SLG 3.1 - Social and Ethical Issues in Computing (ICT) - Cybersecurity.pdf
Document Details
Uploaded by UnequivocalVoice
Tags
Full Transcript
COMPUTER SCIENCE I ONLINE LEARNING MODULE Subject Code CS 1 Computer Science 1 Module Code 3.0 Social and Ethical Issues in Computing (ICT) Lesson Code 3.1 Cybersecurity Time Frame 60 minutes Components...
COMPUTER SCIENCE I ONLINE LEARNING MODULE Subject Code CS 1 Computer Science 1 Module Code 3.0 Social and Ethical Issues in Computing (ICT) Lesson Code 3.1 Cybersecurity Time Frame 60 minutes Components Tasks TA ATA (min) (min)b a Target By the end of this learning guide module, the students should be able to: 1 1. understand cybersecurity and identify cybersecurity threats, 2. determine how to manage cybersecurity risks, 3. know the Philippine Laws that cover cybersecurity Hook 9 In the previous lessons, we discussed the impact of Information and Communication Technology (ICT) at home, school and work. ICT plays a huge role in modern society. However, ICT is vulnerable to different kinds of threats. Due to these threats, it is important to follow effective cybersecurity measures. Watch the video on Cybersecurity to learn about them. Click on the given link. Cybersecurity 101 - https://www.youtube.com/watch?v=sdpxddDzXfE Answer the following questions for discussion: 1. Why is the internet developed? 2. What are possible threats when using the Internet? 3. How can these threats be eliminated? Ignite 30 Cybersecurity consists of technologies, processes, and practices that are created to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cybersecurity may also be referred to as information technology security. There are ten common types of cyber threats: 1. Malware. These are software that execute malicious tasks on a device or network. Examples of these malicious tasks include corrupting data or taking over a system. CS 1 | Page 1 of 8 2. Phishing. Phishing is one of the most popular techniques used for stealing passwords and sensitive information like credit cards, banking username & passwords etc. This type of online fraud often uses email that appears to be from a legitimate company asking you to provide sensitive information. 3. Spear Phishing. A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts. 4. “Man in the Middle” (MitM) attack. It is a general term for when an attacker positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. Dobran 5. Trojans. Is a type of malware that conceals its true content to fool a user into thinking it's a harmless file but then lets out the malicious program once inside the host system. 6. Ransomware. It is a type of malicious software designed to block access to a computer system until a sum of money is paid. 7. Denial of Service attack or Distributed Denial of Service Attack (DDoS). Where an attacker takes over many devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand. CS 1 | Page 2 of 8 Thompson 8. Attacks on IoT Devices. IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors. 9. Data Breaches. A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack) and espionage. 10. Malware on Mobile Apps. Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts and more. Cyber threats are hard to eliminate. They often evolve and there are millions being created every year. They are also becoming more and more powerful. There is a new generation of “zero-day” threats that are able to surprise defenses because they carry no detectable digital signatures. Another emerging menace is called “Advanced Persistent Threats” (APTs). APTs are hackers who burrow into networks and maintain a connection that can’t be stopped simply by software updates or rebooting a computer. Cyber threats come from a variety of places, people and contexts. The CS 1 | Page 3 of 8 following are some reasons why cyber threats exist: 1. Individuals that create attack vectors using their own software tools 2. Criminal organizations that are run like corporations, with large numbers of employees developing attack vectors and executing attacks 3. Nation states 4. Terrorists 5. Industrial spies 6. Organized crime groups 7. Unhappy insiders 8. Hackers 9. Business competitors Best Practices for Cybersecurity 1. Enable best firewall protection. A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. 2. Update your security software. Security software is any type of software that secures and protects a computer, network or any computing-enabled device. Examples of security software include the following: a. Computer Antivirus b. Anti-Spyware Software c. Network Security d. Firewalls e. Password Managers f. Encryption Software g. Log Management Software h. Bot Mitigation i. Monitoring Tool j. Intrusion Prevention Software 3. Enforce strong and safe password. A strong password is at least 8 characters. It includes Numbers, Symbols, Capital Letters, and Lower-Case Letters. Use a mix of different types of characters to make the password harder to crack. Stay away from obvious dictionary words and combinations of dictionary words. 4. Use multi-factor authentication. CS 1 | Page 4 of 8 Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location. 5. Regular Data Backup. 6. Raise awareness. 7. Monitor Third-party controls. 8. Ignore pop-ups, links and unnecessary messages. 9. Monitor the privileged users 10. Prepare the cybersecurity policies Philippine Cybersecurity Law and Policies The Philippines has set laws and policies to ensure cyber security. 1. Republic Act 7925 (Public Telecommunications Policy Act of the Philippines) This is an act to promote and govern the development of Philippine Telecommunications and the delivery of public telecommunications services 2. Republic Act 8792 (E-Commerce Act) An Act Providing For The Recognition And Use of Electronic Commercial And Non-Commercial Transactions, Penalties For Unlawful Use Thereof, And Other Purposes, also known as the "Electronic Commerce Act. 3. Republic Act 9775 (Anti-Child Pornography Act of 2009) An act defining the crime of child pornography, prescribing penalties therefor, and for other purposes 4. Republic Act 9995 (Anti-Photo and Video Voyeurism Act of 2009) An act defining and penalizing the crime of photo and video voyeurism, prescribing penalties therefore, and for other purposes. 5. Republic Act 10173 (Data Privacy Act of 2012) CS 1 | Page 5 of 8 An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes 6. Republic Act 10175 (Cybercrime Prevention Act of 2012) It is an act defining cybercrime, providing for the prevention, investigation, suppression and the imposition of penalties therefor and for other purposes Navigate 10 Answer the following questions: 1. What is cybersecurity? 2. Why is it important to understand cybersecurity? 3. Enumerate and describe five (5) cybersecurity threats 4. What practices can you apply when using the Internet as a student? Give five (5) and state why you think they are good practices. 5. What does the following Philippine Cybersecurity law cover? a) Republic Act 7925 (Public Telecommunications Policy Act of the Philippines) b) Republic Act 8792 (E-Commerce Act) c) Republic Act 9775 (Anti-Child Pornography Act of 2009) d) Republic Act 9995 (Anti-Photo and Video Voyeurism Act of 2009) e) Republic Act 10173 (Data Privacy Act of 2012) f) Republic Act 10175 (Cybercrime Prevention Act of 2012) Knot In summary, 10 ✔ Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber-threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems ✔ Examples of cybersecurity threats are: Malware, Phishing, Spear Phishing, “Man in the Middle” (MitM) attack, Trojans, Ransomware, Denial of Service attack or Distributed Denial of Service Attack (DDoS), Attacks on IoT Devices, Data Breaches, and Malware on Mobile Apps ✔ There are many reasons behind cybersecurity threats. These include: Individuals that create attack vectors using their own software tools, criminal organizations that are run like corporations, with large numbers of employees developing CS 1 | Page 6 of 8 attack vectors and executing attacks, Nation states, Terrorists, Industrial spies, Organized crime groups, Unhappy insiders 1. Hackers 2. Business competitors ✔ In order to reduce threats in cybersecurity, the following must be practiced: Enable best firewall protection, update your security software, enforce strong and safe password, use multi- factor authentication, regular data backup, raise awareness, monitor Third-party controls, ignore pop-ups, links and unnecessary messages, monitor the privileged users, and prepare the cybersecurity policies ✔ The Philippines has the following cybersecurity laws. They are: Republic Act 7925 (Public Telecommunications Policy Act of the Philippines), Republic Act 8792 (E-Commerce Act), Republic Act 9775 (Anti-Child Pornography Act of 2009), Republic Act 9995 (Anti-Photo and Video Voyeurism Act of 2009), Republic Act 10173 (Data Privacy Act of 2012), and Republic Act 10175 (Cybercrime Prevention Act of 2012) Short Answer: Cite one (1) actual Cybersecurity breach which happened in the Philippines and discuss whether you agree or disagree on how it was resolved. ✔ Discuss in a maximum of 500 words. ✔ Make sure to mention the date when the breach happened and the organization involved a TA – time allocation suggested by the teacher b ATA- actual time allocation spent by the student (for information purposes only) References: using APA format (7th edition) 1. NOVA. (2020, May 29). Cybersecurity 101. PBS LearningMedia. https://www.pbslearningmedia.org/resource/nvcy-sci-cyber101/cybersecurity-101/. 2. What is Cyber Security? Definition, Best Practices & More. Digital Guardian. (2020, June 10). https://digitalguardian.com/blog/what-cyber-security. 3. Thompson, A. (2019, October 14). What Is a DDoS Attack? (Hint: It Involves Zombies & Traffic Jams). Hashed Out by The SSL Store™. https://www.thesslstore.com/blog/what-is-a-ddos- attack/. 4. Dobran, B. (2020, July 24). The Ultimate Guide to Man in the Middle Attacks: Prevention is Key. PhoenixNAP Global IT Services. https://phoenixnap.com/blog/man-in-the-middle-attacks- prevention. 5. What Are Cyber Threats and What to Do About Them. The Missing Report. (2020, April 24). https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about- them/. CS 1 | Page 7 of 8 6. Technologies, M. (2017, November 26). Top 10 Cyber Security Best Practices 2020. Mindmajix. https://mindmajix.com/top-10-cybersecurity-best-practices. 7. Toral, J., Author Janette Toral Janette Toral is an E-Commerce Advocate. Digital Influencer., & *, N. (2013, March 25). Salient features of Data Privacy Act of 2012 - Republic Act 10173 - DigitalFilipino: E-Commerce in the Philippines. DigitalFilipino. https://digitalfilipino.com/salient-features-of-data-privacy-act-of-2012-republic-act-10173/. 8. Albarico, J.M. (2013). THINK Framework. Based on Ramos, E.G. and N. Apolinario. (n.d.) Science LINKS. Quezon City: Rex Bookstore Inc 9. THINK icons and blue car images by Clker-Free-Vector-Images from Pixabay Prepared by: Reviewed by: Michelle C. Cuestas Graceson Cuyasen SST III SST III PSHS-SMC PSHS- CARC CS 1 | Page 8 of 8