforcement the right to monitor people’s activities, including web and
Intercept and Obstruct Terrorism) email habits
Privacy Act Forbids federal agencies from allowing information to be used for a reason other
than that for which it was collected
Fair and Accurate Credit Transactions Act (FACTA) Provides rules for financial institutions, including lenders and credit reporting
agencies, to protect consumers from fraud and identity theft

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 43
 Discussion Activity 5-1

Biometric devices are gaining in popularity. Discuss the advantages
and disadvantages of using biometrics over passwords/PINs.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 44
 How To: Establish Policies to Ensure
Safety (1 of 7)
Companies establish guidelines for
use, occasionally limit access, and
possibly oversee employees’
activities for unacceptable actions.
A code of conduct is a written
guideline that helps determine
whether a specification is ethical,
unethical or allowed or not allowed.
An IT code of conduct focuses on the
acceptable use of technology.

Figure 5-14 Sample IT code of
conduct.
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 45
 How To: Establish Policies to Ensure
Safety (2 of 7)
Content filtering is the process of restricting access to
certain materials. Many businesses use content filtering to
limit employees’ web access.
Web filtering software are programs that restrict access to
specified websites. Some also filter websites that use specific
words.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 46
 How To: Establish Policies to Ensure
Safety (3 of 7)
Employee Monitoring
Employee monitoring involves the use of computers, mobile
devices, or cameras to observe, record, and review an employee’s
use of technology, including communications such as email
messages, keyboard activity (used to measure productivity), and
websites visited.
Many programs exist that easily allow employers to monitor
employees.
If a company does not have a formal email policy, it can read email
messages without employee notification.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 47
 How To: Establish Policies to Ensure
Safety (4 of 7)
Disaster Recovery
A disaster recovery plan is a written plan that describes the steps an
organization would take to restore its computer operations in the event of a
disaster.
Each company and each department within an organization usually has its own.
It typically contains four components: Emergency plan, Back up plan, Recovery
plan, and Test plan
Emergency Plan
An emergency plan specifies the steps and is organized by type of disaster and
includes:
Names and phone numbers of people and organizations to notify
Computer equipment procedures and employee evacuation procedures
Return procedures (who can enter the facility and what actions they are to perform)
Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 48
 How To: Establish Policies to Ensure
Safety (5 of 7)
Backup Plan
The backup plan specifies how to use backup files and equipment to
resume computer operations, and includes:
The location of backup data, supplies, and equipment
Who is responsible for gathering backup resources and transporting
them to an alternate computer facility
The methods by which data will be restored from cloud storage
A schedule indicating the order and approximate time each
application should be up and running

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 49
 How To: Establish Policies to Ensure
Safety (6 of 7)
Recovery Plan:
The recovery plan specifies the actions to restore full computer
operations such as replacing hardware or software.
Test Plan:
The test plan includes simulating various levels of disasters and
recording the ability to recover.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 50
 How To: Establish Policies to Ensure
Safety (7 of 7)
Table 5-9 Considerations for disaster recovery.
Disaster Type What to Do First What Might Occur What to Include in the Plan
Natural Shut off power Power outage Generator
(earthquake, Evacuate, if necessary Phone lines down Satellite phone, list of employee
hurricane, tornado, Pay attention to advisories Structural damage to building phone numbers
etc.) Do not use phone lines if Road closings, transportation Alternate worksite
lightning occurs interruptions Action to be taken if employees are
Flooding not able to come to work/leave the
Equipment damage office
Wet/dry vacuums
Make and model numbers and vendor
information to get replacements
Man-made Notify authorities (fire Data loss Back up data at protected site
(hazardous departments, etc.) of Dangerous conditions for Protective equipment and an
material spill, immediate threat employees evacuation plan
terrorist Attempt to suppress fire Criminal activity, such as data Contact law enforcement
attacks, fire, or contain spill, if safe to do hacking and identity theft Make and model numbers and vendor
hackers, so Equipment damage information to obtain replacements
malware, etc.) Evacuate, if necessary

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 51
 Ethics and Issues: Inclusivity and
Digital Access (1 of 2)
Digital Inclusion
Digital inclusion is the movement to ensure that all users,
regardless of economic or geographic constraints, have access to
the devices, data, and infrastructure required to receive high-speed,
accurate, reliable information.
The goal of digital inclusion is to ensure that everyone has access
to all the online resources, including education, participation in the
local and national government, employment listings and interviews,
and health care access.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 52
 Ethics and Issues: Inclusivity and
Digital Access (2 of 2)
Some barriers to digital inclusion include:
Geographic areas that lack the infrastructure necessary to provide
reliable Internet access
Government restrictions or censorship
Affordable devices or connections
Lack of education
Lack of understanding of the value of technology

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 53
 Case Study Activity 5-1 (1 of 2)

Ms. Hania is a math teacher and uses her laptop only once a month for
making assignments. One day, after starting her laptop and signing in
to the operating system, a message was displayed stating that her
virus protections are out of date and need to be updated.
She is worried she got a virus.

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 54
 Case Study Activity 5-1 (2 of 2)

After reading the case study on the previous slide, answer the following
question:

What should Ms. Hania’s next step be?
a. Sign out and shut down the laptop
b. Visit a laptop repair center
c. Uninstall the firewall
d. Reinstall the protection software

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 55
 Case Study Activity 5-1: Answer

What should Ms. Hania’s next step be?
Answer: d
Reinstall the protection software

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 56
 Self-Assessment

1. Which biometric security practices have you incorporated to ensure
your information remains secure?
2. Have you or anyone you know experienced ‘hacking’ of personal
accounts? If yes, what type of information was hacked and how was
it resolved?
3. Take a few minutes and reflect on what you learned in this module.
What topics would you like to learn more about?

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 57
 Summary

Click the link to review the objectives for this module.
Link to Objectives

Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All
Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 58