Information Systems/Security

From Wikiversity
Jump to: navigation, search
Monitor padlock.svg

This lesson covers security in various forms of technology, such as phones, the internet, and computers.

Objectives and Skills[edit]

Objectives and skills for the security portion of CLEP Information Systems include:[1]

  • Economic effects (secure transactions, viruses, malware, cost of security)
  • Privacy concerns (individual, business, identity theft)
  • Computer security and controls (system, application, personal computer, disaster recovery)

Readings[edit]

  1. Wikibooks: Introduction to Computer Information Systems/Security
  2. Wikipedia: Computer security
  3. Wikipedia: Backup
  4. Wikipedia: Data recovery
  5. Wikipedia: Disaster recovery plan
  6. Wikipedia: Internet safety
  7. Wikipedia: Internet security
  8. Wikipedia: Internet privacy
  9. Wikipedia: Multi-factor authentication
  10. Wikipedia: Password manager
  11. Wikipedia: Mobile Security

Multimedia[edit]

  1. YouTube: Protecting Your Computer from Malware
  2. YouTube: Malware: Difference Between Computer Viruses, Worms and Trojans
  3. YouTube: Antivirus Software
  4. YouTube: Backup and Disaster Recovery Explained
  5. YouTube: How your computer gets hacked in under a minute
  6. YouTube: Computer Security
  7. YouTube: Securing your WIFI network
  8. YouTube: 5 tips for staying safe on the web
  9. YouTube: Protect your Privacy Completely: Web Browsing with TAILS
  10. YouTube: How to create a strong password
  11. YouTube: What is Two-Factor Authentication? (2FA)
  12. YouTube: Common Threats to Information Security
  13. YouTube: HTTPS and SSL tutorial
  14. YouTube: Information Security Management-Learn and Gain
  15. YouTube: 10 Worst Computer Viruses of All Time
  16. YouTube: Cyber Security – Top 10 Threats

Activities[edit]

  1. Research Data Backup and Recovery. Schedule and perform regular data backups.
  2. Learn tips to make stronger passwords. Then research password managers. Consider installing and using a password manager on your system.
  3. Configure password management on your system.
  4. Mac: Review Mac Security. Consider one of these options for best Mac security.
  5. Research multi-factor authentication. Consider setting up multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
  6. Review Protecting Your Computer. Use anti-malware software to scan your system and test malware detection.
    • All: Set anti-malware,anti-virus software and operating system to automatically update.
    • All: Review Wikipedia: Comparison of antivirus software. Download a free, well-known anti-malware application and scan your system.
    • All: Review Wikipedia: EICAR test file. Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
  7. Review Wikipedia: Wardriving. Use a free wireless scanner and scan your environment for wireless networks:
  8. Windows password security testing:
    • Test your Windows environment to extract plain texts passwords, hash, PIN codes, and kerberos tickets from memory through the use of Mimikatz.
  9. How to Find the Best Antivirus for 2017, the Ultimate Guide

Lesson Summary[edit]

  • Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.[2]
  • Computer security includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.[3]
  • Security threats include backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.[4]
  • Backups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy.[5]
  • Data recovery is a process of salvaging inaccessible data from corrupted or damaged secondary storage, removable media or files, when the data they store cannot be accessed in a normal way.[6]
  • A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[7]
  • Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.[8]
  • Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content.[9]
  • Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.[10]
  • Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.[11]
  • Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.[12]
  • Risks to Internet privacy include activity monitoring, content searches, and social network profiling. [13]
  • Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).[14]
  • A password manager is a software application that helps a user store and organize passwords.[15]

Key Terms[edit]

authentication
The process of confirming identity.[16]
authorization
The function of specifying access rights to resources.[17]
backdoor
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls.[18]
backup
Copying and archiving of computer data so it may be used to restore the original after a data loss event.[19]
biometrics
Refers to measurements of human characteristics. [20]
BitLocker
A full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and later Windows operating systems.[21]
bot
A software application that runs automated tasks over the Internet. [22]
botnet
A number of Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.[23]
brute-force attack
A cryptanalytic attack that consists of systematically checking all possible keys or passwords until the correct one is found.[24]
computer forensics
A branch of digital forensic science pertaining to the recovery and investigation of material found in computers and digital storage media, often related to computer crime. [25]
computer security
The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.[26]
cyber crime
Any crime that involves a computer and a network.[27]
cryptography
The practice and study of techniques for secure communication in the presence of third parties.[28]
denial-of-service attack
An attempt to make a machine or network resource unavailable to its intended users.[29]
device hardening
The process of securing a system by reducing its surface of vulnerability through the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.[30]
dictionary attack
A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities from a list.[31]
disaster recovery plan
A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[32]
dumpster diving
The practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the collector.[33]
eavesdropping
The act of surreptitiously listening to a private conversation, typically between hosts on a network.[34]
encryption
The process of encoding messages or information in such a way that only authorized parties can read it.[35]
ethical hacker
A computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.[36]
firewall
A network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.[37]
hacking
Seek and exploit weaknesses in a computer system or computer network.[38]
HTTPS
A communications protocol for secure communication over a computer network which is widely used on the Internet.[39]
identity theft
The deliberate use of someone else's personal information, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name.[40]
internet security
A catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.[41]
iptables
A Linux kernel software firewall that allows system administrators to configure rules and chains.[42]
keystroke logging
The action of recording the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.[43]
malware
Any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.[44]
multi-factor authentication
A method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories of knowledge, possession, and inherence.[45]
packet sniffer
A computer program that can intercept and log traffic passing over a digital network.[46]
password complexity
The length and character set combinations used to create a password, such as upper case and lower case letters, numbers, and punctuation.[47]
password confidentiality
A set of rules or a promise that limits access or places restrictions on password sharing.[48]
password cracking
The process of recovering passwords from data that have been stored in or transmitted by a computer system, most often through brute-force or dictionary attacks.[49]
password expiration
A policy that requires users to change passwords periodically.[50]
password reuse
A policy that prevents users from repeating recently used passwords.[51]
permissions
Access rights assigned to specific users and groups of users to control the ability of the users to view or make changes to system objects.[52]
penetration test
A targeted and simulated attack on a system to identify potential security vulnerabilities.[53]
phishing
The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.[54]
physical security
Measures designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.[55]
ransomware
A type of malware which restricts access to the computer system that it infects, and demands a fee be paid to the operators of the malware in order for the restriction to be removed.[56]
rootkit
A stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.[57]
security patch
A change applied to an asset to correct the weakness described by a vulnerability.[58]
shoulder surfing
Using direct observation techniques to obtain information such as passwords, PINs, security codes, and similar data.[59]
single sign-on
A property of access control systems that allows a user to log in once and gain access to all interrelated systems without being prompted to log in again.[60]
social engineering
Psychological manipulation of people to cause them to perform actions or divulge confidential information.[61]
spam
Unsolicited electronic messages, especially advertising.[62]
spoofing
Concealing the identity of the sender by impersonating another computing system.[63]
spyware
Software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.[64]
system administrator
A person who is responsible for the upkeep, configuration, and reliable operation of computer systems; especially multi-user computers.[65]
Trojan
A non-self-replicating type of malware program containing malicious code that, when executed typically causes loss or theft of data, and possible system harm.[66]
virus
A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or firmware.[67]
worm
A standalone malware computer program that replicates itself in order to spread to other computers.[68]
WPA / WPA2 (Wi-Fi Protected Access)
Security protocol used secure wireless computer networks.[69]
zombie computer
A computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.[70]

Review Questions[edit]

Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Computer security is _____.
    Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
  2. Computer security includes _____.
    Computer security includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
  3. Security threats include _____.
    Security threats include backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking.
  4. Internet safety is _____.
    Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general.
  5. Network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules is called ________.
    Network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules is called Firewall.
  6. Process of encoding messages or information in a way that only authorized parties can read it is called ________.
    Process of encoding messages or information in a way that only authorized parties can read it is called Encryption.
  7. Common threats to personal safety on the Internet include _____.
    Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content.
  8. Malware, short for malicious software, is _____. It includes _____.
    Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
  9. Malware, includes _____.
    Malware includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms.
  10. Internet privacy involves _____.
    Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet.
  11. Privacy can entail either _____.
    Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.
  12. Risks to Internet privacy include _____. 
    Risks to Internet privacy include activity monitoring, content searches, and social network profiling. 
  13. Multi-factor authentication (MFA) is _____.
    Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are).
  14. A password manager is _____.
    A password manager is a software application that helps a user store and organize passwords.
  15. A non-self-replicating type of malware program which typically causes loss or theft of data, and possible system harm is called ______.
    A non-self-replicating type of malware program which typically causes loss or theft of data, and possible system harm is called Trojan.

Assessments[edit]

See Also[edit]

References[edit]

Nuvola apps edu miscellaneous.svg Type classification: this is a lesson resource.
Progress-1000.svg Completion status: this resource is considered to be complete.
  1. CLEP: Information Systems
  2. Wikipedia: Computer security
  3. Wikipedia: Computer security
  4. Wikipedia: Computer security
  5. Wikipedia: Backup
  6. Wikipedia: Data recovery
  7. Wikipedia: Disaster recovery plan
  8. Wikipedia: Internet safety
  9. Wikipedia: Internet safety
  10. Wikipedia: Internet security
  11. Wikipedia: Internet privacy
  12. Wikipedia: Internet privacy
  13. Wikipedia: Internet privacy
  14. Wikipedia: Multi-factor authentication
  15. Wikipedia: Password manager
  16. Wikipedia: Authentication
  17. Wikipedia: Authorization (computer access control)
  18. Wikipedia: Backdoor (computing)
  19. Wikipedia: Backup
  20. Wikipedia: Biometrics
  21. Wikipedia: BitLocker
  22. Wikipedia: Internet bot
  23. Wikipedia: Botnet
  24. Wikipedia: Brute-force attack
  25. Wikipedia: Computer forensics
  26. Wikipedia: Computer security
  27. Wikipedia: Computer crime
  28. Wikipedia: Cryptography
  29. Wikipedia: Denial-of-service attack
  30. Wikipedia: Hardening (computing)
  31. Wikipedia: Dictionary attack
  32. Wikipedia: Disaster recovery plan
  33. Wikipedia: Garbage picking
  34. Wikipedia: Eavesdropping
  35. Wikipedia: Encryption
  36. Wikipedia: White hat (computer security)
  37. Wikipedia: Firewall (computing)
  38. Wikipedia: Hacker (computer security)
  39. Wikipedia: HTTPS
  40. Wikipedia: Identity theft
  41. Techopedia; Internet Security
  42. Wikipedia: Iptables
  43. Wikipedia: Keystroke logging
  44. Wikipedia: Malware
  45. Wikipedia: Multi-factor authentication
  46. Wikipedia: Packet analyzer
  47. Wikipedia: Password strength
  48. Wikipedia: Confidentiality
  49. Wikipedia: Password cracking
  50. Wikipedia: Password policy
  51. Wikipedia: Password policy
  52. Wikipedia: File system permissions
  53. Wikipedia: Penetration_test
  54. Wikipedia: Phishing
  55. Wikipedia: Physical security
  56. Wikipedia: Ransomware
  57. Wikipedia: Rootkit
  58. Wikipedia: Security patch
  59. Wikipedia: Shoulder surfing (computer security)
  60. Wikipedia: Single sign-on
  61. Wikipedia: Social engineering (security)
  62. Wikipedia: Spamming
  63. Wikipedia: IP address spoofing
  64. Wikipedia: Spyware
  65. Wikipedia: System administrator
  66. Wikipedia: Trojan horse (computing)
  67. Wikipedia: Computer virus
  68. Wikipedia: Computer worm
  69. Wikipedia: Wi-Fi Protected Access
  70. Wikipedia: Zombie computer