Digital security,

ethics and privacy

Lesson 4
 Objectives Overview

Describe various types

Define the term, digital Discuss techniques to
of Internet and network
security risks, and prevent unauthorized
attacks, and explain
briefly describe the computer access and
ways to safeguard
types of cybercriminals use
against these attacks

Explain the ways that

Discuss how encryption,
software manufacturers
digital signatures, and
protect against
digital certificates work
software piracy

2
 Objectives Overview

Identify risks and

Identify safeguards
Explain the options safeguards associated
against hardware theft,
available for backing up with wireless
vandalism, and failure
communications

Recognize issues related

to information accuracy, Discuss issues
intellectual property surrounding information
rights, codes of conduct, privacy
and green computing

3
 Digital Security Risks
►A digital security risk is any event or action that
could cause a loss of or damage to a computer or
mobile device hardware, software, data,
information, or processing capability
► Anyillegal act involving the use of a computer or
related devices generally is referred to as a
computer crime
►A cybercrime is an online or Internet-based illegal
act

4
Digital Security Risks

5
Digital Security Risks

Hacker Cracker Script kiddie

Unethical
Corporate spies Cyberextortionist
employees

Cyberterrorist

6
 Internet and Network Attacks
► Information transmitted
over networks has a
higher degree of security
risk than information
kept on an organization’s
premises
► Malware, short for
malicious software,
consists of programs that
act without a user’s
knowledge and
deliberately alter the
operations of computers
and mobile devices

7
Internet and Network Attacks

8
 Internet and Network Attacks
► A botnet is a group of compromised computers or mobile
devices connected to a network
► A compromised computer or device is known as a zombie
► A denial of service attack (DoS attack) disrupts computer
access to an Internet service
► Distributed DoS attack (DDoS attack)
► A back door is a program or set of instructions in a program
that allow users to bypass security controls
► Spoofing is a technique intruders use to make their network
or Internet transmission appear legitimate

9
 Internet and Network Attacks
► A firewall is hardware and/or software that protects a network’s resources from
intrusion

10
 Unauthorized Access and Use

Unauthorized use is
Unauthorized access is
the use of a computer
the use of a computer
or its data for
or network without
unapproved or possibly
permission
illegal activities

11
Unauthorized Access and Use
► Organizationstake
several measures to
help prevent
unauthorized access
and use
► Acceptable use policy
► Disable file and
printer sharing

12
 Unauthorized Access and Use
► Access controls define who can access a computer, device, or network; when
they can access it; and what actions they can take while accessing it
► The computer, device, or network should maintain an audit trail that records in
a file both successful and unsuccessful access attempts
► User name
► Password

13
 Unauthorized Access and Use
► A passphrase is a private combination of words, often
containing mixed capitalization and punctuation, associated
with a user name that allows access to certain computer
resources
► A PIN (personal identification number), sometimes called a
passcode, is a numeric password, either assigned by a
company or selected by a user
► A possessed object is any item that you must possess, or
carry with you, in order to gain access to a computer or
computer facility
► A biometric device authenticates a person’s identity by
translating a personal characteristic into a digital code that
is compared with a digital code in a computer or mobile 14
Unauthorized Access and Use

Face
Fingerprint
recognition
reader
system

Hand Voice
geometry verification
system system

Signature Iris
verification recognition
system system
15
 Unauthorized Access and Use
► Two-step verification uses two separate methods, one after the next, to verify
the identity of a user

16
 Unauthorized Access and Use
► Digital forensics is the discovery, collection, and analysis of evidence found on
computers and networks
► Many areas use digital forensics

Law Criminal Military

enforcement prosecutors intelligence

Information
Insurance
security
agencies
departments
17
 Software Theft
► Software theft occurs when someone:

Steals software Intentionally

media erases programs

Illegally
registers and/or Illegally copies
activates a a program
program
18
 Software Theft
► Many manufacturers incorporate an activation process into their programs to
ensure the software is not installed on more computers than legally licensed
► During the product activation, which is conducted either online or by phone,
users provide the software product’s identification number to associate the
software with the computer or mobile device on which the software is installed

19
 Software Theft
►A license agreement is the right to use software

20
 Information Theft
► Information theft occurs when someone steals personal or confidential
information
► Encryption is a process of converting data that is readable by humans into
encoded characters to prevent unauthorized access

21
Information Theft

22
 Information Theft
► A digital signature is an encrypted code that a person, website, or organization
attaches to an electronic message to verify the identity of the message sender
► Often used to ensure that an impostor is not participating in an Internet transaction
► A digital certificate is a notice that guarantees a user or a website is legitimate
► A website that uses encryption techniques to secure its data is known as a
secure site

23
Information Theft

24
 Hardware Theft, Vandalism,
and Failure

Hardware vandalism
Hardware theft is is the act of
the act of stealing defacing or
digital equipment destroying digital
equipment

25
Hardware Theft, Vandalism,
and Failure

26
 Backing Up – The Ultimate
►
Safeguard
A backup is a duplicate of a file, program, or media that can be used if the
original is lost, damaged, or destroyed
► To back up a file means to make a copy of it
► Off-site backups are stored in a location separate from the computer or mobile
device site

Cloud
Storage

27
Backing Up – The Ultimate
Safeguard
► Categories of ► Three-generation
backups: backup policy
► Full
Grandparent
► Differential

► Incremental

► Selective Parent
► Continuous data
protection
► Cloud Child

28
Backing Up – The Ultimate
Safeguard

29
Wireless Security
► Wireless access poses
additional security risks
► Some perpetrators
connect to other’s
wireless networks to gain
free Internet access or
confidential data
► Others connect to a
network through an
unsecured wireless
access point (WAP) or
combination router/WAP

30
Ethics and Society
► Technology ethics are
the moral guidelines
that govern the use of
computers, mobile
devices, information
systems, and related
technologies
► Information accuracy is
a concern
► Notall information on
the Internet is correct

31
 Ethics and Society
► Intellectual property refers to unique and original works such as ideas,
inventions, art, writings, processes, company and product names, and logos
► Intellectual property rights are the rights to which creators are entitled to their
work
► A copyright protects any tangible form of expression
► Digital rights management (DRM) is a strategy designed to prevent illegal
distribution of movies, music, and other digital content

32
 Ethics and Society
► A code of conduct is a written guideline that helps determine whether a
specification is ethical/unethical or allowed/not allowed

33
 Ethics and Society
► Green computing involves reducing the electricity and environmental waste
while using computers, mobile devices, and related technologies

34
 Information Privacy
► Information privacy refers to the right of individuals and companies to deny or
restrict the collection, use, and dissemination of information about them
► Huge databases store data online
► Websites often collect data about you, so that they can customize
advertisements and send you personalized email messages
► Some employers monitor your computer usage and email messages

35
Information Privacy

36
Information Privacy
► Information about
you can be stored in
a database when you:
► Fillout a printed or
online form
► Create a profile on an
online social network
► Registera product
warranty

37
 Information Privacy
►A cookie is a small text file that a web server
stores on your computer
► Websites use cookies for a variety of reasons:
Store user Assist with
Allow for
names and/or online
personalization
passwords shopping

Track how
Target
often users
advertisements
visit a site
38
Information Privacy

39
 Information Privacy
► Phishing is a scam in which a perpetrator sends an official looking email
message that attempts to obtain your personal and/or financial information
► With clickjacking, an object that can be tapped or clicked on a website contains
a malicious program

40
 Information Privacy
► Spyware is a program placed on a computer or mobile device without the user’s
knowledge that secretly collects information about the user and then
communicates the information it collects to some outside source while the user
is online
► Adware is a program that displays an online advertisement in a banner or pop-
up window on webpages, email messages, or other Internet services

41
 Information Privacy
► Social engineering is defined as gaining unauthorized access to or obtaining
confidential information by taking advantage of the trusting human nature of
some victims and the naivety of others

42
 Information Privacy
► The concern about privacy has led to the enactment of federal and state laws
regarding the storage and disclosure of personal data
► See Table 5-3 on page 246 for a listing of major U.S. government laws concerning
privacy

43
 Information Privacy

Employee monitoring involves the use of computers,

mobile devices, or cameras to observe, record, and review
an employee’s use of a technology, including
communications such as email messages, keyboard activity
(used to measure productivity), and websites visited

Many programs exist that easily allow employers to

monitor employees. Further, it is legal for employers to
use these programs

44
Information Privacy
► Content filtering is
the process of
restricting access to
certain material
► Many businesses use
content filtering
► Web filtering
software restricts
access to specified
websites
45
 Summary

Risks and safeguards

associated with Internet and
network attacks, unauthorized
Variety of digital security risks Cybercrime and cybercriminals access and use, software
theft, information theft, and
hardware theft, vandalism,
and failure

Ethical issues in society and

Various backup strategies and
various ways to protect the
methods of securing wireless
privacy of personal
communications
information

46
Chapter 5 Complete