Discovering Computers: Chapter 8 - Digital Security, Ethics, and Privacy PDF

Discovering Computers Tools, Apps, Devices, and the Impact of Technology Chapter 8 Digital Security, Ethics, and Privacy Objectives Overview Describe various types Define the term, digital Discuss techniques to of Internet and network security risks, and prevent unauthorized attacks, and explain briefly describe the computer access and ways to safeguard types of cybercriminals use against these attacks Explain the ways that Discuss how software manufacturers encryption, digital protect against signatures, and digital software piracy certificates work 2 Objectives Overview Identify risks and Identify safeguards Explain the options safeguards associated against hardware theft, available for backing up with wireless vandalism, and failure communications Recognize issues related to information accuracy, Discuss issues intellectual property surrounding information rights, codes of conduct, privacy and green computing 3 Digital Security Risks A digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability Any illegal act involving the use of a computer or related devices generally is referred to as a computer crime A cybercrime is an online or Internet-based illegal act 4 Digital Security Risks 5 Digital Security Risks Hacker Cracker Script kiddie Unethical Corporate spies Cyberextortionist employees Cyberterrorist 6 Internet and Network Attacks Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises Malware, short for malicious software, consists of programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devices 7 Internet and Network Attacks 8 Internet and Network Attacks A botnet is a group of compromised computers or mobile devices connected to a network – A compromised computer or device is known as a zombie A denial of service attack (DoS attack) disrupts computer access to an Internet service – Distributed DoS attack (DDoS attack) A back door is a program or set of instructions in a program that allow users to bypass security controls Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate 9 Internet and Network Attacks A firewall is hardware and/or software that protects a network’s resources from intrusion 10 Unauthorized Access and Use Unauthorized access is Unauthorized use is the the use of a computer or use of a computer or its network without data for unapproved or permission possibly illegal activities 11 Unauthorized Access and Use Organizations take several measures to help prevent unauthorized access and use – Acceptable use policy – Disable file and printer sharing 12 Unauthorized Access and Use Access controls define who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it The computer, device, or network should maintain an audit trail that records in a file both successful and unsuccessful access attempts – User name – Password 13 Unauthorized Access and Use A passphrase is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name that allows access to certain computer resources A PIN (personal identification number), sometimes called a passcode, is a numeric password, either assigned by a company or selected by a user A possessed object is any item that you must possess, or carry with you, in order to gain access to a computer or computer facility A biometric device authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer or mobile device verifying a physical or behavioral characteristic 14 Unauthorized Access and Use Face Fingerprint recognition reader system Hand Voice geometry verification system system Signature Iris verification recognition system system 15 Unauthorized Access and Use Two-step verification uses two separate methods, one after the next, to verify the identity of a user 16 Unauthorized Access and Use Digital forensics is the discovery, collection, and analysis of evidence found on computers and networks Many areas use digital forensics Law Criminal Military enforcement prosecutors intelligence Information Insurance security agencies departments 17 Software Theft Software theft occurs when someone: Steals software Intentionally media erases programs Illegally registers Illegally copies a and/or activates program a program 18 Software Theft Many manufacturers incorporate an activation process into their programs to ensure the software is not installed on more computers than legally licensed During the product activation, which is conducted either online or by phone, users provide the software product’s identification number to associate the software with the computer or mobile device on which the software is installed 19 Software Theft A license agreement is the right to use software 20 Information Theft Information theft occurs when someone steals personal or confidential information Encryption is a process of converting data that is readable by humans into encoded characters to prevent unauthorized access 21 Information Theft 22 Information Theft A digital signature is an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender – Often used to ensure that an impostor is not participating in an Internet transaction A digital certificate is a notice that guarantees a user or a website is legitimate A website that uses encryption techniques to secure its data is known as a secure site 23 Information Theft 24 Hardware Theft, Vandalism, and Failure Hardware vandalism Hardware theft is is the act of defacing the act of stealing or destroying digital digital equipment equipment 25 Hardware Theft, Vandalism, and Failure 26 Backing Up – The Ultimate Safeguard A backup is a duplicate of a file, program, or media that can be used if the original is lost, damaged, or destroyed – To back up a file means to make a copy of it Off-site backups are stored in a location separate from the computer or mobile device site Cloud Storage 27 Backing Up – The Ultimate Safeguard Categories of backups: Three-generation – Full backup policy – Differential Grandparent – Incremental – Selective – Continuous data protection Parent – Cloud Child 28 Backing Up – The Ultimate Safeguard 29 Wireless Security Wireless access poses additional security risks Some perpetrators connect to other’s wireless networks to gain free Internet access or confidential data Others connect to a network through an unsecured wireless access point (WAP) or combination router/WAP 30 Ethics and Society Technology ethics are the moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies Information accuracy is a concern – Not all information on the Internet is correct 31 Ethics and Society Intellectual property refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos Intellectual property rights are the rights to which creators are entitled to their work A copyright protects any tangible form of expression Digital rights management (DRM) is a strategy designed to prevent illegal distribution of movies, music, and other digital content 32 Ethics and Society A code of conduct is a written guideline that helps determine whether a specification is ethical/unethical or allowed/not allowed 33 Ethics and Society Green computing involves reducing the electricity and environmental waste while using computers, mobile devices, and related technologies 34 Information Privacy Information privacy refers to the right of individuals and companies to deny or restrict the collection, use, and dissemination of information about them Huge databases store data online Websites often collect data about you, so that they can customize advertisements and send you personalized email messages Some employers monitor your computer usage and email messages 35 Information Privacy 36 Information Privacy Information about you can be stored in a database when you: – Fill out a printed or online form – Create a profile on an online social network – Register a product warranty 37 Information Privacy A cookie is a small text file that a web server stores on your computer Websites use cookies for a variety of reasons: Store user Assist with Allow for names and/or online personalization passwords shopping Track how often users Target visit a site advertisements 38 Information Privacy 39 Information Privacy Phishing is a scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and/or financial information With clickjacking, an object that can be tapped or clicked on a website contains a malicious program 40 What Is Phishing_ How Do I Avoid the Bait Information Privacy Spyware is a program placed on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online Adware is a program that displays an online advertisement in a banner or pop-up window on webpages, email messages, or other Internet services 42 Pegasus_ the spyware technology that threatens democracy Information Privacy Social engineering is defined as gaining unauthorized access to or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others 44 What is Social Engineering_ Information Privacy The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data – See Table 5-3 on page 246 for a listing of major U.S. government laws concerning privacy 43 Information Privacy Employee monitoring involves the use of computers, mobile devices, or cameras to observe, record, and review an employee’s use of a technology, including communications such as email messages, keyboard activity (used to measure productivity), and websites visited Many programs exist that easily allow employers to monitor employees. Further, it is legal for employers to use these programs 44 Information Privacy Content filtering is the process of restricting access to certain material – Many businesses use content filtering Web filtering software restricts access to specified websites 45 Summary Risks and safeguards associated with Internet and network attacks, unauthorized access and Variety of digital security risks Cybercrime and cybercriminals use, software theft, information theft, and hardware theft, vandalism, and failure Various backup strategies and Ethical issues in society and methods of securing wireless various ways to protect the communications privacy of personal information 46 Discovering Computers Tools, Apps, Devices, and the Impact of Technology Chapter 8 Digital Security, Ethics, and Privacy Chapter 8 Complete

Discovering Computers: Chapter 8 - Digital Security, Ethics, and Privacy PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue