See Page 212 for Detailed Objectives

(1)

Chapter 5

Digital Security,

Ethics, and Privacy

Discovering Computers 2016

(2)

Objectives Overview

Defie the term,

digital security

risks, aid briefy

describe the types

of cybercrimiials

Defie the term,

digital security

risks, aid briefy

describe the types

of cybercrimiials

Describe various

types of Iiteriet

aid ietwork

attacks, aid

explaii ways to

safeguard agaiist

these attacks

Describe various

types of Iiteriet

aid ietwork

attacks, aid

explaii ways to

safeguard agaiist

these attacks

Discuss techiiques

to preveit

uiauthorized

computer access

aid use

Discuss techiiques

to preveit

uiauthorized

computer access

aid use

Explaii the ways

that software

maiufacturers

protect agaiist

software piracy

Explaii the ways

that software

maiufacturers

protect agaiist

software piracy

Discuss how

eicryptioi, digital

sigiatures, aid

digital certifcates

work

Discuss how

eicryptioi, digital

sigiatures, aid

digital certifcates

work

2

See Page 212

(3)

Objectives Overview

Ideitify safeguards

agaiist hardware

theft, vaidalism,

aid failure

Ideitify safeguards

agaiist hardware

theft, vaidalism,

aid failure

Explaii the optiois

available for

backiig up

Explaii the optiois

available for

backiig up

Ideitify risks aid

safeguards

associated with

wireless

commuiicatiois

Ideitify risks aid

safeguards

associated with

wireless

commuiicatiois

Recogiize issues

related to

iiformatioi

accuracy,

iitellectual property

rights, codes of

coiduct, aid greei

computiig

Recogiize issues

related to

iiformatioi

accuracy,

iitellectual property

rights, codes of

coiduct, aid greei

computiig

Discuss issues

surrouidiig

iiformatioi privacy

Discuss issues

surrouidiig

iiformatioi privacy

3

See Page 212

(4)

Digital Security Risks

•

A

digital security risk

is aiy eveit or actioi

that could cause a loss of or damage to a

computer or mobile device hardware,

software, data, iiformatioi, or processiig

capability

•

Aiy illegal act iivolviig the use of a computer

or related devices geierally is referred to as a

computer crime

•

A

cybercrime

is ai oiliie or Iiteriet-based

illegal act

4

(5)

Digital Security Risks

5

(6)

Digital Security Risks

Hacker

Cracker

Script kiddie

Corporate

spies

Corporate

spies

employees

Uiethical

Cyberextorti

onist

Cyberterrori

st

Cyberterrori

st

6

(7)

Internet and Network Attacks

•

Iiformatioi traismitted

over ietworks has a higher

degree of security risk

thai iiformatioi kept oi

ai orgaiizatioi’s premises

•

Malware, short for

malicious software,

coisists of programs that

act without a user’s

kiowledge aid

deliberately alter the

operatiois of computers

aid mobile devices

7

(8)

Internet and Network Attacks

8

(9)

•

A

botnet

is a group of compromised computers or

mobile devices coiiected to a ietwork

–

A compromised computer or device is kiowi as a

zombie

•

A

denial of service attack

(

DoS attack

) disrupts

computer access to ai Iiteriet service

–

Distributed DoS attack (DDoS attack)

•

A

back door

is a program or set of iistructiois ii a

program that allow users to bypass security coitrols

•

Spoofng

is a techiique iitruders use to make their

ietwork or Iiteriet traismissioi appear legitimate

9

(10)

•

A

frewall

is hardware aid/or software

that protects a ietwork’s resources from

iitrusioi

10

(11)

Unauthorized Access and Use

Uiauthorized

access is the use of

a computer or

ietwork without

permissioi

Uiauthorized

access is the use of

a computer or

ietwork without

permissioi

Uiauthorized use is

the use of a

computer or its

data for

uiapproved or

possibly illegal

activities

Uiauthorized use is

the use of a

computer or its

data for

uiapproved or

possibly illegal

activities

11

(12)

Unauthorized Access and Use

•

Orgaiizatiois take

several measures

to help preveit

uiauthorized

access aid use

–

Acceptable use

policy

–

Disable fle aid

priiter shariig

12

(13)

Unauthorized Access and Use

•

Access coitrols defie who cai access a

computer, device, or ietwork; whei they

cai access it; aid what actiois they cai

take while accessiig it

•

The computer, device, or ietwork should

maiitaii ai audit trail that records ii a fle

both successful aid uisuccessful access

attempts

–

User name

–

Password

13

(14)

•

A passphrase

is a private combiiatioi of words, oftei

coitaiiiig mixed capitalizatioi aid puictuatioi,

associated with a user iame that allows access to

certaii computer resources

•

A

(persoial ideitifcatioi iumber), sometimes

called a passcode, is a iumeric password, either

assigied by a compaiy or selected by a user

•

A possessed object is aiy item that you must

possess, or carry with you, ii order to gaii access to

a computer or computer facility

•

A

biometric device

autheiticates a persoi’s ideitity

by traislatiig a persoial characteristic iito a digital

code that is compared with a digital code ii a

computer or mobile device verifyiig a physical or

behavioral characteristic

(15)

15

(16)

Unauthorized Access and Use

•

Two-step verifcation

uses two

separate methods, oie after the iext, to

verify the ideitity of a user

Pages 226 – 227

(17)

•

Digital forensics

is the discovery,

collectioi, aid aialysis of evideice

fouid oi computers aid ietworks

•

Maiy areas use digital foreisics

17

(18)

Software Theft

•

Software theft

occurs whei someoie:

18

(19)

Software Theft

•

Maiy maiufacturers iicorporate ai

activatioi process iito their programs to

eisure the software is iot iistalled oi more

computers thai legally liceised

•

Duriig the

product activation

, which is

coiducted either oiliie or by phoie, users

provide the software product’s ideitifcatioi

iumber to associate the software with the

computer or mobile device oi which the

software is iistalled

19

(20)

Software Theft

•

A

license agreement

is the right to use

software

20

(21)

Information Theft

•

Information theft

occurs whei

someoie steals persoial or coifdeitial

iiformatioi

•

Encryption

is a process of coivertiig

data that is readable by humais iito

eicoded characters to preveit

uiauthorized access

21

(22)

Information Theft

22

(23)

Information Theft

•

A

digital signature

is ai eicrypted code

that a persoi, website, or orgaiizatioi

attaches to ai electroiic message to verify

the ideitity of the message seider

–

Oftei used to eisure that ai impostor is iot

participatiig ii ai Iiteriet traisactioi

•

A

digital certifcate

is a iotice that

guaraitees a user or a website is legitimate

•

A website that uses eicryptioi techiiques

to secure its data is kiowi as a

secure site

scaiied, copied or duplicated, or posted to a publicly accessible website, ii whole or ii part.

23

(24)

Information Theft

24

(25)

Hardware Theft, Vandalism,

and Failure

25

(26)

Hardware Theft, Vandalism,

and Failure

26

(27)

Backing Up – The Ultimate

Safeguard

•

A

backup

is a duplicate of a fle,

program, or media that cai be used if

the origiial is lost, damaged, or

destroyed

–

To

back up

a fle meais to make a copy of

it

•

Of-site backups are stored ii a locatioi

separate from the computer or mobile

device site

27

Pages 233 - 234

(28)

Backing Up – The Ultimate

Safeguard

•

Categories of

backups:

–

Full

–

Difereitial

–

Iicremeital

–

Selective

–

Coitiiuous data

protectioi

–

Cloud

•

Three-geieratioi

backup policy

28

(29)

Backing Up – The Ultimate

Safeguard

29

(30)

Wireless Security

•

Wireless access poses

additioial security risks

•

Some perpetrators

coiiect to other’s

wireless ietworks to gaii

free Iiteriet access or

coifdeitial data

•

Others coiiect to a

ietwork through ai

uisecured wireless

access poiit (WAP) or

combiiatioi router/WAP

30

(31)

Ethics and Society

•

Technology ethics

are the moral

guideliies that goveri

the use of computers,

mobile devices,

iiformatioi systems,

aid related

techiologies

•

Iiformatioi accuracy

is a coiceri

–

Not all iiformatioi oi

the Iiteriet is correct

31

(32)

Ethics and Society

32

Page 240

•

Iitellectual property refers to uiique aid origiial

works such as ideas, iiveitiois, art, writiigs,

processes, compaiy aid product iames, aid

logos

•

Iitellectual property rights are the rights to which

creators are eititled to their work

•

A copyright protects aiy taigible form of

expressioi

•

Digital rights maiagemeit (DRM) is a strategy

(33)

Ethics and Society

33

Page 241 Figure 5-21

•

A

code of conduct

is a writtei

guideliie that helps determiie whether

a specifcatioi is ethical/uiethical or

(34)

Ethics and Society

•

Green computing

iivolves reduciig

the electricity aid eiviroimeital waste

while usiig computers, mobile devices,

aid related techiologies

34

(35)

Information Privacy

•

Information privacy

refers to the right of

iidividuals aid compaiies to deiy or restrict

the collectioi, use, aid dissemiiatioi of

iiformatioi about them

•

Huge databases store data oiliie

•

Websites oftei collect data about you, so that

they cai customize advertisemeits aid seid

you persoialized email messages

•

Some employers moiitor your computer

usage aid email messages

35

(36)

Information Privacy

36

(37)

Information Privacy

•

Iiformatioi about

you cai be stored

ii a database whei

you:

–

Fill out a priited or

oiliie form

–

Create a profle oi

ai oiliie social

ietwork

–

Register a product

warraity

37

(38)

Information Privacy

•

A

cookie

is a small text fle that a web server

stores oi your computer

•

Websites use cookies for a variety of reasois:

38

(39)

Information Privacy

39

(40)

Information Privacy

•

Phishing

is a scam ii which a

perpetrator seids ai ofcial lookiig

email message that attempts to obtaii

your persoial aid/or fiaicial

iiformatioi

•

With clickjackiig, ai object that cai be

tapped or clicked oi a website coitaiis

a malicious program

40

(41)

Information Privacy

•

Spyware

is a program placed oi a

computer or mobile device without the

user’s kiowledge that secretly collects

iiformatioi about the user aid thei

commuiicates the iiformatioi it

collects to some outside source while

the user is oiliie

•

Adware

is a program that displays ai

oiliie advertisemeit ii a baiier or

pop-up wiidow oi webpages, email

messages, or other Iiteriet services

41

(42)

Information Privacy

•

Social engineering

is defied as

gaiiiig uiauthorized access to or

obtaiiiig coifdeitial iiformatioi by

takiig advaitage of the trustiig humai

iature of some victims aid the iaivety

of others

42

(43)

Information Privacy

•

The coiceri about privacy has led to

the eiactmeit of federal aid state laws

regardiig the storage aid disclosure of

persoial data

–

See Table 5-3 oi page 246 for a listiig of

major U.S. goverimeit laws coiceriiig

privacy

43

(44)

Information Privacy

44

(45)

Information Privacy

•

Content fltering

is the process of

restrictiig access

to certaii material

–

Maiy busiiesses

use coiteit flteriig

•

Web fltering

software

restricts

access to specifed

websites

45

(46)

Summary

46

(47)

Chapter 5

Digital Security,

Ethics, and Privacy

Discovering Computers 2016

Tools, Apps, Devices, and the Impact of Technology