Digital Security PDF
Document Details
Uploaded by AltruisticObsidian9832
2018
Tags
Summary
This document covers various aspects of digital security, including risks, attacks, access controls, and privacy concerns. It details different types of malicious software, such as adware, ransomware, and spyware, and explains how they operate. It also outlines concepts like encryption, two-step verification, and the importance of access controls to prevent unauthorized access and use.
Full Transcript
# Digital Security Risks (1 of 3) - A digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability - Any illegal act involving the use of a computer or related devices generally is ref...
# Digital Security Risks (1 of 3) - A digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability - Any illegal act involving the use of a computer or related devices generally is referred to as a computer crime - A cybercrime is an online or Internet-based illegal act # Internet and Network Attacks (1 of 5) - Information transmitted over networks has a higher degree of security risk than information kept on an organization's premises - Malware, short for malicious software, consists of programs that act without a user's knowledge and deliberately alter the operations of computers and mobile devices # Internet and Network Attacks (2 of 5) ## Table 5-1 Common Types of Malware | Type | Description | |-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Adware | A program that displays an online advertisement in a banner, pop-up window, or pop-under window on webpages, email messages, or other Internet services. | | Ransomware| A program that blocks or limits access to a computer, phone, or file until the user pays a specified amount of money. | | Rootkit | A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device. | | Spyware | A program placed on a computer or mobile device without the user's knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online. | | Trojan horse| A program that hides within or looks like a legitimate program. Unlike a virus or worm, a trojan horse does not replicate itself to other computers or devices. | | Virus | A potentially damaging program that affects, or infects, a computer or mobile device negatively by altering the way the computer or device works without the user's knowledge or permission. | | Worm | A program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer, device, or network. | # Internet and Network Attacks (4 of 5) - A botnet is a group of compromised computers or mobile devices connected to a network - A compromised computer or device is known as a zombie - A denial of service attack (DoS attack) disrupts computer access to an Internet service - Distributed DoS attack (DDoS attack) - A back door is a program or set of instructions in a program that allow users to bypass security controls - Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate # Internet and Network Attacks (5 of 5) - A firewall is hardware and/or software that protects a network's resources from intrusion A diagram depicting how a firewall protects a network # Unauthorized Access and Use (3 of 12) - Access controls define who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it - The computer, device, or network should maintain an audit trail that records in a file both successful and unsuccessful access attempts - User name - Password # Unauthorized Access and Use (4 of 12) An image of a webpage login form Many websites that maintain personal and confidential data, such as Citibank's credit card system, require a user to enter a user name (user ID) and password. Source: Citigroup Inc. # Unauthorized Access and Use (5 of 12) - A passphrase is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name that allows access to certain computer resources - A PIN (personal identification number), sometimes called a passcode, is a numeric password, either assigned by a company or selected by a user. # Unauthorized Access and Use (6 of 12) - A possessed object is any item that you must possess, or carry with you, in order to gain access to a computer or computer facility - A biometric device authenticates a person's identity by translating a personal characteristic into a digital code that is compared with a digital code stored in a computer or mobile device verifying a physical or behavioral characteristic # Unauthorized Access and Use (7 of 12) - Fingerprint reader An image of a fingerprint reader # Unauthorized Access and Use (8 of 12) - Face recognition system An image depicting ways users unlock screens including entering a passcode, scanning a fingerprint, and swiping a gesture. # Unauthorized Access and Use (9 of 12) - Hand geometry system An image of a hand geometry system A hand geometry system verifies identity based on the shape and size of a person's hand. Courtesy of Ingersoll Rand Security Technologies # Unauthorized Access and Use (10 of 12) - Iris recognition system - Signature verification system - Voice verification system An image of a hand geometry system A hand geometry system verifies identity based on the shape and size of a person's hand. Courtesy of Ingersoll Rand Security Technologies # Unauthorized Access and Use (11 of 12) - Two-step verification uses two separate methods, one after the next, to verify the identity of a user An image depicting two-step verification This figure shows an example of two-step authentication. Source: Microsoft # Unauthorized Access and Use (12 of 12) - Digital forensics is the discovery, collection, and analysis of evidence found on computers and networks - Many areas use digital forensics - Law enforcement - Criminal prosecutors - Military intelligence - Insurance agencies - Information security departments # Information Theft (1 of 4) - Information theft occurs when someone steals personal or confidential information - Encryption is a process of converting data that is readable by humans into encoded characters to prevent unauthorized access # Ethics and Society (1 of 6) - Technology ethics are the moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies - Information accuracy is a concern - Not all information on the web is correct # Information Privacy (1 of 18) - Information privacy refers to the right of individuals and companies to deny or restrict the collection, use, and dissemination of information about them - Huge databases store data online - Websites often collect data about you, so that they can customize advertisements and send you personalized email messages. - Some employers monitor your computer usage and email messages # Information Privacy (9 of 18) - A cookie is a small text file that a web server stores on your computer - Websites use cookies for a variety of purposes: - Allow for personalization - Store user names and/or passwords - Assist with online shopping - Track how often users visit a site - Target advertisements # Information Privacy (11 of 18) - Phishing is a scam in which a perpetrator sends an official looking message that attempts to obtain your personal and/or financial information - With clickjacking, an object that can be tapped or clicked on a website contains a malicious program # Information Privacy (12 of 18) - Spyware is a program placed on a computer or mobile device without the user's knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online - Adware is a program that displays an online advertisement in a banner, a pop-up window, or pop-under window on webpages, email messages, or other Internet services # Information Privacy (13 of 18) - Social engineering is defined as gaining unauthorized access to or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others - The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data # Information Privacy (16 of 18) - Content filtering is the process of restricting access to certain material - Many businesses use content filtering - Web filtering software restricts access to specified websites