Lesson 15
intended to discourage individuals from intentionally violating information security policies or procedures
deterrent controls
what two forms of computer security firewall are available
hardware and software
what characteristics of children present additional computer security risks
innocence curiosity desire for independence and fear of punishment
what is a computer security firewall
irewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through
what are seven things you can do to help safeguard children when they are online
- Be involved - Keep your computer in an open area - Set rules and warn about dangers - Monitor computer activity - Keep lines of communication open - Consider partitioning your computer into separate accounts - Consider implementing parental controls
5 real world warnings
- Don't trust candy from strangers - If it sounds too good to be true, it probably is - Don't advertise that you aren't away from home - Lock up you valuables - Have a backup plan
7 tactics when choosing a password
- Don't use passwords that are based on personal info that can be easily accessed or guessed - Don't use words that can be found in any dictionary of any language - Develop a mnemonic for remembering complex passwords - Use both lower and uppercase letters - Use combination of letters, numbers, and special characters - Use passphrases when you can - Use different passwords on different systems
11 ways to safeguard data
- Use and maintain anti-virus software and a firewall - Regularly scan your computer for spyware - Keep software up to date - Evaluate your software's settings - Avoid unused software programs - Consider creating separate user accounts - Establish guidelines for computer use - Use passwords and encrypt sensitive files - Follow corporate policies for handling and storing work-related info - Dispose of sensitive info immediately - Follow good security habits
what does anti-virus software do
Although details may vary between packages, anti-virus software scans files or your computer's memory for certain patterns that may indicate an infection. The patterns it looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that you have the latest definitions installed on your computer
what happens if anti-virsus software finds a virus
Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting you that it has found a virus and asking whether you want it to "clean" the file (to remove the virus). In other cases, the software may attempt to remove the virus without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.
myth: attackers only target people with money
Myth: Attackers only target people with money. Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage
myth: anti-virus software and firewalls are 100% effective
Truth: Anti-virus software and firewalls are important elements to protecting your information (see Understanding Anti-Virus Software and Understanding Firewalls for more information). However, neither of these elements are guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.
myth: when computers slow down it means that they are old and should be replaced
Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, it may be compromised by malware or spyware, or you may be experiencing a denial-of-service attack
Myth: once software is installed on your computer you do not have to worry about it
Truth: Vendors may release updated versions of software to address problems or fix vulnerabilities (see Understanding Patches for more information). You should install the updates as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important.
Myth: there is nothing important on your machine so you do not need to protect it
Truth: Your opinion about what is important may differ from an attacker's opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people
if you use separate anti-spyware programs which should you should install first
anti-virus
the protection of data in a system against unauthorized disclosure modification or destruction and protection of the computer system itself against unauthorized use modification or denial or service
computer security
either remedy the circumstances that allowed the unauthorized activity or return conditions to what they were before the violation
corrective controls
attempt to identify unwanted events after they have occurred
detective controls
what two types of scanning procedures are available with anti-virus software
manual and automatic
two types of access people might have to your computer
physical and remote
3 categories of controls
physical, technical, administrative
attempt to avoid the occurrence of unwanted events
preventive controls
restore lost computing resources or capabilities and help the organization recover monetary losses caused by a security violation
recovery controls
the freedom from danger or the condition of safety
security