Digital Security ICT PDF
Document Details
Uploaded by RadiantCactus
Tags
Related
- Digital Technology 3: Cybersecurity - Ministry of Education PDF
- The Critical Importance of Cybersecurity in Today's Digital Landscape PDF
- Discovering Computers Enhanced Edition 2017 PDF
- Authentication & Access Control PDF
- History of Cybersecurity & Evolution PDF
- Introduction to Cybersecurity Operations PDF
Summary
This document discusses digital security risks, internet and network attacks, unauthorized access and use, and information theft, providing definitions and examples related to computer and network security. It also includes a section on information privacy and ethics of using technology.
Full Transcript
# Digital Security Risks (1 of 3) - A digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability. - Any illegal act involving the use of a computer or related devices generally is r...
# Digital Security Risks (1 of 3) - A digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability. - Any illegal act involving the use of a computer or related devices generally is referred to as a computer crime. - A **cybercrime** is an online or Internet-based illegal act. # Internet and Network Attacks (1 of 5) - Information transmitted over networks has a higher degree of security risk than information kept on an organization's premises. - **Malware**, short for malicious software, consists of programs that act without a user's knowledge and deliberately alter the operations of computers and mobile devices. # Internet and Network Attacks (2 of 5) ## Table 5-1 Common Types of Malware | Type | Description | |------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Adware | A program that displays an online advertisement in a banner, pop-up window, or pop-under window on webpages, email messages, or other Internet services. | | Ransomware | A program that blocks or limits access to a computer, phone, or file until the user pays a specified amount of money. | | Rootkit | A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device. | | Spyware | A program placed on a computer or mobile device without the user's knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online. | | Trojan horse | A program that hides within or looks like a legitimate program. Unlike a virus or worm, a trojan horse does not replicate itself to other computers or devices. | | Virus | A potentially damaging program that affects, or infects, a computer or mobile device negatively by altering the way the computer or device works without the user's knowledge or permission. | | Worm | A program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer, device, or network. | # Internet and Network Attacks (4 of 5) - A **botnet** is a group of compromised computers or mobile devices connected to a network. - A compromised computer or device is known as a **zombie**. - A **denial of service attack (DoS attack)** disrupts computer access to an Internet service. - Distributed DoS attack (DDoS attack). - A **back door** is a program or set of instructions in a program that allow users to bypass security controls. - **Spoofing** is a technique intruders use to make their network or Internet transmission appear legitimate. # Internet and Network Attacks (5 of 5) - A **firewall** is hardware and/or software that protects a network's resources from intrusion. - A diagram showing hardware and/or software protecting a network from intrusion. # Unauthorized Access and Use (3 of 12) - Access controls define who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it. - The computer, device, or network should maintain an audit trail that records in a file both successful and unsuccessful access attempts. - **User name** - **Password** # Unauthorized Access and Use (4 of 12) - A diagram of a login screen prompting for a "User ID" and "Password" # Unauthorized Access and Use (5 of 12) - A **passphrase** is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name that allows access to certain computer resources. - A **PIN** (personal identification number), sometimes called a passcode, is a numeric password, either assigned by a company or selected by a user+. # Unauthorized Access and Use (6 of 12) - A possessed object is any item that you must possess, or carry with you, in order to gain access to a computer or computer facility. - A **biometric device** authenticates a person's identity by translating a personal characteristic into a digital code that is compared with a digital code stored in a computer or mobile device verifying a physical or behavioral characteristic. # Unauthorized Access and Use (7 of 12) - **Fingerprint reader** - A diagram showing a fingerprint reader # Unauthorized Access and Use (8 of 12) - **Face recognition system** - A diagram showing different ways a person unlocks their screen: entering a passcode, scanning a fingerprint, swiping a gesture. # Unauthorized Access and Use (9 of 12) - **Hand geometry system** - A diagram showing a hand geometry system # Unauthorized Access and Use (10 of 12) - **Iris recognition system** - **Signature verification system** - **Voice verification system** - A diagram showing a hand geometry system. # Unauthorized Access and Use (11 of 12) - **Two-step verification** uses two separate methods, one after the next, to verify the identity of a user. - A diagram showing an example of a two-step authentication. # Unauthorized Access and Use (12 of 12) - **Digital forensics** is the discovery, collection, and analysis of evidence found on computers and networks. - **Many areas use digital forensics**: - Law enforcementz - Criminal prosecutors - Military intelligence - Insurance agencies - Information security departments # Information Theft (1 of 4) - **Information theft** occurs when someone steals personal or confidential information. - **Encryption** is a process of converting data that is readable by humans into encoded characters to prevent unauthorized access. # Ethics and Society (1 of 6) - **Technology ethics** are the moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies. - **Information accuracy** is a concern: - Not all information on the web is correct. # Information Privacy (1 of 18) - **Information privacy** refers to the right of individuals and companies to deny or restrict the collection, use, and dissemination of information about them. - Huge databases store data online. - Websites often collect data about you, so that they can customize advertisements and send you personalized email messages. - Some employers monitor your computer usage and email messages. # Information Privacy (9 of 18) - A **cookie** is a small text file that a web server stores on your computer. - Websites use cookies for a variety of purposes: - Allow for personalization - Store user names and / or passwords - Assist with online shopping - Track how often users visit a site - Target advertisements # Information Privacy (11 of 18) - **Phishing** is a scam in which a perpetrator sends an official looking message that attempts to obtain your personal and/or financial information. - With **clickjacking**, an object that can be tapped or clicked on a website contains a malicious program. # Information Privacy (12 of 18) - **Spyware** is a program placed on a computer or mobile device without the user's knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online. - **Adware** is a program that displays an online advertisement in a banner, a pop-up window, or pop-under window on webpages, email messages, or other Internet services. # Information Privacy (13 of 18) - **Social engineering** is defined as gaining unauthorized access to or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. - The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data. # Information Privacy (16 of 18) - **Content filtering** is the process of restricting access to certain material. - Many businesses use content filtering. - **Web filtering software** restricts access to specified websites.
