Scan 04.pdf
Document Details
Uploaded by EndorsedUnicorn9244
Independent University, Bangladesh
Full Transcript
Chapter 1: Data Privacy Data stored about a person or an organization must remain private and unauthorized access to the data must be prevented - data privacy is required. So Data must/should be Fairly and lawfully processed ? Processed for the stated purpose ? Adequate, r...
Chapter 1: Data Privacy Data stored about a person or an organization must remain private and unauthorized access to the data must be prevented - data privacy is required. So Data must/should be Fairly and lawfully processed ? Processed for the stated purpose ? Adequate, relevant, not excessive and, accurate N o t be kept longer than necessary, and kept secure ? Processed i n accordance with the data subject's rights ? N o t be transferred to another country w/oadequate protection 2.1: U s e r accounts U s e r accounts are used t o authenticate a user ? Used on both standalone and networked computers ? Authentication usually done through a screen prompt asking for a u s e r n a m e and p a s s w o r d U s e r accounts c o n t r o l access r i g h t s ? Most systems have a hierarchy of access levels based on a person's L O G I N level o f security Rememetime ? Hierarchy achieved by linking each username (account) to the appropriate level of access 7:52 PM 200m < ) 10/29/2024 2.2: Use o f passwords Passwords are used to restrict access to data or systems. They should be hard to crack and changed frequently to retain security. Passwords can also take the form o f biometrics. We use passwords for example A c c e s s i n g e m a i l accounts ? Carryingout online banking or shopping Accessing social networking sites. S i d e 2.2: Use of passwords It is important that passwords are protected. Some ways o f doing this are to R u n anti-spyware software ? Regularly change passwords. M a k e sure passwords are difficult to crack or guess (for example, do not use your date o f birth or pet's name) Strong passwords should contain ? A t least one capital letter. A t least one numerical value ? A t least one other keyboard character (such as @,*, &) 2. v M u l t i p l e Choice 10 sec nich o n e y o u t h i n k is as t r o n g password? 7:52 P M 10/29/2024 2.3 Use of firewalls ? F r e a l l s can be software or h a r d r a r e - b a s e d Monitor & flter mfo gong into out of your derice from the Internet O Allow users to approve deny comm wextemal sources & alert them Tasks performed by firewalls: - Examine t r a f i c between devices'public n e t v o r k s Server - B l o c k t r a f i c t h a t doesn't match specific criteria -Log all ingoing outgoing traffic for future analysis Internet Firewall - P r e v e n t access t o h a r m f u l I P addresses Y o u r PC -Help protect vs.vinuses, hackers Hacker - W a r n users i f any s o f t w a r e tries c o n n e c t i n g t o e x t e r n a l d a t a sources 2.4 Use of Antivirus software ? Antivirus software continuously monitors for virus attacks i n the background Different A V software (like Microsoft defender preinstalled i n w i n d o w s 10/11) function differently, c o m m o n functions include: o Checking software/files prior to execution o Comparison with known virus database o Heuristic checking for suspicious behavior Quarantine suspect f l e s ; allowing automatic removal or manual review Regular updates necessary due to constant discovery o f new viruses W e e k l y f u l l system scans recommended to detect dormant viruses Slide 2.5 Use of Encryption In simpler terns, encryption takesreadable data (plaintext) and alters it so that it appcars random (ciphertext). I n more technical terms, it is a mathematical process that alters data using an encryption algorithm and a kéy. The key and the process is complex enough that a brute force attack (trying to guess or trying all possible combinations) is unlikely to succeed i n a reasonable time. Decryption is the process to transform unreadable data back to readable format using the same key or a different decryption key, However offers no protection against file deletion by attackers only safeguards data integrity & confidentiality slide 2.6USe of Biometrics ? In an attempt to stay one step ahead of hackers and malware writers, many modern computer devices use biometrics as part o f the password system ? Biometrics rely on the unique characteristics of human beings. Examples include fingerprint scans, retina scans (pattern of blood capillary structure), face recognition and voice recognition 3.1 Hacking There are two types o f backing: malicious and ethical. ? Malicious: Unauthorized access, aims at harm e.g., stealing sensitive info, mnodifying files o Mitigation: strong passwords, firewalls, intrusion detection tools ? E t h i c a l ( " W h i t e H a t " ) : A u t h o r i z e d testing, evaluating cyber security strength o L e g a l , commissioned b y organizations, compensated 3.2 M a l w a r e Malwares are small programs and are one of the biggest risks to the integrity and sccurity o f data on a computer system. Antivirus/ Malware removers are nccdcd to removethese. ? Viruses: Selfreplicate, dclete comupt filcs., require active bost prog i n f e c t e d o s ? Worms: Stand-alonc viruscs sccking other vuinerable computers via networks ? Logie Bombs: Embedded codes triggered under specified conditions ( e g. dates) ? Trojans: Harmful progs. masqucrading as legit. softwarcs, replacing parts ? Bots: Automated scripts: potential harn from unauthorized takeover & attacks ?Spyware: Monitors keystrokes, scnds gathercd info to scnder (keylogging) 25.Slide Previ 3.3 Phishing Phishing is when someone sends legitimate-looking emails to users containing links or attachments which, when clicked. take the user toa fake website, or they may trick the user into responding with personal data such as bank account details or credit card numbers. Here are condensed points to fit in one slide regarding preventing phishing attacks: - Be vigilant for new phishing scams (do a web search to see if someone has reported such scams) - Avoid clicking unconfimed links and unknown File Downloads - Be cautious of offers that are too good to betrue -Utilize anti-phishing toolbars on web browsers (tablets, smartphones) for warnings on potentially dangerous URLs -Periodically examine digital accounts, modify passwords routinely Additional steps to take to stay safe and protect your data w h i l e surfing the internet ? Use 2 F a c t o r Authentication i f available. In 2FA the user is prompted to log in to their account on a website or application using their usename and password as usual but then o the user is prompted to provide a second form o f authentication like a phone number, fingerprint, or security code. o I n m a n y cases a o n e - t i m e c o d e ( o r o n e t i m e p a s s w o r d O T P ) is sent t o a m o b i l e d e v i c e or e m a i l address. o T h a t o n e - t i m e c o d e m u s t also be entered to v e r i f y a c c o u n t o w n e r s h i p b e f o r e t h e user c a n l o g i n a n d access t h e i r account. A d d i t i o n a l steps to take to stay safe a n d protect y o u r data w h i l e s u r f i n g the i n t e r n e t ? Use a Virtual Private Network (VPN) or Private Browsing o V P N encrypts your data and location (IP address) and O allows you to change your virtual location to bypass geo-locked websites ? Check and understand your Social Media Account's privacy setting O to control w h o can see y o u r personal information o t o limit access to your profle o These help protect your data from being misused ? Turn o f f GPS, Bluetooth A d d i t i o n a l steps t o take to stay safe and protect y o u r data while surfing the internet ? Check and understand your browser settings o Deactivate A u t o f i l l Feature o Do not let it save your password o Log out o f accounts instead of just closing the browser Update cookies and set alerts o Use caution w i t h hotspots and public W i - F i o Watch for " H T T P S " and green lock icon in address bars suggesting secured connection E n p l o y recent browser version equipped with newest safety enhancements Use caution when using P2P or Tor applications to access the "dark web" 33.SIide Preview Computer Ethics Computer ethics is a set o f principles set out to regulate the use o f computers. T h r e e f a c t o r s are c o n s i d e r e d : Intellectual property rights, for example, copying o f software / datawithout the permission o f the owner. ? Privacy issues, for example, hacking or any illegal access to another person's personal data. ? Effect o f computers on society, for example, job losses, social impacts, and so on. 35.Slide Preview Internet Ethics / Etiquette Netiquette and online ethics refer to guidelines for proper conduct in online settings ? What does good web etiquette Look Like? Recognizing that the internet is an extension o f society, Applying the same standards online as we do in public Respect others' privacy - do not share other's private information to others o Share personal infomation (text, photos) wisely - these will probably live forever and your future employers and collaborators are likely to check your online profile 3 6. S l i d e O Preview Internct Ethics / Etiquette ? Acknowledging cultural differences o f i n d ways to accept that the social values and n o m s o f some netizens w i l l not be the social values and norms o f all netizens. ? Refuse to empower abuse and harassment w h i l e online o theft, b u l l y i n g , h a r a s s m e n t o n l i n e is s t i l l theft. b u l l y i n g a n d harassment Keep the spam to a minimum y o u d o n tneed to forward every chain emailyou receive or share every article you read on social media O share content that is meaningful Slide