Information Systems/Security

From Wikiversity
Jump to navigation Jump to search

This lesson covers security in various forms of technology, such as phones, the internet, and computers.

Objectives and Skills[edit | edit source]

Objectives and skills for the security portion of CLEP Information Systems include:[1]

  • Economic effects (secure transactions, viruses, malware, cost of security)
  • Privacy concerns (individual, business, identity theft)
  • Computer security and controls (system, application, personal computer, disaster recovery)

Readings[edit | edit source]

  1. Wikibooks: Introduction to Computer Information Systems/Security
  2. Wikipedia: Computer security
  3. Wikipedia: Backup
  4. Wikipedia: Data recovery
  5. Wikipedia: Internet safety
  6. Wikipedia: Internet security
  7. Wikipedia: Internet privacy
  8. Wikipedia: Multi-factor authentication
  9. Wikipedia: Password manager
  10. Wikipedia: Mobile Security
  11. Wikipedia: Phishing
  12. Wikipedia: Encryption

Multimedia[edit | edit source]

  1. YouTube: Protecting Your Computer from Malware
  2. YouTube: Malware: Difference Between Computer Viruses, Worms and Trojans
  3. YouTube: Backup and Disaster Recovery Explained
  4. YouTube: How your computer gets hacked in under a minute
  5. YouTube: Computer Security
  6. YouTube: Securing your WIFI network
  7. YouTube: 5 tips for staying safe on the web
  8. YouTube: Protect your Privacy Completely: Web Browsing with TAILS
  9. YouTube: How to create a strong password
  10. YouTube: What is Two-Factor Authentication? (2FA)
  11. YouTube: Common Threats to Information Security
  12. YouTube: HTTPS and SSL tutorial
  13. YouTube: Information Security Management-Learn and Gain
  14. YouTube: Cyber Security – Top 10 Threats
  15. [https://www.youtube.com/watch?v=q2nsUgG0zfQ YouTube: The Best Password Managers, Compared

Activities[edit | edit source]

  1. Research Data Backup and Recovery. Schedule and perform regular data backups.
  2. Learn tips to make stronger passwords. Then research password managers. Consider installing and using a password manager on your system.
  3. Configure password management on your system.
  4. Mac: Review Mac Security. Consider one of these options for best Mac security.
  5. Research multi-factor authentication. Consider setting up multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
  6. Review Protecting Your Computer. Use anti-malware software to scan your system and test malware detection.
    • All: Set anti-malware,anti-virus software and operating system to automatically update.
    • All: Review Wikipedia: Comparison of antivirus software. Download a free, well-known anti-malware application and scan your system.
    • All: Review Wikipedia: EICAR test file. Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
  7. Review Wikipedia: Wardriving. Use a free wireless scanner and scan your environment for wireless networks:
  8. Windows password security testing:
    • Test your Windows environment to extract plain texts passwords, hash, PIN codes, and kerberos tickets from memory through the use of Mimikatz.

Research and Discussion[edit | edit source]

  1. You are browsing the Internet at your favorite restaurant. How can you browse the Internet safely? Identify different threats and potential solutions associated with using unsecured Wi-Fi locations?
  2. Identify various vulnerabilities that can affect you, your personal information. and your computer devices. Research, discuss and share information on how you can protect yourself against identify theft.
  3. Security is an important concern while using email. Identify risks and list best practice solutions on how to safely use email.
  4. Research top security software for common personal computer and mobile platforms. Include both proprietary and open source options. Install and test trial versions of one or more products. Which products would you recommend others use, and why?

Lesson Summary[edit | edit source]

  • Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.[2] This includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.[3] There are security tips you can follow to protect your computer and personal information. Tips, like updating your software, turning on two-factor authentication protection of passwords, back up your files and giving personal information over encrypted websites only, will keep Security threats like backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.[4] at a distance.[5]
  • Network Backups is a system where the named data from a single computer/network of computers is dispatched and sent to a backup server.[6] The primary aim of backups is to recover data after its loss, be it by data deletion or corruption and the minor purpose is to recover data from an earlier time, according to a user-defined data retention policy.[7]
  • Data recovery is a process of retrieving inaccessible data from corrupted or damaged secondary storage, removable media or files, when the data they store cannot be accessed in a normal way.[8] Data recovery framework involves an operating system failure, break down and logical failure of storage devices and accidental damages.[9]
  • A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[10] It responds to unplanned incidents with precautions to minimize the effects of a disaster for an organization to continue with its operations.[11]
  • Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.[12] For your own safety from hackers, you need to keep your personal information professional and limited, keep your privacy settings on and practice safe browsing among other safe rules.[13]
  • Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content.[14]. we need to take precautions whenever we are suspicious of these threats.
  • Malware, short for malicious software, is any software used to cause damage to a computer network, gather sensitive information, or gain access to private computer systems. It includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.[15]. A game plan for protecting against malware is to stop harmful software from gaining access to the target computer.
  • Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.[16] It is concerned with protecting user information. Privacy can entail either Personally-Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.[17]
  • Risks to Internet privacy include activity monitoring, content searches, and social network profiling. [18].You may, however, protect your privacy online by using built-in features of many social networks and browsers and third-party tools.[19]
  • Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).[20]. in other words, it is a system that requires more than one method of authentication from a self-reliant listing of credentials to verify a user's identity for login.
  • A password manager is a software application that helps a user store and organizes passwords.[21]. It assists in initiating and retrieving complex passwords, possibly calculating them on request. Password managers require a user to remember and create one master password to unlock and access any information stored in their databases.

Key Terms[edit | edit source]

authentication
The process of confirming identity.[22]
authorization
The function of specifying access rights to resources.[23]
backdoor
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls.[24]
backup
Copying and archiving of computer data so it may be used to restore the original after a data loss event.[25]
biometrics
Refers to measurements of human characteristics. [26]
BitLocker
A full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and later Windows operating systems.[27]
bot
A software application that runs automated tasks over the Internet. [28]
botnet
A number of Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.[29]
brute-force attack
A cryptanalytic attack that consists of systematically checking all possible keys or passwords until the correct one is found.[30]
computer forensics
A branch of digital forensic science pertaining to the recovery and investigation of material found in computers and digital storage media, often related to computer crime. [31]
computer security
The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.[32]
cyber crime
Any crime that involves a computer and a network.[33]
cryptography
the practice and study of techniques for secure communication in the presence of third parties called adversaries.[34]
denial-of-service attack
An attempt to make a machine or network resource unavailable to its intended users.[35]
device hardening
The process of securing a system by reducing its surface of vulnerability through the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.[36]
dictionary attack
A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities from a list.[37]
disaster recovery plan
A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[38]
dumpster diving
The practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the collector.[39]
eavesdropping
The act of surreptitiously listening to a private conversation, typically between hosts on a network.[40]
encryption
The process of encoding messages or information in such a way that only authorized parties can read it.[41]
ethical hacker
A computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.[42]
filter

On the Internet, a filter is a program to screen and exclude from access or availability Web pages or e-mail that is deemed inappropriate.[43]

firewall
A network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.[44]
hacking
Seek and exploit weaknesses in a computer system or computer network.[45]
HTTPS
A communications protocol for secure communication over a computer network which is widely used on the Internet.[46]
identity theft
The deliberate use of someone else's personal information, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name.[47]
internet security
A catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.[48]
iptables
A Linux kernel software firewall that allows system administrators to configure rules and chains.[49]
keystroke logging
The action of recording the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.[50]
malware
Any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.[51]
multi-factor authentication
A method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories of knowledge, possession, and inherence.[52]
packet sniffer
A computer program that can intercept and log traffic passing over a digital network.[53]
password complexity
The length and character set combinations used to create a password, such as upper case and lower case letters, numbers, and punctuation.[54]
password confidentiality
A set of rules or a promise that limits access or places restrictions on password sharing.[55]
password cracking
The process of recovering passwords from data that have been stored in or transmitted by a computer system, most often through brute-force or dictionary attacks.[56]
password expiration
A policy that requires users to change passwords periodically.[57]
password reuse
A policy that prevents users from repeating recently used passwords.[58]
permissions
Access rights assigned to specific users and groups of users to control the ability of the users to view or make changes to system objects.[59]
penetration test
A targeted and simulated attack on a system to identify potential security vulnerabilities.[60]
phishing
The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.[61]
physical security
Measures designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.[62]
ransomware
A type of malware which restricts access to the computer system that it infects, and demands a fee be paid to the operators of the malware in order for the restriction to be removed.[63]
rootkit
A stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.[64]
security patch
A change applied to an asset to correct the weakness described by a vulnerability.[65]
shoulder surfing
Using direct observation techniques to obtain information such as passwords, PINs, security codes, and similar data.[66]
single sign-on
A property of access control systems that allows a user to log in once and gain access to all interrelated systems without being prompted to log in again.[67]
social engineering
Psychological manipulation of people to cause them to perform actions or divulge confidential information.[68]
spam
Unsolicited electronic messages, especially advertising.[69]
spoofing
Concealing the identity of the sender by impersonating another computing system.[70]
spyware
Software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.[71]
system administrator
A person who is responsible for the upkeep, configuration, and reliable operation of computer systems; especially multi-user computers.[72]
Trojan
A non-self-replicating type of malware program containing malicious code that, when executed typically causes loss or theft of data, and possible system harm.[73]
virus
A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or firmware.[74]
worm
A standalone malware computer program that replicates itself in order to spread to other computers.[75]
WPA / WPA2 (Wi-Fi Protected Access)
Security protocol used secure wireless computer networks.[76]
zombie computer
A computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.[77]

Review Questions[edit | edit source]

Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Computer security is _____.
    Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
  2. Computer security includes _____.
    Computer security includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
  3. Security threats include _____.
    Security threats include backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.
  4. Internet safety is _____.
    Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.
  5. Network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules is called ________.
    Network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules is called Firewall.
  6. Process of encoding messages or information in a way that only authorized parties can read it is called ________.
    Process of encoding messages or information in a way that only authorized parties can read it is called Encryption.
  7. Common threats to personal safety on the Internet include _____.
    Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content.
  8. Malware, short for malicious software, is _____. It includes _____.
    Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
  9. Malware, includes _____.
    Malware includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.
  10. Internet privacy involves _____.
    Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.
  11. Privacy can entail either _____.
    Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.
  12. Risks to Internet privacy include _____. 
    Risks to Internet privacy include activity monitoring, content searches, and social network profiling. 
  13. Multi-factor authentication (MFA) is _____.
    Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).
  14. A password manager is _____.
    A password manager is a software application that helps a user store and organize passwords.
  15. A non-self-replicating type of malware program which typically causes loss or theft of data, and possible system harm is called ______.
    A non-self-replicating type of malware program which typically causes loss or theft of data, and possible system harm is called Trojan.

Assessments[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Type classification: this is a lesson resource.
Completion status: this resource is considered to be complete.
  1. CLEP: Information Systems
  2. Wikipedia: Computer security
  3. Wikipedia: Computer security
  4. Wikipedia: Computer security
  5. https://www.consumer.ftc.gov/articles/0009-computer-security
  6. https://nordic-backup.com/blog/why-network-backup-is-essential-for-your-business/
  7. Wikipedia: Backup
  8. Wikipedia: Data recovery
  9. https://en.wikipedia.org/wiki/Data_recovery
  10. Wikipedia: Disaster recovery plan
  11. https://searchdisasterrecovery.techtarget.com/definition/disaster-recovery-plan
  12. Wikipedia: Internet safety
  13. https://usa.kaspersky.com/resource-center/preemptive-safety/top-10-internet-safety-rules-and-what-not-to-do-online
  14. Wikipedia: Internet safety
  15. Wikipedia: Internet security
  16. Wikipedia: Internet privacy
  17. Wikipedia: Internet privacy
  18. Wikipedia: Internet privacy
  19. https://blog.trendmicro.com/protecting-your-privacy-part-1-the-privacy-risks-of-social-networks-and-online-browsing/
  20. Wikipedia: Multi-factor authentication
  21. Wikipedia: Password manager
  22. Wikipedia: Authentication
  23. Wikipedia: Authorization (computer access control)
  24. Wikipedia: Backdoor (computing)
  25. Wikipedia: Backup
  26. Wikipedia: Biometrics
  27. Wikipedia: BitLocker
  28. Wikipedia: Internet bot
  29. Wikipedia: Botnet
  30. Wikipedia: Brute-force attack
  31. Wikipedia: Computer forensics
  32. Wikipedia: Computer security
  33. Wikipedia: Computer crime
  34. Wikipedia: Cryptography
  35. Wikipedia: Denial-of-service attack
  36. Wikipedia: Hardening (computing)
  37. Wikipedia: Dictionary attack
  38. Wikipedia: Disaster recovery plan
  39. Wikipedia: Garbage picking
  40. Wikipedia: Eavesdropping
  41. Wikipedia: Encryption
  42. Wikipedia: White hat (computer security)
  43. [[1]]
  44. Wikipedia: Firewall (computing)
  45. Wikipedia: Hacker (computer security)
  46. Wikipedia: HTTPS
  47. Wikipedia: Identity theft
  48. Techopedia; Internet Security
  49. Wikipedia: Iptables
  50. Wikipedia: Keystroke logging
  51. Wikipedia: Malware
  52. Wikipedia: Multi-factor authentication
  53. Wikipedia: Packet analyzer
  54. Wikipedia: Password strength
  55. Wikipedia: Confidentiality
  56. Wikipedia: Password cracking
  57. Wikipedia: Password policy
  58. Wikipedia: Password policy
  59. Wikipedia: File system permissions
  60. Wikipedia: Penetration_test
  61. Wikipedia: Phishing
  62. Wikipedia: Physical security
  63. Wikipedia: Ransomware
  64. Wikipedia: Rootkit
  65. Wikipedia: Security patch
  66. Wikipedia: Shoulder surfing (computer security)
  67. Wikipedia: Single sign-on
  68. Wikipedia: Social engineering (security)
  69. Wikipedia: Spamming
  70. Wikipedia: IP address spoofing
  71. Wikipedia: Spyware
  72. Wikipedia: System administrator
  73. Wikipedia: Trojan horse (computing)
  74. Wikipedia: Computer virus
  75. Wikipedia: Computer worm
  76. Wikipedia: Wi-Fi Protected Access
  77. Wikipedia: Zombie computer