Chapter 5 Digital Security, Ethics, and Privacy
List guidelines to protect your mobile device data.
- Be extra cautious locating and downloading apps. - Use a PIN. - Turn off GPS tracking. - Use mobile security software. - Avoid clicking unsafe links.
List measures users can take to contribute to green computing.
- Consolidate servers by using virtualization. - Purchase high efficiency equipment. - Use sleep modes and other power management features for computers and devices. - Buy computers and devices with low power consumption processors and power supplies. - When possible, use outside air to cool the data center or computer facility.
Describe the purpose of a CAPTCHA.
A CAPTCHA is effective in blocking computer generated attempts to access a website because it is difficult to write programs for computers to detect distorted characters while humans generally can recognize them.
Describe what a company might track when monitoring employees.
A company might track an employee's use of a technology, including communications such as email message, keyboard activity, etc.
What is the purpose of a lock screen?
A lock screen is a screen that restricts access to a computer or mobile device until a user performs a cetain action.
Describe the functions of an encryption algorithm and an encryption key. Differentiate between private and public key encryption.
An encryption algorithm is a set of steps that can covert readable plaintext into unreadable ciphertext. A simple encryption algorithm might switch the order of characters or replace characters with other characters. An encryption key is a set of characters that the originator or the data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext. With private key encryption, also called symmetric key encryption, both the orginator and the recipient use the same secret key to encrypt and decrypt the data. Public key encryption software generates both the private key and the public key. A message encrypted with a public key can be decrypted only with the corresponding private keys and vice versa. The public key is made known to message originators and recipients.
Define the terms, backup and restore.
Backup - Is a duplicate of a file, program, or media that can be used if the original is lost, damaged, or destroyed. Restore - You restore the files by copying the backed up files to their original location on the computer or mobile device.
Identify the components of a disaster recovery plan.
Emergency Plan Backup Plan Recovery Plan Test Plan
Identify methods to protect yourself from social engineering scams.
If you suspect someone is trying to make you the victim of a social engineering attack, stop communication with the person. If you suspect a phone caller is a hacker, hang up. If you see signs that an online chat message appears to be from an impersonator, terminate the connection. Finally, if you receive an email from a sender you do not know and trust, delete it.
Identify risks and safety measures when gaming.
In addition, messages on online social networks may encourage gamers to visit fradulent websites filled with malware. If the game requires a connection to the internet, then any computer connected to the game's server is subject to security cyberthreats.
Describe issues surrounding inaccurate data.
Inaccurate data creation can be the result of mistakes, can result from flawed data entry processes, can be deliberate, or can be the result of system errors.
Define and identify issues surrounding content and web filtering.
Many Internet security programs include a firewall, antivirus program, and filtering capabilities combined. Browsers also often include content filtering capabilities.
Explain how companies, websites, and employers might infringe on your right to information privacy.
Organizations often use huge databases to store records, such as employee records, medical records, financial records, and more. Much of the data is personal and confidential and should be accessible only to authorized users. Many individuals and organizations, however, question whether this data really is private.
What is a single sign on account? PIN stands for __
Personal Identification Number
Unencrypted data is called __. Encrypted data is called __.
Plaintext/Cypher
Explain the process of product activation.
Product activation, conducted either online or by phone, is when users provide the software product's identification number to associate the software with the computer or mobile device on which the software is installed.
Define the terms, software theft, keygen, and software piracy. Identify methods to prevent software theft.
Software Theft - Occurs when someone steals software media, intentionally erases programs, illegally registers and/or activates a program, or illegally copies a program. Keygen - Short for key generator, creates software registration numbers and sometime activation codes. Software Piracy - Is the unauthorized and illegal duplication of copyrighted software. To protect software meida from being stolen, owners should keep original software boxes and media or the online confirmation of purchased software in a secure location, out of sight of prying eyes. All computer users should back up their files and drives regularly in the event of theft. When some companies terminate a software developer or if the software developer quits, they escort the employee of the premises immediately.
Define the term, spoofing.
Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.
List concerns and responsibilities regarding cloud data storage and privacy.
The Cloud Security Alliance (CSA) warns of hackers who register for the service with a credit card or for a free trial period and then unleash malware in an attempt to gain access to passwords. Because the registration and validation procedure for accessing the cloud is relatively anonymous, authorities can have difficulty locating the abusers.
Give examples of unauthorized access and use of a computer or network.
Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities. Ex. an employee using an organization's computer to send personal email messages.
List ways to protect against Internet and network attacks.
Use antivirus software. Be suspicious of unsolicited email attachments. Scan removable media for malware before using it. Implement firewall solutions. Back up regularly.
Differentiate among user names, passwords, passphrases, and pass codes.
Username - Identification of who you are; unique characters/number Password - Private combination of letters alphabet/numbers Passphrases - Private combination of words, often containing mixec capitalization and punctuation. Passcode - A numeric password containing numbers.
List examples of privacy laws. Should you be able to remove personal information from the internet? Why or why not?
- Protects minors from inappropriate content when accessing the internet in schools and libraries. - Requires websites to protect personal information of children under 13 years of age. - Outlaws transmission of harmful computer code, such as viruses. - Makes it illegal to circumvent antipiracy schemes in commercial software; outlaws sale of devices that copy software illegally. You cannot remove personal information from the internet, because it shows the chances that your info might be leaked.
Describe technology ethics, information accuracy, intellectual property rights, copyrights, and codes of conduct.
- Technology ethics are the moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies. - Intellectual Property rights are the righs to which creators are entitled for their work. - A copyright gives authors, artists, and other creators of original work exclusive rights to duplicate, and sell their materials. - A code of conduct is a written guideline thay helps determine whether a specification is ethical/unethical or allowed/not allowed.
How can you protect against phishing and spoofing scams?
- Verify the identity of any person or organization requesting personal or confidential information. - When relaying personal or confidential information, ensure that only authorized people can hear your conversation. - When personal or confidential information appears on a computer or mobile device, ensure that only authorized people can see your screen. - Shred all sensitive or confidential documents.
Describe the damages caused by and possible motivations behind DoS and DDoS attacks.
A denial of service attack (DoS) attack is an assult whose purpose is to disrupt computer access to an internet service, such as the web or email. A more devastating type of DoS attack is the distributed DoS attack (DDoS attack) in which a zombie army is used to attack computers or computer networks.
Define the terms, firewall and proxy server. List steps to set up a personal firewall.
A firewall is a hardware and/or software that protects a network's resources from intrusion by users on another network, such as the internet. All networked and online users should implement a firewall. A proxy server is a server outside the organization's network that controls which communications pass in and out of the organization's network. 1. If your computer's operating system provides a personal firewall, locate its options in your computer's security settings. If you are using a third party firewall that you purchased or downloaded online, you may need to disable the one that is included with the operating system because computers typically can have only one active personal firewall at a time. 2. If you purchase a personal firewall, follow the instructions to install the program on your computer. 3. Run the personal firewall.
List tips for using a password manager safely.
A password manager also called a password organizer is a convenient service that stores all your account information securely. Once you select a service, you download and install the software and create one master password.
Define the terms, possessed objects and biometric devices.
A possessed object is any item that you must possess, or carry with you, in order to gain access to a computer or computer facility. A biometric device authenticates a person's identity by translating a personal characteristic, such as a fingerprint, into a digital code that is compared with a digital code stored in a computer or mobile device verifying a physical or behavorial characteristic.
Explain the two-step verification process.
A two step verification process is where a computer or mobile device use two separate methods one after the next to verify the identity of a user.
Describe the purpose of an online security service.
A web app that evaluates your computer or mobile device to check for internet and email vulnerabilities. The online security servuce then provides recommendations of how to address the vulnerabilities.
Identify what an AUP should specify. Why might you disable file and printing sharing?
AUP should specify the personal activities if any there are allowed on company time. This security measure attempts to ensure that other cannot access your files or your printer.
List common types of malware. A(n) __ is the destructive event or prank malware delivers.
Adware, Ransomware, Rootkit, Spyware, Trojan Horse, Virus, Worm Payload
Describe the following license agreement types: single or end user, network, and site. List conditions provided in a license agreement.
An end-user, or single-user license agreement, typically allows the software to be used only on one computer. A network license allows multiple users to access the software on the server simultaneously. A site license permits the software to be installed on multiple computers. A license agreement specifies the number of computers or devices on which the software can be installed, and network distribution permissions or restrictions. They usually do not permit users to make copies, export, rent, or lease the software.
Explain how an organization uses access controls and audit trails.
An organization uses access controls when they decide what actions they can use while accessing the control. For audit traits it shows an attempt to login with a password but it could be wrong when someone else like a perpetrator tries a bunch of passwords to login in, but eventually fails.
Define these terms: botnet, zombie, and bot.
Botnet - A group of compromised computer or mobile devices connted to a network, such as the internet, that are used to attack other networks, usually for nefarious purposes. Zombie - Whose owner is unaware the computer or device is being controlled remotely by an outsider. Bot - A program that performs a repetitive task on a network.
Define the terms, digital security risk, computer crime, cybercrime, and crimeware.
Digital Security Risk - Any event or action that cloud cause a loss of or damage to computer or mobile device hardware, software, data, information, or processing capability. Computer Crime - Any illegal act involving the use of computer or mobile device. Cybercrime -Distributing malicious software or committing identity theft. Crimeware - Software used by cyber criminals.
Define these: digital signature, digital certificate, and secure site.
Digital Signature - Is an encrypted code that a person, website or organization attached to an electronic message to verify the identity of the message sender. Digital signatures often are used to ensure that an imposter is not participating in an Internet transaction. Digital Certificate - Is a notice that guarantees a suer or a website is legitimate. E-commerce application comonly use digital certificates. Secure Site - A website that uses encryption techniques to secure its data.
Define the term, digital forensics. Name areas in which digital forensics are used.
Digital forensics is where the discovery, collection and close analysis of evidence is found on computers and networks. In areas in which digital forensics are used in law enforcement, criminal prosecutors, militaty intelligence, etc.
Describe how the following techniques are used to collect personal data: electronic profiles, cookies, phishing, clickjacking, spyware, adware, and madware.
Electronic Profiles - When you fill out a printed form, such as a magazine subscription or contest entry, or an online form to sign up for a service, create a profile on an online social network, or register a product warranty, the merchant that receives the form usually stores the information you provide in a database. Many websites allow people to specify whether they want their personal information shared or preferences retained. Cookies - Most websites that allow for personalization use cookies to track users preferences. These cookies may obtain their values when a user fills in an online form requesting personal information. If you do not want personal information distributed, you should limit the amount of information you provide to a website or adjust how your browser handles cookies. Phishing - A perpetrator sends an official looking message that attempts to obtain your personal and/or financial information. Clickjacking - When a user taps or clicks the disguised object, a variety of nefarious events may occur. For example, the user may be redirected to a phony website that requests personal information, or a virus may download to the computer or mobile device. Spyware - Some vendors or employers use spyware to collect information about program usage or employees. Internet advertising firms often collect information about users' web browsing habits. Adware - A program that contains a pop up on your computer or mobile screen that shows advertisement. Asks for your personal information then. Madware - Advertisement affects mobile devices.
Describe how companies use the following recognition, verification, or payment systems: fingerprint, face, hand, voice, signature, and iris. List disadvantages of biometric devices.
Fingerprint - Organizations use fingerprint readers to secure doors, computers and software. With the cost of fingerprint readers often less than $100, some home and small business users install fingerprint readers to authenticate users before they can access a personal computer. Face - A face recognition system captures a live face image and compares it with a stored image to determine if the person is a legitimate user. Some buildings use face recognition systems to secure access to rooms. Hand - A hand geometry system measures the shape and size of a person's hand. Becayse hand geometry systems can be expensive, they are used in larger companies to track workers' time and attendance or as security devices. Voice - A voice verification system compares a person's live speech with their stored voice pattern. Larger organizations sometimes use vouce verification systems as time and attendance devices. Signature - A signature verification system recognizes the shape of your handwritten signature, as well measures the pressure exerted and the motion used to write the signature. Signature verification systems use a specialized pen and tablet. Disadvantages of Biometric Devices: You are nervous, you cut your finger. Doesn't grant you access until problem is resolved.
List six types of backups. Describe the three generation backup policy.
Full backup - Copies all of the files on media in the computer. Differential backup - Copies only the files that have changed since the last full backup. Incremental backup - Copies only the files that have changed since the last full or incremental backup. Selective backup - Users choose which folders and files to include in a backup. Continuous date protection (CDP) - All data is backed up whenever a change is made. Cloud backup - Files are backed up to the cloud as they change. A three-generation backup policy involves maintaining 3 generations of backups, referred to as grandparent, parent, child backups. This three generation backup has also been referred to as the grandfather-father-son backup. The grandparent is the oldest copy of the file.
Differentiate among hackers, crackers, script kiddies, cyberextortionists, and cyberterrorists.
Hackers - Someone who accesses a computer or network illegally. Crackers - Has the intent of destroying data, stealing information, or malicious data. Script Kiddies - Use prewritten hacking and cracking programs to break into computers and networks. Cyberextortionists - Demands payment to stop an attack on an organization's technology infrastructure. Cyberterrorists - Uses the Internet or network to destroy or damage computers for political reasons.
Describe what occurs during hardware theft or vandalism.
Hardware theft is the act of stealing digital equipment. Hardware vandalism involves defacing or destroying digital equipment.
Give examples of information theft. How can you protect yourself from information theft?
Information theft occurs when someone steals personal or confidential information. Both business and home users can fall victim to information theft. An example is shown where an individual first might gain unauthorized access to a computer and then steal credit card numbers stored in a firm's accounting department. To further protect information on the internet and networks, organizations and individuals use a variety of encryption techniques.
Describe security risk associated with wireless access. Identify ways to secure your wireless network.
Some perpetrators connect to other's wireless networks to gain free Internet access; others may try to access and organization's confidential data. To access a wireless network, the individual must be in range of the wireless network. Some intruders intercept and monitor communications as they transmit through the air.
Describe the purpose of a VPN.
When a mobile user connects to a main office using a standard Internet connection, a virtual private network (VPN) provides the mobile user with a secure connection to the company network server, as if the user has a private line.
A(n) __ allows users to bypass security controls when accessing a program, computer, or network.
back door
