Discovering Computers: Digital Technology, Data, and Devices PDF
Document Details
Uploaded by WellBacklitCerium8931
2023
Jennifer T. Campbell
Tags
Related
Summary
This document is a module from a textbook titled "Discovering Computers: Digital Technology, Data, and Devices, 17e" published by Cengage, covering Digital Security, Ethics, and Privacy. It includes information on computer security and related topics.
Full Transcript
Discovering Computers: Digital Technology, Data, and Devices, 17e...
Discovering Computers: Digital Technology, Data, and Devices, 17e Module 5: Digital Security, Ethics, and Privacy: Avoiding and Recognizing Threats Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. Rights May not Reserved. be scanned, Maycopied not be or scanned, duplicated, copied or posted or duplicated, to a publicly or posted accessible to a publicly website, accessible in whole website, or in part. in whole or in part. 1 Icebreaker: Interview Simulation You may have heard of Facebook hackers who use people’s personal data to make fake IDs, log into people’s social networks, and more. What precautions can you take to help avoid getting into this type of situation? Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2 Module Objectives (1 of 1) By the end of this module, you should be able to: Identify risks associated with technology use Identify cybercrimes and criminals Recognize issues related to information accuracy, intellectual property rights, and green computing Describe ways to safeguard against various types of Internet and network attacks Discuss techniques to prevent unauthorized computer access and use Identify risks and safeguards associated with wireless communications Discuss issues surrounding information privacy Describe how schools and businesses protect themselves Explain the importance of inclusivity and digital access Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3 Risks Associated with Technology Use (1 of 5) A risk is any possibility that something might occur resulting in an injury or a loss. A digital security risk is any event or action that could cause a loss of or damage to computer or mobile device hardware, software, data, information, or processing capability. Types of digital security risks include threats to our information, physical health, mental health, and the Figure 5-1 You can protect environment. yourself from digital security risks. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4 Cybercrimes and Criminals (2 of 5) State-sponsored attackers are employed by the government to launch computer attacks against their enemies through nation-state actors. The term, cyberwarfare, describes an attack whose goal ranges from disabling a government’s computer network to crippling a country. These attackers try to steal and then use your credit card numbers, online financial account information, or Social Security numbers using data mining. Data mining is the process of sifting through Big Data to find the important questions that will yield fruitful results. A cyber extortionist is an individual who threatens to expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization’s network. Social engineering is a category of attack that attempts to trick the victim into giving valuable information to the attacker. − Examples include hoaxes and phishing Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5 Risks Associated with Technology Use (3 of 5) Any illegal act involving the use of a computer or related devices is generally referred to as a computer crime and the term cybercrime refers to online or Internet-based illegal acts, such as distributing malicious software or committing identity theft. Software used by cybercriminals is called crimeware. Cybersecurity is the practice of protection against digital threats, including unauthorized or illegal access to data. Digital forensics, or cyber forensics is the discovery, collection, and analysis of evidence found on computers and networks. A digital forensics examiner must have knowledge of the law, technical experience with many types of hardware and software products, superior communication skills, familiarity with corporate structures and policies, a willingness to learn and update skills, and a knack for problem-solving. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6 Risks Associated with Technology Use (4 of 5) A digital detox is a period of time during which an individual refrains from using technology. Threat actor is a more general and common term used to describe individuals who launch attacks against other users and their computers. The dark web is a part of the web that is accessed using specialized software, where users and website operators can remain anonymous while performing illegal actions. Script kiddies are individuals who want to attack computers. A hacker is a person who intends to access a computer system without permission. A cracker is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. Hacktivists are attackers who are strongly motivated by principles or beliefs. Cyberterrorists attack a nation’s computer networks, like the electrical power grid, to cause disruption and panic among citizens. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7 Cybercrimes and Criminals (5 of 5) Table 5-1 Social engineering principles. Principle Description Example Authority Directed by someone impersonating “I’m the CEO calling.” authority figure or falsely citing their authority Intimidation To frighten and coerce by threat “If you don’t reset my password, I will call your supervisor.” Consensus Influenced by what others do “I called last week and your colleague reset my password.” Scarcity Something is in short supply “I can’t waste time here.” Urgency Immediate action is needed “My meeting with the board starts in five minutes.” Familiarity Victim well-known and well-received “I remember reading a good evaluation on you.” Trust Help a person known to you “You know who I am.” Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8 Ethics and Society (1 of 4) The standards that determine whether an action is good or bad are known as ethics. Technology ethics are the moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies. Frequently discussed areas of computer ethics include information accuracy, intellectual property rights, and green computing. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9 Ethics and Society (2 of 4) Information Accuracy Information accuracy is a concern today because many users access information maintained by other people or companies, such as on the Internet. With graphics equipment and software, users can easily digitize Figure 5-3 A digitally edited photo photos and then add, change, or that shows a fruit that looks like an remove images. apple on the outside and an orange on the inside. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10 Ethics and Society (3 of 4) Intellectual Property Rights Intellectual property rights are the rights to which creators are entitled to their work. Creative Commons is another source for finding content that may or may not be used, along with any restrictions or payment needed to use it. A common infringement of copyright is piracy, where people illegally copy software, movies, and music. These issues with copyright law led to the development of the digital rights management strategy. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11 Ethics and Society (4 of 4) Green Computing Green computing involves reducing electricity and environmental waste while using computers, mobile devices, and related technologies. Organizations can implement a variety of measures to reduce electrical waste. Figure 5-5 A list of suggestions to make computing healthy for the environment. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 12 Internet and Network Attacks (1 of 6) Information transmitted over networks has higher degree of a security risk than information kept on an organization’s premises. These types of attacks can affect your privacy, personal information, finances, and more. Malware is short for malicious software which consists of programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devices. Malware can deliver its payload, or destructive event or prank, on a computer or mobile device in a variety of ways. A common way that computers and mobile devices become infected with viruses and other malware is through users opening infected email attachments. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 13 Internet and Network Attacks (2 of 6) Table 5-2 Common types of malware. Type Description Adware A program that displays an online advertisement in a banner, pop-up window, or pop-under window on web pages, email messages, or other Internet services Ransomware A program that blocks or limits access to a computer, phone, or file until the user pays a specified amount of money Rootkit A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device Spyware A program placed on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online Trojan horse A program that hides within or looks like a legitimate program. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers or devices Virus A potentially damaging program that affects, or infects, a computer or mobile device negatively by altering the way the computer or device works without the user’s knowledge or permission Worm A program that copies itself repeatedly, for example, in memory or on a network, using up resources and possibly shutting down the computer, device, or network Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 14 Internet and Network Attacks (3 of 6) Botnets A compromised computer or device, known as a zombie, is one whose owner is unaware that the computer or device is being controlled remotely by an outsider. A botnet, or zombie army, is a group of compromised computers or mobile devices connected to a network that are used to attack other networks, usually for nefarious purposes. A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on unprotected computers and devices to create botnets. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 15 Internet and Network Attacks (4 of 6) Denial of Service Attacks A DoS attack is a type of attack, usually on a server, that is meant to overload the server with network traffic so that it cannot provide necessary services, such as the web or email. A more devastating type of DoS attack is the distributed DoS (DDoS) attack in which multiple computers, such as a zombie army, are used to attack a server or other network resource. The damage caused by a DoS or DDoS attack usually is extensive. Back Doors A back door is a program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network. A rootkit can be a back door. Some worms leave back doors, which have been used to spread other worms or to distribute spam from the unsuspecting victim’s computers. Programmers often build back doors into programs during system development to save development time. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 16 Internet and Network Attacks (5 of 6) Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim’s computer or network. Two common types of spoofing schemes are IP and address spoofing. ✔ IP spoofing occurs when an intruder computer tricks a network into believing its IP address is associated with a trusted source. ✔ Address spoofing occurs when Figure 5-5 Spoofers alter the the sender’s email address or components and header of an email other components of an email message so that it appears the message header are altered. originated from a different sender. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17 Internet and Network Attacks (6 of 6) Practices for Protection from Viruses and Other Malware Use virus protection software Use a firewall Be suspicious of all unsolicited email and text messages Disconnect your computer from the Internet Download software with caution Close spyware windows Before using any removable media, scan it for malware Keep current and back up regularly Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18 Knowledge Check Activity 5-1 True or False? Rootkit is the only type of malware that is a back door. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 19 Knowledge Check Activity 5-1: Answer Rootkit is the only type of malware that is a back door. Correct Answer: True Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 20 Secure IT: Protect Yourself and Your Data (1 of 7) Your digital footprint is the record of everything you do online. A digital footprint can be nearly impossible to completely erase. Firewalls and access controls protect data and information on computers and other devices For most computer users, the greatest risk comes from attackers who want to steal their information for their own financial gain. The risks you face online when using the Internet or email include: ✔ Online Banking ✔ E-commerce Shopping ✔ Fake Websites ✔ Social Media Sites Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 21 Secure IT: Protect Yourself and Your Data (2 of 7) Table 5-3 Uses of personal information. Organization Information Valid Use Invalid Use School Telephone Call you about an advising Give to credit card company number appointment who calls you about applying for a new credit card Hospital Medical history Can refer to past procedures Sell to drug company who when you are admitted as a sends you information about its patient drugs Employer Personal email Will send to you the latest Provide to a local merchant address company newsletter who is having a holiday sale Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 22 Secure IT: Protect Yourself and Your Data (3 of 7) Mobile users today often access their company networks through a virtual private network (VPN). A VPN is a private, secure path across a public network that allows authorized users to secure access to a company or other network. A VPN provides the mobile user with a secure connection to the company’s network server as if the user has a private line. VPNs help ensure that data is safe from being intercepted by unauthorized people by encrypting data as it transmits from a laptop, smartphone, or other mobile devices. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 23 Secure IT: Protect Yourself and Your Data (4 of 7) Firewalls protect network resources from outsiders and to restrict employees’ access to sensitive data, such as payroll or personnel records. A proxy server is a server outside the organization’s network that controls which communications pass in and out of the organization’s network. Both Windows and Mac operating systems include firewall capabilities, including monitoring Internet traffic to and from installed applications. Figure 5-8 How a firewall works. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 24 Secure IT: Protect Yourself and Your Data (5 of 7) Unauthorized access is the use of a computer or network without permission. It is possibly an illegal activity. Organizations take several measures to help prevent unauthorized access and use. An organization’s acceptable use policy (AUP) should specify the acceptable use of technology by employees for personal reasons. An organization should document and explain AUP to employees. The AUP also should specify the personal activities, if any, that are allowed on company time. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 25 Secure IT: Protect Yourself and Your Data (6 of 7) Many organizations use access controls to minimize the chance that a perpetrator, intentionally or an employee accidentally may access confidential information on a computer, mobile device, or network. The computer, device, or network should maintain an audit trail that records access attempts, both successful and unsuccessful. To protect against data loss caused by hardware, software, or information theft or system failure, backup is required. Online backup services use special software on the computer to monitor what files have changed or have been created. Cloud backup services can save you the cost of maintaining hardware. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 26 Secure IT: Protect Yourself and Your Table 5-4 Various backup Data (7 of 7) methods. Type of Description Advantages Disadvantages Backup Full Backup Copies all of the files on Fastest recovery method; all files Longest backup time media in the computer are saved Differential Copies only the files that Fast backup method; requires Recovery is time-consuming because backup have minimal storage space to back the last full backup and the differential changed since the last full up backup are needed. backup Incremental Copies only the files that Fastest backup method; requires Recovery is most time-consuming backup have minimal storage space to back because the last full backup and all changed since the last full or up; only most recent changes incremental backups since the last full incremental backup saved backup are needed. Selective Users choose which folders Fast backup method; provides Difficult to manage individual file backup and files to include in a great flexibility backups; least manageable of all the backup backup methods Continuous data All data is backed up The only real-time backup; Very expensive and requires a great protection whenever very fast recovery of data amount of storage a change is made. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27 Wireless Security (1 of 5) Protect Mobile Devices Along with the protection of devices from theft, it is also necessary to protect the privacy of your information. Some risks from attacks on Wi-Fi networks include the following: ✔ Reading wireless transmissions or viewing or stealing computer data ✔ Injecting malware or downloading harmful content Precautions When using public Wi-Fi, be sure you are connecting to the approved wireless network. Limit the type of activity you do on public networks to simple web surfing or watching online videos. Accessing online banking sites or sending confidential information that could be intercepted is not a good idea. Configuring your Wi-Fi wireless router to provide the highest level of security is an important step. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28 Wireless Security (2 of 5) Table 5-5 Configuration settings for wireless routers. Wireless Router Explanation Recommended Configuration Settings Access password This requires a password to access the Create a strong password so that attackers configuration settings of the device. cannot access the wireless router and turn off the security settings Remote management Remote management allows the Turn off remote management so that configuration settings to be changed someone outside cannot access the from anywhere through an Internet configuration settings connection. Service Set Identifier The SSID is the name of the local Change this from the default setting to a (SSID) wireless network. value that does not reveal the identity of the owner or the location of the network (such as MyWireNet599342) Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29 Wireless Security (3 of 5) Table 5-5 Configuration settings for wireless routers (continued). Wireless Router Settings Explanation Recommended Configuration Wi-Fi Protected Access 2 WPA2 encrypts the wireless data Turn on WPA2 and set a strong pre-shared (WPA2) Personal transmissions and also limits who can key, which must also be entered once on access the Wi-Fi network. each mobile device Wi-Fi Protected Setup (WPS) WPS simplifies setting up the security Turn off WPS due to its security on a wireless router. vulnerabilities Guest access Guest access allows temporary users Turn on guest access when needed and to access the wireless network without turn it back off when the approved guests any additional configuration settings. leave Disable SSID broadcasts This prevents the wireless router from Leave SSID broadcasts on; turning them advertising the wireless network to off only provide a very weak degree of anyone in the area. security and may suggest to an attacker that your network has valuable information Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30 Wireless Security (4 of 5) Secure Your Wireless Network The following list provides suggestions for securing your wireless network. Immediately upon connecting your wireless access point and/or router, change the password required to access administrative features Change the SSID, or network name, from the default to something Do not broadcast the SSID Enable an encryption method, and specify a strong password Enable and configure the Media Access Control (MAC) address control feature; a MAC address is a unique hardware identifier for your computer or device Choose a secure location for your wireless router so that unauthorized people cannot access it Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31 Wireless Security (5 of 5) Cloud Data Privacy The cloud offers a tremendous amount of storage space at a relatively low cost; the security of data and the reliability of cloud companies trigger concerns. Two types of risks arising from cloud computing include: ✔ Personal risks: International laws and industry regulations protect sensitive and personal data. ✔ Business risks: Ownership and security of data should be included in any contract between a business and a cloud storage provider. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 32 Information Privacy (1 of 11) Authentication is the process of ensuring that the person requesting access to a computer or other resources is authentic and not an imposter. Different methods of authentication are: ✔ Passwords ✔ Biometrics ✔ 2 FA ✔ CAPTCHA ✔ Encryption Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 33 Information Privacy (2 of 11) Passwords A username—a user ID (identification), log-on name, or sign-in name—is a unique combination of characters, numbers, or alphabets that identifies one specific user. A password is a secret combination of letters, numbers, and/or characters that only the user should know. Figure 5-9 User sign in requiring password. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 34 Information Privacy (3 of 11) Table 5-6 Ten most Table 5-7 Numbers of common passwords. possible passwords. Rank Password Password Number of Average attempts to length possible Break Password 1 123456 Passwords 2 123456789 3 qwerty 2 9025 4513 4 password 3 857,375 428,688 5 1111111 6 12345678 4 81,450,625 40,725,313 7 abc123 8 password1 5 7,737,809,375 3,868,904,688 9 1234567 6 735,091,890,625 367,545,945,313 10 12345 Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 35 Information Privacy (4 of 11) Use a password manager, which is a program that helps you create and store multiple strong passwords in a single user vault file that is protected by one strong master password. Password managers use two-step verification and advanced encryption techniques to ensure information is stored securely. Some organizations use passphrases to authenticate users. A PIN (personal identification number), sometimes called a pass code, is a numeric password. PINs provide an additional level of security. A possessed object is any item that you must possess, or carry with you, to gain access to a computer or computer facility. For example, badges, cards, smart cards, and keys. The card you use in an ATM (automated teller machine) is a possessed object that allows access to your bank account. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 36 Information Privacy (5 of 11) Biometrics Biometric security uses the unique characteristics of your face, hands, or eyes to authenticate you. Some of the different types of biometrics include: ✔ Retina ✔ Fingerprint ✔ Voice ✔ Face ✔ Iris ✔ Hand Figure 5-10 Facial ✔ Signature recognition. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 37 Information Privacy (6 of 11) Two-Factor Authentication is multiple types of authentication. The most common authentication elements that are combined are passwords and codes sent to a cell phone using a text message. Its short form is 2FA. It makes authentication stronger. Figure 5-12 Two-factor authentication. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 38 Information Privacy (7 of 11) CAPTCHAs CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” A CAPTCHA is a program developed at Carnegie Mellon University that displays an image containing a series of distorted characters to identify and enter to verify that user input is from humans. Figure 5-13 CAPTCHAs verify human usage. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 39 Information Privacy (8 of 11) Encryption Encryption is the process of scrambling information in such a way that it cannot be read unless the user possesses the key to unlock it so that it is returned to a readable format (decryption). A digital signature is an electronic, encrypted, and secure stamp of authentication on a document issued by a CA organization. Browser Security Although all browsers are different, each can be configured for stronger security through different settings. Some of the important security settings include: ✔ Cookies, scripting, plug-ins, pop-ups, and clear browsing data Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 40 Information Privacy (9 of 11) Protect your Personal and Financial Information Your personal information includes not only your identity but your financial information. Attackers can impersonate you, either to cause distress or for their financial gain. You can, and should, take several steps to prevent your information from being stolen and falling into the hands of attackers. Actions to Protect Your Personal and Financial Information The United States has laws in place to help users monitor and protect their financial information that is stored by a credit reporting agency. You can request one free credit report annually to review your credit history and determine if an attacker has secretly taken out a credit card or even a loan in your name. You can also have a credit freeze (as well as a thaw) put on your credit information so that it cannot be accessed without your explicit permission. These are also free. It is a good idea to monitor your credit information regularly. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 41 Information Privacy (10 of 11) Protecting Your Online Profile Several general defenses can be used for any social networking site. First and foremost, you should be cautious about what information you post. Second, you should be cautious regarding who can view your information. Finally, you should pay close attention to information about new or updated security settings. Privacy Laws Information collected and stored about individuals should be limited. Once collected, provisions should be made to protect the data. Personal information should be released outside the organization collecting the data only when the person has agreed to its disclosure. The individual should know that the data is being collected and have the opportunity to determine the accuracy of the data. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 42 Information Privacy (11 of 11) Table 5-8 Some U.S. privacy laws. Law Purpose Children’s Internet Protection Act Protects minors from inappropriate content when accessing the Internet in schools and libraries Children’s Online Privacy Protection Act (COPPA) Requires websites to protect personal information of children under 13 years of age Digital Millennium Copyright Act (DMCA) Makes it illegal to circumvent antipiracy schemes in commercial software; outlaws sale of devices that copy software illegally Freedom of Information Act (FOIA) Enables public access to most government records HIPAA (Health Insurance Portability and Protects individuals against the wrongful disclosure of their health information Accountability Act) PATRIOT (Provide Appropriate Tools Required to Gives law enforcement the right to monitor people’s activities, including web and Intercept and Obstruct Terrorism) email habits Privacy Act Forbids federal agencies from allowing information to be used for a reason other than that for which it was collected Fair and Accurate Credit Transactions Act (FACTA) Provides rules for financial institutions, including lenders and credit reporting agencies, to protect consumers from fraud and identity theft Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 43 Discussion Activity 5-1 Biometric devices are gaining in popularity. Discuss the advantages and disadvantages of using biometrics over passwords/PINs. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 44 How To: Establish Policies to Ensure Safety (1 of 7) Companies establish guidelines for use, occasionally limit access, and possibly oversee employees’ activities for unacceptable actions. A code of conduct is a written guideline that helps determine whether a specification is ethical, unethical or allowed or not allowed. An IT code of conduct focuses on the acceptable use of technology. Figure 5-14 Sample IT code of conduct. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 45 How To: Establish Policies to Ensure Safety (2 of 7) Content filtering is the process of restricting access to certain materials. Many businesses use content filtering to limit employees’ web access. Web filtering software are programs that restrict access to specified websites. Some also filter websites that use specific words. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 46 How To: Establish Policies to Ensure Safety (3 of 7) Employee Monitoring Employee monitoring involves the use of computers, mobile devices, or cameras to observe, record, and review an employee’s use of technology, including communications such as email messages, keyboard activity (used to measure productivity), and websites visited. Many programs exist that easily allow employers to monitor employees. If a company does not have a formal email policy, it can read email messages without employee notification. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 47 How To: Establish Policies to Ensure Safety (4 of 7) Disaster Recovery A disaster recovery plan is a written plan that describes the steps an organization would take to restore its computer operations in the event of a disaster. Each company and each department within an organization usually has its own. It typically contains four components: Emergency plan, Back up plan, Recovery plan, and Test plan Emergency Plan An emergency plan specifies the steps and is organized by type of disaster and includes: Names and phone numbers of people and organizations to notify Computer equipment procedures and employee evacuation procedures Return procedures (who can enter the facility and what actions they are to perform) Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 48 How To: Establish Policies to Ensure Safety (5 of 7) Backup Plan The backup plan specifies how to use backup files and equipment to resume computer operations, and includes: The location of backup data, supplies, and equipment Who is responsible for gathering backup resources and transporting them to an alternate computer facility The methods by which data will be restored from cloud storage A schedule indicating the order and approximate time each application should be up and running Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 49 How To: Establish Policies to Ensure Safety (6 of 7) Recovery Plan: The recovery plan specifies the actions to restore full computer operations such as replacing hardware or software. Test Plan: The test plan includes simulating various levels of disasters and recording the ability to recover. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 50 How To: Establish Policies to Ensure Safety (7 of 7) Table 5-9 Considerations for disaster recovery. Disaster Type What to Do First What Might Occur What to Include in the Plan Natural Shut off power Power outage Generator (earthquake, Evacuate, if necessary Phone lines down Satellite phone, list of employee hurricane, tornado, Pay attention to advisories Structural damage to building phone numbers etc.) Do not use phone lines if Road closings, transportation Alternate worksite lightning occurs interruptions Action to be taken if employees are Flooding not able to come to work/leave the Equipment damage office Wet/dry vacuums Make and model numbers and vendor information to get replacements Man-made Notify authorities (fire Data loss Back up data at protected site (hazardous departments, etc.) of Dangerous conditions for Protective equipment and an material spill, immediate threat employees evacuation plan terrorist Attempt to suppress fire Criminal activity, such as data Contact law enforcement attacks, fire, or contain spill, if safe to do hacking and identity theft Make and model numbers and vendor hackers, so Equipment damage information to obtain replacements malware, etc.) Evacuate, if necessary Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 51 Ethics and Issues: Inclusivity and Digital Access (1 of 2) Digital Inclusion Digital inclusion is the movement to ensure that all users, regardless of economic or geographic constraints, have access to the devices, data, and infrastructure required to receive high-speed, accurate, reliable information. The goal of digital inclusion is to ensure that everyone has access to all the online resources, including education, participation in the local and national government, employment listings and interviews, and health care access. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 52 Ethics and Issues: Inclusivity and Digital Access (2 of 2) Some barriers to digital inclusion include: Geographic areas that lack the infrastructure necessary to provide reliable Internet access Government restrictions or censorship Affordable devices or connections Lack of education Lack of understanding of the value of technology Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 53 Case Study Activity 5-1 (1 of 2) Ms. Hania is a math teacher and uses her laptop only once a month for making assignments. One day, after starting her laptop and signing in to the operating system, a message was displayed stating that her virus protections are out of date and need to be updated. She is worried she got a virus. Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 54 Case Study Activity 5-1 (2 of 2) After reading the case study on the previous slide, answer the following question: What should Ms. Hania’s next step be? a. Sign out and shut down the laptop b. Visit a laptop repair center c. Uninstall the firewall d. Reinstall the protection software Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 55 Case Study Activity 5-1: Answer What should Ms. Hania’s next step be? Answer: d Reinstall the protection software Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 56 Self-Assessment 1. Which biometric security practices have you incorporated to ensure your information remains secure? 2. Have you or anyone you know experienced ‘hacking’ of personal accounts? If yes, what type of information was hacked and how was it resolved? 3. Take a few minutes and reflect on what you learned in this module. What topics would you like to learn more about? Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 57 Summary Click the link to review the objectives for this module. Link to Objectives Jennifer T. Campbell, Discovering Computers: Digital Technology, Data, and Devices, 17th Edition. © 2023 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 58