Jump to content

Information Systems/Security: Difference between revisions

Add links
From Wikiversity
Browse history interactively
← Older editNewer edit →
Content deleted Content added
VisualWikitext
Line 272: Line 272:
* [http://www.lifehack.org/articles/featured/10-free-ways-to-track-all-your-passwords.html/ Lifehack: 10 free ways to track your passwords]
* [http://www.lifehack.org/articles/featured/10-free-ways-to-track-all-your-passwords.html/ Lifehack: 10 free ways to track your passwords]
* [https://lastpass.com/how-it-works/ Last Pass: A Simple Password Solution - How it works]
* [https://lastpass.com/how-it-works/ Last Pass: A Simple Password Solution - How it works]
* [https://www.lifewire.com/ways-to-back-up-your-data-2640426/ Life Wire: 5 ways to back up your data and keep it safe]


== References ==
== References ==

Revision as of 22:47, 12 June 2017

Information Systems
  1. Introduction
  2. Hardware
  3. Peripherals
  4. Operating Systems
  5. Applications
  6. Networking
  7. Internet
  8. Security
  9. Information Systems
  10. Systems Development
  11. Programming
  12. Databases
  13. Social Issues
  14. Review
Download Learning Guide
Download Wikibook

This lesson covers security in various forms of technology, such as phones, the internet, and computers.

Objectives and Skills

Objectives and skills for the security portion of CLEP Information Systems include:[1]

  • Economic effects (secure transactions, viruses, malware, cost of security)
  • Privacy concerns (individual, business, identity theft)
  • Computer security and controls (system, application, personal computer, disaster recovery)

Readings

  1. Wikibooks: Introduction to Computer Information Systems/Security
  2. Wikipedia: Computer security
  3. Wikipedia: Backup
  4. Wikipedia: Data recovery
  5. Wikipedia: Disaster recovery plan
  6. Wikipedia: Internet safety
  7. Wikipedia: Internet security
  8. Wikipedia: Internet privacy
  9. Wikipedia: Multi-factor authentication
  10. Wikipedia: Password manager

Multimedia

  1. YouTube: Protecting Your Computer from Malware
  2. YouTube: Malware: Difference Between Computer Viruses, Worms and Trojans
  3. YouTube: Antivirus Software
  4. YouTube: Backup and Disaster Recovery Explained
  5. YouTube: How your computer gets hacked in under a minute
  6. YouTube: Computer Security
  7. YouTube: Securing your WIFI network
  8. YouTube: 5 tips for staying safe on the web
  9. YouTube: Google's Privacy Principles
  10. YouTube: Protect your Privacy Completely: Web Browsing with TAILS
  11. YouTube: How to create a strong password
  12. YouTube: What is Two-Factor Authentication? (2FA)
  13. YouTube: Common Threats to Information Security
  14. YouTube: HTTPS and SSL tutorial

Activities

  1. Research Data Backup and Recovery. Schedule and perform regular data backups.
  2. Learn tips to make stronger passwords. Then research password managers. Consider installing and using a password manager on your system.
  3. Configure password management on your system.
  4. Mac: Review Mac Security. Consider one of these options for best Mac security.
  5. Research multi-factor authentication. Consider setting up multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
  6. Review Protecting Your Computer. Use anti-malware software to scan your system and test malware detection.
    • All: Set anti-malware,anti-virus software and operating system to automatically update.
    • All: Review Wikipedia: Comparison of antivirus software. Download a free, well-known anti-malware application and scan your system.
    • All: Review Wikipedia: EICAR test file. Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
  7. Review Wikipedia: Wardriving. Use a free wireless scanner and scan your environment for wireless networks:

Lesson Summary

  • Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.[2]
  • Computer security includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.[3]
  • Security threats include backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.[4]
  • Backups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy.[5]
  • Data recovery is a process of salvaging inaccessible data from corrupted or damaged secondary storage, removable media or files, when the data they store cannot be accessed in a normal way.[6]
  • A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[7]
  • Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.[8]
  • Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content.[9]
  • Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.[10]
  • Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.[11]
  • Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.[12]
  • Risks to Internet privacy include activity monitoring, content searches, and social network profiling. [13]
  • Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).[14]
  • A password manager is a software application that helps a user store and organize passwords.[15]

Key Terms

authentication
The process of confirming identity.[16]
authorization
The function of specifying access rights to resources.[17]
backup
Copying and archiving of computer data so it may be used to restore the original after a data loss event.[18]
biometrics
Refers to measurements of human characteristics. [19]
bitLocker
A full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and later Windows operating systems.[20]
bot
A software application that runs automated tasks over the Internet. [21]
botnet
A number of Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.[22]
brute-force attack
A cryptanalytic attack that consists of systematically checking all possible keys or passwords until the correct one is found.[23]
computer forensics
A branch of digital forensic science pertaining to the recovery and investigation of material found in computers and digital storage media, often related to computer crime. [24]
computer security
The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.[25]
cyber crime
Any crime that involves a computer and a network.[26]
cryptography
The practice and study of techniques for secure communication in the presence of third parties.[27]
denial-of-service attack
An attempt to make a machine or network resource unavailable to its intended users.[28]
device hardening
The process of securing a system by reducing its surface of vulnerability through the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.[29]
dictionary attack
A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities from a list.[30]
disaster recovery plan
A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[31]
dumpster diving
The practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the collector.[32]
encryption
The process of encoding messages or information in such a way that only authorized parties can read it.[33]
ethical hacker
A computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.[34]
firewall
A network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.[35]
hacking
Seek and exploit weaknesses in a computer system or computer network.[36]
https
is a communications protocol for secure communication over a computer network which is widely used on the Internet.[37]
identity theft
The deliberate use of someone else's personal information, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name.[38]
keystroke logging
The action of recording the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.[39]
malware
Any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.[40]
multi-factor authentication
A method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories of knowledge, possession, and inherence.[41]
packet sniffer
A computer program that can intercept and log traffic passing over a digital network.[42]
password complexity
The length and character set combinations used to create a password, such as upper case and lower case letters, numbers, and punctuation.[43]
password confidentiality
A set of rules or a promise that limits access or places restrictions on password sharing.[44]
password cracking
The process of recovering passwords from data that have been stored in or transmitted by a computer system, most often through brute-force or dictionary attacks.[45]
password expiration
A policy that requires users to change passwords periodically.[46]
password reuse
A policy that prevents users from repeating recently used passwords.[47]
permissions
Access rights assigned to specific users and groups of users to control the ability of the users to view or make changes to system objects.[48]
phishing
The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.[49]
physical security
Measures designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.[50]
ransomware
A type of malware which restricts access to the computer system that it infects, and demands a fee be paid to the operators of the malware in order for the restriction to be removed.[51]
rootkit
A stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.[52]
security patch
A change applied to an asset to correct the weakness described by a vulnerability.[53]
shoulder surfing
Using direct observation techniques to obtain information such as passwords, PINs, security codes, and similar data.[54]
single sign-on
A property of access control systems that allows a user to log in once and gain access to all interrelated systems without being prompted to log in again.[55]
social engineering
Psychological manipulation of people to cause them to perform actions or divulge confidential information.[56]
spam
Unsolicited electronic messages, especially advertising.[57]
spoofing
Concealing the identity of the sender by impersonating another computing system.[58]
spyware
Software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.[59]
system administrator
A person who is responsible for the upkeep, configuration, and reliable operation of computer systems; especially multi-user computers.[60]
Trojan
A non-self-replicating type of malware program containing malicious code that, when executed typically causes loss or theft of data, and possible system harm.[61]
uninterruptible power supply (UPS)
An electrical apparatus that provides emergency power to a load when the input power source or mains power fails.[62]
virus
A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or firmware.[63]
worm
A standalone malware computer program that replicates itself in order to spread to other computers.[64]
WPA / WPA2 (Wi-Fi Protected Access)
Security protocol used secure wireless computer networks.[65]
zombie computer
A computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.[66]

Review Questions

Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Computer security is _____.
    Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
  2. Computer security includes _____.
    Computer security includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
  3. Security threats include _____.
    Security threats include backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.
  4. Internet safety is _____.
    Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.
  5. Network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules is called ________.
    Network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules is called Firewall.
  6. Process of encoding messages or information in a way that only authorized parties can read it is called ________.
    Process of encoding messages or information in a way that only authorized parties can read it is called Encryption.
  7. Common threats to personal safety on the Internet include _____.
    Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content.
  8. Malware, short for malicious software, is _____. It includes _____.
    Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
  9. Malware, includes _____.
    Malware includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.
  10. Internet privacy involves _____.
    Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.
  11. Privacy can entail either _____.
    Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.
  12. Risks to Internet privacy include _____. 
    Risks to Internet privacy include activity monitoring, content searches, and social network profiling. 
  13. Multi-factor authentication (MFA) is _____.
    Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).
  14. A password manager is _____.
    A password manager is a software application that helps a user store and organize passwords.

Assessments

See Also

References

Type classification: this is a lesson resource.
Completion status: this resource is considered to be complete.
  1. CLEP: Information Systems
  2. Wikipedia: Computer security
  3. Wikipedia: Computer security
  4. Wikipedia: Computer security
  5. Wikipedia: Backup
  6. Wikipedia: Data recovery
  7. Wikipedia: Disaster recovery plan
  8. Wikipedia: Internet safety
  9. Wikipedia: Internet safety
  10. Wikipedia: Internet security
  11. Wikipedia: Internet privacy
  12. Wikipedia: Internet privacy
  13. Wikipedia: Internet privacy
  14. Wikipedia: Multi-factor authentication
  15. Wikipedia: Password manager
  16. Wikipedia: Authentication
  17. Wikipedia: Authorization (computer access control)
  18. Wikipedia: Backup
  19. Wikipedia: Biometrics
  20. Wikipedia: BitLocker
  21. Wikipedia: Internet bot
  22. Wikipedia: Botnet
  23. Wikipedia: Brute-force attack
  24. Wikipedia: Computer forensics
  25. Wikipedia: Computer security
  26. Wikipedia: Computer crime
  27. Wikipedia: Cryptography
  28. Wikipedia: Denial-of-service attack
  29. Wikipedia: Hardening (computing)
  30. Wikipedia: Dictionary attack
  31. Wikipedia: Disaster recovery plan
  32. Wikipedia: Garbage picking
  33. Wikipedia: Encryption
  34. Wikipedia: White hat (computer security)
  35. Wikipedia: Firewall (computing)
  36. Wikipedia: Hacker (computer security)
  37. [[1]]
  38. Wikipedia: Identity theft
  39. Wikipedia: Keystroke logging
  40. Wikipedia: Malware
  41. Wikipedia: Multi-factor authentication
  42. Wikipedia: Packet analyzer
  43. Wikipedia: Password strength
  44. Wikipedia: Confidentiality
  45. Wikipedia: Password cracking
  46. Wikipedia: Password policy
  47. Wikipedia: Password policy
  48. Wikipedia: File system permissions
  49. Wikipedia: Phishing
  50. Wikipedia: Physical security
  51. Wikipedia: Ransomware
  52. Wikipedia: Rootkit
  53. Wikipedia: Security patch
  54. Wikipedia: Shoulder surfing (computer security)
  55. Wikipedia: Single sign-on
  56. Wikipedia: Social engineering (security)
  57. Wikipedia: Spamming
  58. Wikipedia: IP address spoofing
  59. Wikipedia: Spyware
  60. Wikipedia: System administrator
  61. Wikipedia: Trojan horse (computing)
  62. Wikipedia: Uninterruptible power supply
  63. Wikipedia: Computer virus
  64. Wikipedia: Computer worm
  65. Wikipedia: Wi-Fi Protected Access
  66. Wikipedia: Zombie computer
Retrieved from "https://en.wikiversity.org/w/index.php?title=Information_Systems/Security&oldid=1695296"