SlideShare a Scribd company logo

IGCSE ICT - Safety and Security - Ajiro Tech

Ajiro Ndi, profile picture
Ajiro Ndi

Chapter 8 of the document covers safety and security in ICT, focusing on physical safety, e-safety, and data security. It outlines prevention measures for physical safety in computer environments, details the Data Protection Act concerning data handling and e-safety best practices, and discusses various data threats such as hacking, phishing, and malware. Essential advice includes using strong passwords, maintaining data confidentiality, and implementing effective software solutions to mitigate risks.

Education
Related topics:
IGCSE ICT 0417 IGCSE ICT Paper 1 ajiro-tech IGCSE ICT Theory IGCSE ICT
1 of 31
Downloaded 101 times
1
2
3
Most read
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Most read
26
27
28
29
30
31
SAFETY AND SECURITY – CHAPTER 8 IT IS IMPORTANT YOU TAKE NOTES DURING MY CLASSES INTO YOUR ICT NOTEBOOK YOUR TEXTBOOK IS ALSO VERY IMPORTANT. Page on the Textbook: 194
Table of Content Chapter 8: Safety and Security ❖ 8.1 Physical Safety ❖ 8.2 E-Safety ❖ 8.3 Security of Data
Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 8.1 Physical Safety Prevention measures ❖ Do not allow drinks to be taken into the computer room ❖ Check all wires on a regular basis ❖ Ensure all equipment is checked by a qualified electrician on a regular basis ❖ Make use of an RCB (residual current breaker) to prevent electrocution Cause of safety risk ❖ Spilling liquids/drinks on electric equipment ❖ Exposed wires/damaged insulation ❖ Unsafe electrical equipment ❖ Unsafe electrics (for example, wall sockets) in the office Cause of safety risk ❖ Overloaded wall sockets ❖ Overheating of computer Equipment ❖ Exposed wires causing a short circuit Prevention measures ❖ Increase the number of wall sockets and do not use too many extension blocks ❖ Do not cover the cooling vents on computer equipment ❖ Clean out dust accumulation in computers to prevent overheating ❖ Make sure all equipment is fully tested on a regular basis ❖ Ensure there is good room ventilation Physical safety is a different issue to health risks (as discussed in Chapter 5.2). While health safety is how to stop people becoming ill, or being affected by daily contact with computers, physical safety is concerned with the dangers that could lead to serious injuries or even loss of life. Electrocution from spilling drinks Fire hazard 1
Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 8.1 Physical Safety Prevention measures ❖ Use cable ducts to make the wires safe ❖ Cover exposed wires and hide wires under desks away from general thoroughfare ❖ Use wireless connectivity wherever possible, therefore eliminating the need for trailing cables Cause of safety risk ❖ Trailing wires on the floor ❖ Damaged carpets and other flooring Cause of safety risk ❖ Heavy equipment unstable or falling from desks ❖ Desks collapsing under weight/desks not de Prevention measures ❖ Use desks strong enough to take the weight of the computer equipment ❖ Use large desks and tables so that hardware is not too close to the edge where it could fall off Physical safety is a different issue to health risks (as discussed in Chapter 5.2). While health safety is how to stop people becoming ill, or being affected by daily contact with computers, physical safety is concerned with the dangers that could lead to serious injuries or even loss of life. Tripping Hazard Personal injury 2
Chapter 8: Safety and Security 8.2 E-Safety 1. Data Protection 2. Personal Data? 3. Sensitive Data 4. E-Safety Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 3
Chapter 8: Safety and Security 8.2 e-Safety Data Protection Act (DPA) are set up to protect the rights of the individual about whom data is obtained, stored and processed – for example, collection, use, disclosure, destruction and holding of data. Any such act applies to both computerised and paper records. 1 Datamustbefairlyandlawfullyprocessed. 2 Datacanonlybeprocessedforthestated purpose. 3 Datamustbeadequate,relevantandnot excessive. 4 Datamustbeaccurate. 5 Datamustnotbekeptlongerthan necessary. 6 Datamustbeprocessedinaccordancewith thedatasubject’srights. 7 Datamustbekeptsecure. 8 Datamustnotbetransferredtoanother countryunlesstheyalso haveadequate protection. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Data Protection In many countries, failure to abide by these simple rules by anyone who holds data about individuals can lead to a heavy fine or even imprisonment. There are general guidelines about how to stop data being obtained unlawfully: ❖ do not leave personal information lying around on a desk when not attended ❖ lock filing cabinets at the end of the day or when the room is unoccupied ❖ do not leave data on a computer monitor if it is unattended; log off from the computer if away from your desk for any length of time ❖ use passwords and user IDs, which should be kept secure; passwords should be difficult to guess/break and should be changed frequently (see earlier notes on passwords) ❖ make sure that anything sent in an email or fax (including attachments) is not of a sensitive nature. 4
Chapter 8: Safety and Security 8.2 e-Safety Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Personal Data Extra special care needs to be taken of sensitive personal data. Whether data is personal or sensitive, it is imperative that all precautions are taken to keep it confidential, and prevent any inappropriate disclosure. This includes keeping data safe from hackers, for example, but it also means keeping data safe from accidental disclosure. One way to protect data if it is accidentally disclosed is to encrypt it. ❖ Name ❖ addressoremailaddress(suchas ajirotech@gmail.com) ❖ anIDcardnumber/passportnumber ❖ anIP address ❖ cookie ID ❖ theadvertisingidentifierona mobile phone ❖ dateofbirth ❖ bankingdetails ❖ photographsoftheindividual(for example,infullschooluniform) Examples of personal data include: Personal data refers to any data concerning a living person who can be identified from the data itself or from the data in conjunction with other information Some personal data is often referred to as sensitive (personal) data. ❖ ethnicityorrace ❖ politicalviews ❖ membershipofapoliticalparty ❖ membershipofa tradeunion ❖ religion/philosophicalbeliefs ❖ sexualorientation/gender ❖ criminalrecord ❖ medicalhistory ❖ geneticdata/DNA ❖ biometricdata. Examples of sensitive data include: 5
Chapter 8: Safety and Security 8.2 e-Safety e-safety is as much about user behaviour as it is about electronic security. In particular: ❖ when using the internet ❖ sending and receiving emails ❖ taking part in social media ❖ online gaming. E-safety refers to the benefits, risks and responsibilities when using ICT. It is often defined to be the safe and responsible use of technology. However, e-safety is as much about user behaviour as it is about electronic security. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ When using the internet make sure that the websites being used can be trusted (forexample, lookout forwebsitesincluding https). ❖ Only purchase itemsfromwebsitesthat offersecure,encrypted connections ❖ When using searchengines, alwaysmake surethe device settings are set tosafesearch’ ❖ Only use websitesrecommendedby teachers, parents orfrom trusted sources ❖ Becarefulwhat youdownload;is the material potentially harmful? Could it be malware? It isessential that anti-virusoranti-malware softwareis alwaysrunning inthe backgroundandis kept up todate. ❖ Alwaysremembertolog outofsites whenyouhave finishedusing them Using the internet 6
Chapter 8: Safety and Security 8.2 e-Safety The following list highlights some of the dangers when sending and receiving emails. It is important to have an awareness of the risks when opening emails and how to deal with emails from unknown sources. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ Onlyopen emails or attachments from known sources. ❖ Make sure your internet serviceprovider(ISP) has an effective email filteringfeature to ensure emails from unknown sources areput into your spam folder. ❖ Onlyreplyto an email if you know the person who sent it ❖ Checkthat email addresses or website addresses pertaining to come from ❖ a genuine company alwayscontain the realcompany’s website address ❖ Think carefully before replying to an email and never include the name of your school/college, or any personal data that could identify you. ❖ Never send photos of yourself (particularly in school uniform, which could be used to identify your school) ❖ Protect your email account by using passwords which are difficult to guess, and change them on a regular basis Sending and receiving emails 7
Chapter 8: Safety and Security 8.2 e-Safety When using social media sites, it is important to be careful and make sure you know how to block undesirable people. The following list shows some of the dangers and some of the ways to protect yourself: Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ Do not publiclypost or give out personal information to people you do not know, includingemail addresses or house addresses, because this could be used to find information about you or carryout identity theft. ❖ Do not send out photos of yourself to people you do not know;again this could lead to identity theft or somebody impersonating you (many of the photos on social media sites arefalse). ❖ Always make sure you use the privacysettings when posting photos of yourself on social media sites, so that onlypeople you trust can see them. ❖ It is important that none of the photos you post can linkyou to aplace or an address ❖ Particularcareshould be taken not to post photos of yourself in some form of school uniform ❖ Always maintain privacysettings to stop ‘non-friends’ from contacting you ❖ Onlymake friends with people you know or areverywell-known to other Social media 8
Chapter 8: Safety and Security 8.2 e-Safety It is important to be careful when using online gaming because is also carries risks. Many users think all the games players are like-minded and, therefore, there are no real risks associated with this type of communication. That is a dangerous assumption. Some of the known risks, associated with online gaming, reported over the years, include: Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ Predators (people who preyon others who they see as vulnerable) ❖ Cyberbullying(the use of electronic communication to bully aperson, typicallyby sending messages of an intimidating or threatening nature) ❖ Use of webcams (the risks hereareobvious!) ❖ Voice-masking technology (to disguise a voiceso you cannot telltheir sex, ❖ age, or even their accent) ❖ It is often overlooked that online games arealso a sourceof cyber-attacks on a user’s computer or mobile phone – viruses, phishing or spyware are wellreported examples of problems associated with certain online gaming ❖ Violence in the game itself, which can lead to violent behaviour in reallife. Online Gaming Note: As when using other platforms, you should not reveal any personal information about you or anyone else to anyone while gaming. This includes not using your real name. 9
Chapter 8: Safety and Security 8.3 Security of data 1. Data threats 2. Protection of data Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security
8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security There are several security risks to data held on a computer/smartphone or data being transferred around networks. This section covers many these risks: ❖ Hacking ❖ Phishing ❖ Vishing ❖ Smishing ❖ Pharming ❖ Viruses ❖ Malware ❖ card fraud. 10
8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security This isthe act ofgaining unauthorised/illegal accessto a computersystem Description of the security risk ❖ This canleadto identity theft orthe misuseofpersonalinformation ❖ Data canbe deleted, changed or corruptedona user’scomputer Possible effect of the security risk ❖ Use offirewalls ❖ Use ofstrong(frequently changed) passwordsand userIDs ❖ Use ofanti-hacking software ❖ Use ofuserIDs and passwords Methods to help remove the security risk Name of the security risk Hacking ❖ Use ofencryptionwon’tstop hacking – it makes the data unreadable tothe hacker but the data can stillbe deleted, Note 11
8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security The creatorsends out legitimate-lookingemails to target users.Assoonas the recipient clicksona link inthe emailorattachment, they are sent to a fakewebsite orthey are fooledintogiving personal data in replying tothe email. The email oftenappears to comefroma trusted source, such as abank orwell-known serviceprovider Description of the security risk ❖ The creatorofthe email cangain personaldata, suchasbank account data orcredit cardnumbers,from the user ❖ This canleadto fraudoridentity theft Possible effect of the security risk ❖ Many ISPsorweb browsersfilter out phishing emails ❖ Usersshouldalwaysbe cautious when opening emailsor attachments ❖ Don’t clickonexecutable attachments that end in .exe,.bat, .comor.php, forexample Methods to help remove the security risk Name of the security risk Phishing ❖ Phishing emailsoftenlook legitimate by copyinglarge companies,such asonline stores,to try toconvince usersthat the email istotally authentic Note 12
8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security This is short for ‘SMS phishing’. It uses the SMS system of mobile phones to send out fake text messages. It is very similar to phishing. These scams often contain a URL or telephone number embedded in the text message. The recipient will be asked to log on to the website or make a telephone call. If they do, they will be asked to supply personal details such as credit/debit card numbers or passwords. As with phishing attacks, the text message will appear to come from a legitimate source and will make a claim, for example, that they have won a prize or that they need to contact their bank urgently Name of the security risk Smishing 13
8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security (voicemail phishing) is another variation of phishing. This uses a voicemail message to trick the user into calling the telephone number contained in the message. As with all phishing attacks, the user will be asked to supply personal data thinking they are talking to somebody who works for a legitimate company. Name of the security risk Vishing 14
8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 15 This ismaliciouscodeinstalled ona user’s computerorona webserver;the codewill redirectthe user toa fake website withouttheir knowledge(the user doesn’t have to take any action,unlike phishing) Description of the security risk ❖ The creatorofthe maliciouscode cangainpersonaldata suchas credit/debit carddetails fromusers whenthey visit the fakewebsite; usually the websiteappears to be that ofa well-knownandtrusted company ❖ Pharming canleadto fraudor identity theft Possible effect of the security risk ❖ Someanti-spywaresoftwarecan identify and removepharming code froma user’scomputer ❖ The user should alwaysbe alert and lookout forclues that they are being redirected toanother website Methods to help remove the security risk Name of the security risk Pharming The user shouldalwayslookoutfor clues that they are being connected to a securewebsite; they should lookout for https:// in the URLoruse ofthe padlock symbol Note
Chapter 8: Safety and Security 8.3.1 Data threats Malware is one of the biggest risks to the integrity and security of data on a computer system. Many software applications, such as anti-virus, are capable of identifying and removing most of the forms of malware. There are many forms of malware; this section details just a selection of those forms. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 16
8.3.1 Data threats What is a computer virus This is program code or software that can replicate/copy itself with the intention of deleting or corrupting files on a computer; they often cause the computer to malfunction (for example, by filling up the hard drive with data) Possible Effects of a computer virus ❖ Viruses can cause the computer to ‘crash’, stop functioning normally or become unresponsive (e.g., the user gets the ‘not responding’ message) ❖ The software can delete files or data on a computer ❖ The software can corrupt operating system files, making the computer run slowly or even ‘crash’ Methods to help remove computer virus ❖ Install anti-virus software and update it regularly ❖ Don’t use software from unknown sources ❖ Be careful when opening emails or attachments from unknown senders Backing up files won’t guard against the effect of viruses; the virus may have already attached itself to the files that are being copied to the backup system; when these files are then copied back to the computer, the virus is simply reinstalled Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 17
8.3.1 Data threats Worms Worms are a type of stand-alone virus that can self-replicate. Their intention is to spread to other computers and corrupt whole networks; unlike viruses, they do not need an active host program to be opened in order to do any damage – they remain inside applications, which allows them to move throughout networks. In fact, worms replicate without targeting and infecting specific files on a computer; they rely on security failures within networks to permit them to spread unhindered. Trojan horse A Trojan horse is a malicious program which is often disguised as some legitimate software, but contains malicious instructions embedded within it. A Trojan horse replaces all or part of the legitimate software with the intent of carrying out some harm to the user’s computer system. They need to be executed by the end-user and therefore usually arrive as an email attachment or are downloaded from an infected website. Key logging software Key logging software (or key loggers) is a form of spyware. It gathers information by monitoring a user’s keyboard activities carried out on their computer. The software stores keystrokes in a small file which is automatically emailed to the cybercriminal responsible for the software. It is primarily designed to monitor and capture web browsing and other activities and capture personal data (for example, bank account numbers, passwords and credit/debit card details). Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 18
8.3.1 Data threats Adware Adware is a type of malware. At its least dangerous, it will attempt to flood an end-user with unwanted advertising. For example, it could redirect a user’s browser to a fake website that contains promotional advertising. They can be in the form of pop-ups, or appear in the browser’s toolbar thus redirecting the search request. Although not necessarily harmful, adware can: ❖ highlight weaknesses in a user’s security defences ❖ be hard to remove – they defeat most anti-malware software because it can be difficult to determine whether or not they are harmful ❖ hijack a browser and create its own default search requests. Ransomware Essentially, ransomware are programs that encrypt data on a user’s computer and ‘hold the data hostage’. The cybercriminal just waits until the ransom money is paid and, sometimes, the decryption key is then sent to the user. It has caused considerable damage to some companies and individuals. Imagine a situation where you log on to your computer, only to find the screen is locked and you cannot boot up your computer until the demands of the cybercriminal have been met. Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 19
8.3.1 Data threats Shoulder surfing Shoulder surfing is a form of data theft where criminals steal personal information from a victim when they are using a cash dispensing machine, when paying for goods/services using a handheld point-of-sale (POS) device or even when paying using a smartphone. Examples of shoulder surfing includes: ❖ somebody watching you key in data, such as your PIN ❖ somebody listening in when you are giving credit or debit card details over the phone ❖ some of the more sophisticated examples of shoulder surfing include the use of tiny digital cameras Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security What is credit card fraud? Card fraud is the illegal use of a credit or debit card. This can be due to: ❖ shoulder surfing when using the card on any device that requires keyboard entries (for example, an ATM or a handheld POS terminal) ❖ card cloning ❖ key logging software. Chapter 8: Safety and Security 20 Card cloning Card cloning is the copying of a credit or debit card which uses a magnetic stripe. Cloning of this type of card employs an electronic device known as a skimmer. This is a data capture device that allows a criminal to record all of the data stored on the magnetic stripe on a card. Skimmers can be placed in ATM slots where they can read all the data from a card; this data is then copied to the magnetic stripe of a fake card.
8.3.2 Protection of data Authentication is used to verify that data comes from a secure and trusted source. Along with encryption it strengthens internet security. We will be considering all the following methods to protect the security of data: Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 21 biometrics digital certificates secure sockets layer (SSL) encryption firewalls two-factor authentication user ID and password.
Advantages Disadvantages Fingerprint Scans: Users will have press their finger against the scanner. Finger prints are compared against those stored in the database. ❖ very high accuracy ❖ one of the most developed biometric techniques ❖ very easy to use ❖ relatively small storage requirements for the biometric data created ❖ for some people it is very intrusive, because it is still related to criminal identification ❖ it can make mistakes if the skin is dirty or damaged (for example, cuts to the finger) Retina/Iris Recognition: Scans use infrared light to scan unique patterns of blood vessels in the retina. ❖ veryhighaccuracy ❖ thereisnoknownwaytoreplicate aperson’sretinapattern ❖ it is very intrusive ❖ it can be relatively slow to verify retina scan with stored scans ❖ very expensive to install and set up Voice Recognition: User will use speak which will compare the voice to one held on the database. ❖ non-intrusive method ❖ verification takes less than five seconds ❖ relatively inexpensive technology ❖ a person’s voice can be easily recorded and used for unauthorised access ❖ low accuracy ❖ an illness, such as a cold, can change a person’s voice, making absolute identification difficult or impossible Biometrics is a method of authentication. It relies on unique characteristics of human beings. Biometrics data is difficult to copy and requires the user to be present so that this method of authentication can be used. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 8.3.2 Protection of data 22
Secure Socket Layer (SSL) A digital certificate is a pair of files stored on a user’s computer – these are used to ensure the security of data sent over the internet. Each pair of files is divided into: ❖ a public key (which can be accessed by anyone) ❖ a private key (known to the computer user only) For example, when sending an email, the message is made more secure by attaching a digital certificate. When the message is received, the recipient can verify that it comes from a known or trusted source by viewing the public key information (this is usually part of the email attachment). This is an added level of security to protect the recipient from harmful emails. The digital certificate is made up of six parts: ❖ the sender’s email address ❖ the name of the digital certificate owner ❖ a serial number ❖ expiry date (the date range during which the certificate is valid) ❖ public key (which is used for encrypting the messages and for digital signatures) ❖ digital signature of certificate authority (CAs) Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 8.3.2 Protection of data Chapter 8: Safety and Security 23
Secure Socket Layer (SSL) Secure sockets layer (SSL) is a type of protocol that allows data to be sent and received securely over the internet. When a user logs onto a website, SSL encrypts the data – only the user’s computer and the web server are able to make sense of what is being transmitted. A user will know if SSL is being applied when they see https (as part of the website address) or the small padlock in the status bar at the top of the screen. Examples of where SSL would be used: ❖ online banking and all online financial transactions ❖ online shopping/commerce ❖ when sending software out to a restricted list of users ❖ sending and receiving emails ❖ using cloud storage facilities ❖ intranets and extranets (as well as the internet) ❖ Voice over Internet Protocol (VoIP) when carrying out video chatting and/or audio chatting over the internet ❖ within instant messaging ❖ when making use of a social networking site. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 8.3.2 Protection of data Chapter 8: Safety and Security 24
8.3.2 Protection of data Encryption is used primarily to protect data in case it has been hacked or accessed illegally. While encryption will not prevent hacking, it makes the data meaningless unless the recipient has the necessary decryption tools Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security The key used to encrypt (or encode) the message is known as the encryption key; the key used to decrypt (or decipher) the message is known as the decryption key. When a message undergoes encryption it is known as cypher script; the original message is known as plain text. 25
8.3.2 Protection of data Afirewallcanbesoftware orhardware. Itsitsbetweentheuser’scomputer andanexternalnetwork (forexample,theinternet). Afirewallwillhelptokeep potentiallydestructive forcesawayfromauser’s computer,byfiltering incoming andoutgoing networktraffic. Thecriteriaforallowingordenying accesstoa computer canbesetbytheuser. The following list shows a number of the tasks carried out by a firewall ❖ to examine the ‘traffic’ between user’s computer (or internal network) and a public network (for example, the internet) ❖ checks whether incoming or outgoing data meets a given set of criteria ❖ if the data fails the criteria, the firewall will block the ‘traffic’ and give the user a warning that there may be a security issue ❖ the firewall can be used to log all incoming and outgoing ‘traffic’ to allow later interrogation by the user ❖ criteria can be set so that the firewall prevents access to certain undesirable sites; the firewall can keep a list of all undesirable IP addresses ❖ it is possible for firewalls to help prevent viruses or hackers entering the user’s computer (or internal network) Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security Users Computer Firewall (Hardware or Software) Internet Firewall 26
8.3.2 Protection of data Authentication Two-factor authentication Authentication refers to the ability of a user to prove who they are. There are three common factors used in authentication: ❖ something you know (for example, a password or PIN code) ❖ something you have (for example, a mobile phone or tablet) ❖ something which is unique to you (for example, biometrics). form of verification which requires two methods of authentication to verify who a user is. It is used predominantly when a user makes an online purchase, using a credit/debit card as payment method. User Ids and passwords Passwords are used to restrict access to data or systems. They should be hard to break and changed frequently to retain any real level of security. In addition to protecting access levels to computer systems, passwords are frequently used when accessing the internet, for example: » when accessing email accounts » when carrying out online banking or shopping » when accessing social networking sites. It is important that passwords are protected; some ways of doing this are described below: ❖ Run anti-spyware software to make sure that your passwords are not being relayed back to anyone who put the spyware on your computer. ❖ Change passwords on a regular basis ❖ Passwords should not be easy to break ❖ It is possible to make a password strong but also be easy to remember; Strong passwords should contain: ❖ at least one capital letter ❖ at least one numerical value ❖ at least one other keyboard character (such as @, *, &. etc.) An example of a strong password would be: Sy12@#TT90kj=0 An example of a weak password would be: GREEN Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 27
Give your neighbour advice about: • Usernames and Passwords • Online Safety • Cyberbullying • Meeting online friends • Photographs and Webcams • Emails, USB sticks, Viruses, Downloads, etc Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security In the words of my friend Yasar Ahmad one of the best IGCSE ICT Teacher have seen

More Related Content

PDF
IGCSE ICT (0417) - Communication - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - The Systems Life Cycle - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - ICT Applications - Ajiro Tech - Part 1
Ajiro Ndi
 
PDF
IGCSE ICT (0417) - Audiences - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - File Management - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - ICT Applications - Ajiro Tech - Part 2
Ajiro Ndi
 
PDF
IGCSE ICT (0417/0983) - Networks and the effects of using them - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - Types and Components of Computer Systems - Hardware and Software ...
Ajiro Ndi
 
IGCSE ICT (0417) - Communication - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - The Systems Life Cycle - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - ICT Applications - Ajiro Tech - Part 1
Ajiro Ndi
 
IGCSE ICT (0417) - Audiences - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - File Management - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - ICT Applications - Ajiro Tech - Part 2
Ajiro Ndi
 
IGCSE ICT (0417/0983) - Networks and the effects of using them - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - Types and Components of Computer Systems - Hardware and Software ...
Ajiro Ndi
 

What's hot (20)

PDF
IGCSE ICT - Input and Output Devices - Direct Data Entry (DDE) Devices - Ajir...
Ajiro Ndi
 
PDF
IGCSE ICT - Input and Output Devices - Input Devices and Their Uses - Ajiro T...
Ajiro Ndi
 
PDF
IGCSE ICT (0417/0983) - Storage Devices and Media - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - ICT Applications - Ajiro Tech - Part 3
Ajiro Ndi
 
PDF
IGCSE ICT - Types and Components of Computer Systems - Types of computer - Aj...
Ajiro Ndi
 
PPTX
iGCSE networks
ictmaverick
 
PDF
0417 IGCSE ICT Chapter 1
Anthi Aristotelous
 
PPTX
IGCSE ICT 0417 Chp 10. Communication.pptx
RakhyPraveen
 
PPT
IGCSE ICT
megabyte
 
PPTX
IGCSE ICT (0417) P3 Presentation Authoring
Shamir George
 
PDF
IGCSE ICT - Types and Components of Computer Systems - Operating Systems - Aj...
Ajiro Ndi
 
PPTX
Computer hardware troubleshooting
Jerome Luison
 
PDF
To create a bootable USB flash drive.pdf
AmanGunner
 
PDF
0417 IGCSE ICT Chapter 1 Exercises
Anthi Aristotelous
 
PDF
IGCSE ICT Theory
Sarfaraz Mohammed
 
PPTX
Top 10 PC Maintenance Tasks That You Need To Remember
sherireid89
 
PDF
Lab 1 Introduction to Computer
Halimaton Sa'adiah
 
PPTX
1 Types and components of computer systems
Dave Smith
 
PDF
Computer Troubleshooting
Lisa Hartman
 
PPTX
Hard disk drive components
Etty94
 
IGCSE ICT - Input and Output Devices - Direct Data Entry (DDE) Devices - Ajir...
Ajiro Ndi
 
IGCSE ICT - Input and Output Devices - Input Devices and Their Uses - Ajiro T...
Ajiro Ndi
 
IGCSE ICT (0417/0983) - Storage Devices and Media - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - ICT Applications - Ajiro Tech - Part 3
Ajiro Ndi
 
IGCSE ICT - Types and Components of Computer Systems - Types of computer - Aj...
Ajiro Ndi
 
iGCSE networks
ictmaverick
 
0417 IGCSE ICT Chapter 1
Anthi Aristotelous
 
IGCSE ICT 0417 Chp 10. Communication.pptx
RakhyPraveen
 
IGCSE ICT
megabyte
 
IGCSE ICT (0417) P3 Presentation Authoring
Shamir George
 
IGCSE ICT - Types and Components of Computer Systems - Operating Systems - Aj...
Ajiro Ndi
 
Computer hardware troubleshooting
Jerome Luison
 
To create a bootable USB flash drive.pdf
AmanGunner
 
0417 IGCSE ICT Chapter 1 Exercises
Anthi Aristotelous
 
IGCSE ICT Theory
Sarfaraz Mohammed
 
Top 10 PC Maintenance Tasks That You Need To Remember
sherireid89
 
Lab 1 Introduction to Computer
Halimaton Sa'adiah
 
1 Types and components of computer systems
Dave Smith
 
Computer Troubleshooting
Lisa Hartman
 
Hard disk drive components
Etty94
 
Ad

Similar to IGCSE ICT - Safety and Security - Ajiro Tech (20)

PDF
8._safety_and_security.pdf
sula rekah govindan
 
PPTX
Chapter 8 - Safety and Security.pptx
MegatRidwanbinMegatA
 
PPTX
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
anovalexter
 
PPTX
Safety-issues-on-the-use-of-ict-including-e-safety-rules_20210301_145019.pptx
Bangiawon Integrated School
 
PPTX
STRAND 1 Introduction to Pretechnical studies.pptx
kimdan468
 
PDF
Module 5: Safety
Karel Van Isacker
 
PPTX
Computer Safety and Ethics.pptx
Khristine Botin
 
PPTX
TheInternetDigitalSecurityfddreeere.pptx
HAYDEECAYDA
 
PDF
14 - Computer Security.pdf
LakshyaKhowala
 
PDF
A practical guide to IT security-Up to University project
Up2Universe
 
DOCX
SAFETY ISSUES NOTES.docx
JanetLipataPajuelas
 
PPT
Ppt lesson 17
almario1988
 
PPTX
4.5-Safety-Issues-in-ICT_TAWAY-FELARCA.pptx
JayfersonCas
 
PPTX
Safety issues with ICT
computers 11
 
PPTX
Safety issues with ict
computers 11
 
PDF
Employee Security Awareness Program
davidcurriecia
 
PPTX
8.Safety&Security.pptx
kazibwedavis
 
PDF
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
RIYAJAIN179446
 
PDF
IS L07 - Security, Ethics and Privacy
Jan Wong
 
PDF
Building a culture of security
Courion Corporation
 
8._safety_and_security.pdf
sula rekah govindan
 
Chapter 8 - Safety and Security.pptx
MegatRidwanbinMegatA
 
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
anovalexter
 
Safety-issues-on-the-use-of-ict-including-e-safety-rules_20210301_145019.pptx
Bangiawon Integrated School
 
STRAND 1 Introduction to Pretechnical studies.pptx
kimdan468
 
Module 5: Safety
Karel Van Isacker
 
Computer Safety and Ethics.pptx
Khristine Botin
 
TheInternetDigitalSecurityfddreeere.pptx
HAYDEECAYDA
 
14 - Computer Security.pdf
LakshyaKhowala
 
A practical guide to IT security-Up to University project
Up2Universe
 
SAFETY ISSUES NOTES.docx
JanetLipataPajuelas
 
Ppt lesson 17
almario1988
 
4.5-Safety-Issues-in-ICT_TAWAY-FELARCA.pptx
JayfersonCas
 
Safety issues with ICT
computers 11
 
Safety issues with ict
computers 11
 
Employee Security Awareness Program
davidcurriecia
 
8.Safety&Security.pptx
kazibwedavis
 
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
RIYAJAIN179446
 
IS L07 - Security, Ethics and Privacy
Jan Wong
 
Building a culture of security
Courion Corporation
 
Ad

More from Ajiro Ndi (6)

PDF
IGCSE ICT (0417/0983) - Databases - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT (0417/0983) - Website Authoring - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT (0417/0983) - Spreadsheets - Ajiro Tech
Ajiro Ndi
 
PDF
IGCSE ICT - Input and Output Devices - Output Devices and Their Uses - Ajiro ...
Ajiro Ndi
 
PDF
IGCSE ICT - Types and Components of Computer Systems - Impact of Emerging Tec...
Ajiro Ndi
 
PDF
IGCSE ICT - Types and Components of Computer Systems - Main components - Ajir...
Ajiro Ndi
 
IGCSE ICT (0417/0983) - Databases - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT (0417/0983) - Website Authoring - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT (0417/0983) - Spreadsheets - Ajiro Tech
Ajiro Ndi
 
IGCSE ICT - Input and Output Devices - Output Devices and Their Uses - Ajiro ...
Ajiro Ndi
 
IGCSE ICT - Types and Components of Computer Systems - Impact of Emerging Tec...
Ajiro Ndi
 
IGCSE ICT - Types and Components of Computer Systems - Main components - Ajir...
Ajiro Ndi
 

Recently uploaded (20)

PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Pre independence Education in Inndia.pdf
goofy5603
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Institutional Correction lecture only . . .
limvtheghins
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
Lesson notes of climatology university.
sgladness67
 
RMMM.pdf make it easy to upload and study
sajedul2
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 

IGCSE ICT - Safety and Security - Ajiro Tech

  • 1. SAFETY AND SECURITY – CHAPTER 8 IT IS IMPORTANT YOU TAKE NOTES DURING MY CLASSES INTO YOUR ICT NOTEBOOK YOUR TEXTBOOK IS ALSO VERY IMPORTANT. Page on the Textbook: 194
  • 2. Table of Content Chapter 8: Safety and Security ❖ 8.1 Physical Safety ❖ 8.2 E-Safety ❖ 8.3 Security of Data
  • 3. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 8.1 Physical Safety Prevention measures ❖ Do not allow drinks to be taken into the computer room ❖ Check all wires on a regular basis ❖ Ensure all equipment is checked by a qualified electrician on a regular basis ❖ Make use of an RCB (residual current breaker) to prevent electrocution Cause of safety risk ❖ Spilling liquids/drinks on electric equipment ❖ Exposed wires/damaged insulation ❖ Unsafe electrical equipment ❖ Unsafe electrics (for example, wall sockets) in the office Cause of safety risk ❖ Overloaded wall sockets ❖ Overheating of computer Equipment ❖ Exposed wires causing a short circuit Prevention measures ❖ Increase the number of wall sockets and do not use too many extension blocks ❖ Do not cover the cooling vents on computer equipment ❖ Clean out dust accumulation in computers to prevent overheating ❖ Make sure all equipment is fully tested on a regular basis ❖ Ensure there is good room ventilation Physical safety is a different issue to health risks (as discussed in Chapter 5.2). While health safety is how to stop people becoming ill, or being affected by daily contact with computers, physical safety is concerned with the dangers that could lead to serious injuries or even loss of life. Electrocution from spilling drinks Fire hazard 1
  • 4. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 8.1 Physical Safety Prevention measures ❖ Use cable ducts to make the wires safe ❖ Cover exposed wires and hide wires under desks away from general thoroughfare ❖ Use wireless connectivity wherever possible, therefore eliminating the need for trailing cables Cause of safety risk ❖ Trailing wires on the floor ❖ Damaged carpets and other flooring Cause of safety risk ❖ Heavy equipment unstable or falling from desks ❖ Desks collapsing under weight/desks not de Prevention measures ❖ Use desks strong enough to take the weight of the computer equipment ❖ Use large desks and tables so that hardware is not too close to the edge where it could fall off Physical safety is a different issue to health risks (as discussed in Chapter 5.2). While health safety is how to stop people becoming ill, or being affected by daily contact with computers, physical safety is concerned with the dangers that could lead to serious injuries or even loss of life. Tripping Hazard Personal injury 2
  • 5. Chapter 8: Safety and Security 8.2 E-Safety 1. Data Protection 2. Personal Data? 3. Sensitive Data 4. E-Safety Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 3
  • 6. Chapter 8: Safety and Security 8.2 e-Safety Data Protection Act (DPA) are set up to protect the rights of the individual about whom data is obtained, stored and processed – for example, collection, use, disclosure, destruction and holding of data. Any such act applies to both computerised and paper records. 1 Datamustbefairlyandlawfullyprocessed. 2 Datacanonlybeprocessedforthestated purpose. 3 Datamustbeadequate,relevantandnot excessive. 4 Datamustbeaccurate. 5 Datamustnotbekeptlongerthan necessary. 6 Datamustbeprocessedinaccordancewith thedatasubject’srights. 7 Datamustbekeptsecure. 8 Datamustnotbetransferredtoanother countryunlesstheyalso haveadequate protection. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Data Protection In many countries, failure to abide by these simple rules by anyone who holds data about individuals can lead to a heavy fine or even imprisonment. There are general guidelines about how to stop data being obtained unlawfully: ❖ do not leave personal information lying around on a desk when not attended ❖ lock filing cabinets at the end of the day or when the room is unoccupied ❖ do not leave data on a computer monitor if it is unattended; log off from the computer if away from your desk for any length of time ❖ use passwords and user IDs, which should be kept secure; passwords should be difficult to guess/break and should be changed frequently (see earlier notes on passwords) ❖ make sure that anything sent in an email or fax (including attachments) is not of a sensitive nature. 4
  • 7. Chapter 8: Safety and Security 8.2 e-Safety Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Personal Data Extra special care needs to be taken of sensitive personal data. Whether data is personal or sensitive, it is imperative that all precautions are taken to keep it confidential, and prevent any inappropriate disclosure. This includes keeping data safe from hackers, for example, but it also means keeping data safe from accidental disclosure. One way to protect data if it is accidentally disclosed is to encrypt it. ❖ Name ❖ addressoremailaddress(suchas ajirotech@gmail.com) ❖ anIDcardnumber/passportnumber ❖ anIP address ❖ cookie ID ❖ theadvertisingidentifierona mobile phone ❖ dateofbirth ❖ bankingdetails ❖ photographsoftheindividual(for example,infullschooluniform) Examples of personal data include: Personal data refers to any data concerning a living person who can be identified from the data itself or from the data in conjunction with other information Some personal data is often referred to as sensitive (personal) data. ❖ ethnicityorrace ❖ politicalviews ❖ membershipofapoliticalparty ❖ membershipofa tradeunion ❖ religion/philosophicalbeliefs ❖ sexualorientation/gender ❖ criminalrecord ❖ medicalhistory ❖ geneticdata/DNA ❖ biometricdata. Examples of sensitive data include: 5
  • 8. Chapter 8: Safety and Security 8.2 e-Safety e-safety is as much about user behaviour as it is about electronic security. In particular: ❖ when using the internet ❖ sending and receiving emails ❖ taking part in social media ❖ online gaming. E-safety refers to the benefits, risks and responsibilities when using ICT. It is often defined to be the safe and responsible use of technology. However, e-safety is as much about user behaviour as it is about electronic security. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ When using the internet make sure that the websites being used can be trusted (forexample, lookout forwebsitesincluding https). ❖ Only purchase itemsfromwebsitesthat offersecure,encrypted connections ❖ When using searchengines, alwaysmake surethe device settings are set tosafesearch’ ❖ Only use websitesrecommendedby teachers, parents orfrom trusted sources ❖ Becarefulwhat youdownload;is the material potentially harmful? Could it be malware? It isessential that anti-virusoranti-malware softwareis alwaysrunning inthe backgroundandis kept up todate. ❖ Alwaysremembertolog outofsites whenyouhave finishedusing them Using the internet 6
  • 9. Chapter 8: Safety and Security 8.2 e-Safety The following list highlights some of the dangers when sending and receiving emails. It is important to have an awareness of the risks when opening emails and how to deal with emails from unknown sources. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ Onlyopen emails or attachments from known sources. ❖ Make sure your internet serviceprovider(ISP) has an effective email filteringfeature to ensure emails from unknown sources areput into your spam folder. ❖ Onlyreplyto an email if you know the person who sent it ❖ Checkthat email addresses or website addresses pertaining to come from ❖ a genuine company alwayscontain the realcompany’s website address ❖ Think carefully before replying to an email and never include the name of your school/college, or any personal data that could identify you. ❖ Never send photos of yourself (particularly in school uniform, which could be used to identify your school) ❖ Protect your email account by using passwords which are difficult to guess, and change them on a regular basis Sending and receiving emails 7
  • 10. Chapter 8: Safety and Security 8.2 e-Safety When using social media sites, it is important to be careful and make sure you know how to block undesirable people. The following list shows some of the dangers and some of the ways to protect yourself: Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ Do not publiclypost or give out personal information to people you do not know, includingemail addresses or house addresses, because this could be used to find information about you or carryout identity theft. ❖ Do not send out photos of yourself to people you do not know;again this could lead to identity theft or somebody impersonating you (many of the photos on social media sites arefalse). ❖ Always make sure you use the privacysettings when posting photos of yourself on social media sites, so that onlypeople you trust can see them. ❖ It is important that none of the photos you post can linkyou to aplace or an address ❖ Particularcareshould be taken not to post photos of yourself in some form of school uniform ❖ Always maintain privacysettings to stop ‘non-friends’ from contacting you ❖ Onlymake friends with people you know or areverywell-known to other Social media 8
  • 11. Chapter 8: Safety and Security 8.2 e-Safety It is important to be careful when using online gaming because is also carries risks. Many users think all the games players are like-minded and, therefore, there are no real risks associated with this type of communication. That is a dangerous assumption. Some of the known risks, associated with online gaming, reported over the years, include: Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security ❖ Predators (people who preyon others who they see as vulnerable) ❖ Cyberbullying(the use of electronic communication to bully aperson, typicallyby sending messages of an intimidating or threatening nature) ❖ Use of webcams (the risks hereareobvious!) ❖ Voice-masking technology (to disguise a voiceso you cannot telltheir sex, ❖ age, or even their accent) ❖ It is often overlooked that online games arealso a sourceof cyber-attacks on a user’s computer or mobile phone – viruses, phishing or spyware are wellreported examples of problems associated with certain online gaming ❖ Violence in the game itself, which can lead to violent behaviour in reallife. Online Gaming Note: As when using other platforms, you should not reveal any personal information about you or anyone else to anyone while gaming. This includes not using your real name. 9
  • 12. Chapter 8: Safety and Security 8.3 Security of data 1. Data threats 2. Protection of data Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security
  • 13. 8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security There are several security risks to data held on a computer/smartphone or data being transferred around networks. This section covers many these risks: ❖ Hacking ❖ Phishing ❖ Vishing ❖ Smishing ❖ Pharming ❖ Viruses ❖ Malware ❖ card fraud. 10
  • 14. 8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security This isthe act ofgaining unauthorised/illegal accessto a computersystem Description of the security risk ❖ This canleadto identity theft orthe misuseofpersonalinformation ❖ Data canbe deleted, changed or corruptedona user’scomputer Possible effect of the security risk ❖ Use offirewalls ❖ Use ofstrong(frequently changed) passwordsand userIDs ❖ Use ofanti-hacking software ❖ Use ofuserIDs and passwords Methods to help remove the security risk Name of the security risk Hacking ❖ Use ofencryptionwon’tstop hacking – it makes the data unreadable tothe hacker but the data can stillbe deleted, Note 11
  • 15. 8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security The creatorsends out legitimate-lookingemails to target users.Assoonas the recipient clicksona link inthe emailorattachment, they are sent to a fakewebsite orthey are fooledintogiving personal data in replying tothe email. The email oftenappears to comefroma trusted source, such as abank orwell-known serviceprovider Description of the security risk ❖ The creatorofthe email cangain personaldata, suchasbank account data orcredit cardnumbers,from the user ❖ This canleadto fraudoridentity theft Possible effect of the security risk ❖ Many ISPsorweb browsersfilter out phishing emails ❖ Usersshouldalwaysbe cautious when opening emailsor attachments ❖ Don’t clickonexecutable attachments that end in .exe,.bat, .comor.php, forexample Methods to help remove the security risk Name of the security risk Phishing ❖ Phishing emailsoftenlook legitimate by copyinglarge companies,such asonline stores,to try toconvince usersthat the email istotally authentic Note 12
  • 16. 8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security This is short for ‘SMS phishing’. It uses the SMS system of mobile phones to send out fake text messages. It is very similar to phishing. These scams often contain a URL or telephone number embedded in the text message. The recipient will be asked to log on to the website or make a telephone call. If they do, they will be asked to supply personal details such as credit/debit card numbers or passwords. As with phishing attacks, the text message will appear to come from a legitimate source and will make a claim, for example, that they have won a prize or that they need to contact their bank urgently Name of the security risk Smishing 13
  • 17. 8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security (voicemail phishing) is another variation of phishing. This uses a voicemail message to trick the user into calling the telephone number contained in the message. As with all phishing attacks, the user will be asked to supply personal data thinking they are talking to somebody who works for a legitimate company. Name of the security risk Vishing 14
  • 18. 8.3.1 Data threats Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 15 This ismaliciouscodeinstalled ona user’s computerorona webserver;the codewill redirectthe user toa fake website withouttheir knowledge(the user doesn’t have to take any action,unlike phishing) Description of the security risk ❖ The creatorofthe maliciouscode cangainpersonaldata suchas credit/debit carddetails fromusers whenthey visit the fakewebsite; usually the websiteappears to be that ofa well-knownandtrusted company ❖ Pharming canleadto fraudor identity theft Possible effect of the security risk ❖ Someanti-spywaresoftwarecan identify and removepharming code froma user’scomputer ❖ The user should alwaysbe alert and lookout forclues that they are being redirected toanother website Methods to help remove the security risk Name of the security risk Pharming The user shouldalwayslookoutfor clues that they are being connected to a securewebsite; they should lookout for https:// in the URLoruse ofthe padlock symbol Note
  • 19. Chapter 8: Safety and Security 8.3.1 Data threats Malware is one of the biggest risks to the integrity and security of data on a computer system. Many software applications, such as anti-virus, are capable of identifying and removing most of the forms of malware. There are many forms of malware; this section details just a selection of those forms. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 16
  • 20. 8.3.1 Data threats What is a computer virus This is program code or software that can replicate/copy itself with the intention of deleting or corrupting files on a computer; they often cause the computer to malfunction (for example, by filling up the hard drive with data) Possible Effects of a computer virus ❖ Viruses can cause the computer to ‘crash’, stop functioning normally or become unresponsive (e.g., the user gets the ‘not responding’ message) ❖ The software can delete files or data on a computer ❖ The software can corrupt operating system files, making the computer run slowly or even ‘crash’ Methods to help remove computer virus ❖ Install anti-virus software and update it regularly ❖ Don’t use software from unknown sources ❖ Be careful when opening emails or attachments from unknown senders Backing up files won’t guard against the effect of viruses; the virus may have already attached itself to the files that are being copied to the backup system; when these files are then copied back to the computer, the virus is simply reinstalled Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 17
  • 21. 8.3.1 Data threats Worms Worms are a type of stand-alone virus that can self-replicate. Their intention is to spread to other computers and corrupt whole networks; unlike viruses, they do not need an active host program to be opened in order to do any damage – they remain inside applications, which allows them to move throughout networks. In fact, worms replicate without targeting and infecting specific files on a computer; they rely on security failures within networks to permit them to spread unhindered. Trojan horse A Trojan horse is a malicious program which is often disguised as some legitimate software, but contains malicious instructions embedded within it. A Trojan horse replaces all or part of the legitimate software with the intent of carrying out some harm to the user’s computer system. They need to be executed by the end-user and therefore usually arrive as an email attachment or are downloaded from an infected website. Key logging software Key logging software (or key loggers) is a form of spyware. It gathers information by monitoring a user’s keyboard activities carried out on their computer. The software stores keystrokes in a small file which is automatically emailed to the cybercriminal responsible for the software. It is primarily designed to monitor and capture web browsing and other activities and capture personal data (for example, bank account numbers, passwords and credit/debit card details). Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 18
  • 22. 8.3.1 Data threats Adware Adware is a type of malware. At its least dangerous, it will attempt to flood an end-user with unwanted advertising. For example, it could redirect a user’s browser to a fake website that contains promotional advertising. They can be in the form of pop-ups, or appear in the browser’s toolbar thus redirecting the search request. Although not necessarily harmful, adware can: ❖ highlight weaknesses in a user’s security defences ❖ be hard to remove – they defeat most anti-malware software because it can be difficult to determine whether or not they are harmful ❖ hijack a browser and create its own default search requests. Ransomware Essentially, ransomware are programs that encrypt data on a user’s computer and ‘hold the data hostage’. The cybercriminal just waits until the ransom money is paid and, sometimes, the decryption key is then sent to the user. It has caused considerable damage to some companies and individuals. Imagine a situation where you log on to your computer, only to find the screen is locked and you cannot boot up your computer until the demands of the cybercriminal have been met. Chapter 8: Safety and Security Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 19
  • 23. 8.3.1 Data threats Shoulder surfing Shoulder surfing is a form of data theft where criminals steal personal information from a victim when they are using a cash dispensing machine, when paying for goods/services using a handheld point-of-sale (POS) device or even when paying using a smartphone. Examples of shoulder surfing includes: ❖ somebody watching you key in data, such as your PIN ❖ somebody listening in when you are giving credit or debit card details over the phone ❖ some of the more sophisticated examples of shoulder surfing include the use of tiny digital cameras Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security What is credit card fraud? Card fraud is the illegal use of a credit or debit card. This can be due to: ❖ shoulder surfing when using the card on any device that requires keyboard entries (for example, an ATM or a handheld POS terminal) ❖ card cloning ❖ key logging software. Chapter 8: Safety and Security 20 Card cloning Card cloning is the copying of a credit or debit card which uses a magnetic stripe. Cloning of this type of card employs an electronic device known as a skimmer. This is a data capture device that allows a criminal to record all of the data stored on the magnetic stripe on a card. Skimmers can be placed in ATM slots where they can read all the data from a card; this data is then copied to the magnetic stripe of a fake card.
  • 24. 8.3.2 Protection of data Authentication is used to verify that data comes from a secure and trusted source. Along with encryption it strengthens internet security. We will be considering all the following methods to protect the security of data: Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 21 biometrics digital certificates secure sockets layer (SSL) encryption firewalls two-factor authentication user ID and password.
  • 25. Advantages Disadvantages Fingerprint Scans: Users will have press their finger against the scanner. Finger prints are compared against those stored in the database. ❖ very high accuracy ❖ one of the most developed biometric techniques ❖ very easy to use ❖ relatively small storage requirements for the biometric data created ❖ for some people it is very intrusive, because it is still related to criminal identification ❖ it can make mistakes if the skin is dirty or damaged (for example, cuts to the finger) Retina/Iris Recognition: Scans use infrared light to scan unique patterns of blood vessels in the retina. ❖ veryhighaccuracy ❖ thereisnoknownwaytoreplicate aperson’sretinapattern ❖ it is very intrusive ❖ it can be relatively slow to verify retina scan with stored scans ❖ very expensive to install and set up Voice Recognition: User will use speak which will compare the voice to one held on the database. ❖ non-intrusive method ❖ verification takes less than five seconds ❖ relatively inexpensive technology ❖ a person’s voice can be easily recorded and used for unauthorised access ❖ low accuracy ❖ an illness, such as a cold, can change a person’s voice, making absolute identification difficult or impossible Biometrics is a method of authentication. It relies on unique characteristics of human beings. Biometrics data is difficult to copy and requires the user to be present so that this method of authentication can be used. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 8.3.2 Protection of data 22
  • 26. Secure Socket Layer (SSL) A digital certificate is a pair of files stored on a user’s computer – these are used to ensure the security of data sent over the internet. Each pair of files is divided into: ❖ a public key (which can be accessed by anyone) ❖ a private key (known to the computer user only) For example, when sending an email, the message is made more secure by attaching a digital certificate. When the message is received, the recipient can verify that it comes from a known or trusted source by viewing the public key information (this is usually part of the email attachment). This is an added level of security to protect the recipient from harmful emails. The digital certificate is made up of six parts: ❖ the sender’s email address ❖ the name of the digital certificate owner ❖ a serial number ❖ expiry date (the date range during which the certificate is valid) ❖ public key (which is used for encrypting the messages and for digital signatures) ❖ digital signature of certificate authority (CAs) Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 8.3.2 Protection of data Chapter 8: Safety and Security 23
  • 27. Secure Socket Layer (SSL) Secure sockets layer (SSL) is a type of protocol that allows data to be sent and received securely over the internet. When a user logs onto a website, SSL encrypts the data – only the user’s computer and the web server are able to make sense of what is being transmitted. A user will know if SSL is being applied when they see https (as part of the website address) or the small padlock in the status bar at the top of the screen. Examples of where SSL would be used: ❖ online banking and all online financial transactions ❖ online shopping/commerce ❖ when sending software out to a restricted list of users ❖ sending and receiving emails ❖ using cloud storage facilities ❖ intranets and extranets (as well as the internet) ❖ Voice over Internet Protocol (VoIP) when carrying out video chatting and/or audio chatting over the internet ❖ within instant messaging ❖ when making use of a social networking site. Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security 8.3.2 Protection of data Chapter 8: Safety and Security 24
  • 28. 8.3.2 Protection of data Encryption is used primarily to protect data in case it has been hacked or accessed illegally. While encryption will not prevent hacking, it makes the data meaningless unless the recipient has the necessary decryption tools Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security The key used to encrypt (or encode) the message is known as the encryption key; the key used to decrypt (or decipher) the message is known as the decryption key. When a message undergoes encryption it is known as cypher script; the original message is known as plain text. 25
  • 29. 8.3.2 Protection of data Afirewallcanbesoftware orhardware. Itsitsbetweentheuser’scomputer andanexternalnetwork (forexample,theinternet). Afirewallwillhelptokeep potentiallydestructive forcesawayfromauser’s computer,byfiltering incoming andoutgoing networktraffic. Thecriteriaforallowingordenying accesstoa computer canbesetbytheuser. The following list shows a number of the tasks carried out by a firewall ❖ to examine the ‘traffic’ between user’s computer (or internal network) and a public network (for example, the internet) ❖ checks whether incoming or outgoing data meets a given set of criteria ❖ if the data fails the criteria, the firewall will block the ‘traffic’ and give the user a warning that there may be a security issue ❖ the firewall can be used to log all incoming and outgoing ‘traffic’ to allow later interrogation by the user ❖ criteria can be set so that the firewall prevents access to certain undesirable sites; the firewall can keep a list of all undesirable IP addresses ❖ it is possible for firewalls to help prevent viruses or hackers entering the user’s computer (or internal network) Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security Users Computer Firewall (Hardware or Software) Internet Firewall 26
  • 30. 8.3.2 Protection of data Authentication Two-factor authentication Authentication refers to the ability of a user to prove who they are. There are three common factors used in authentication: ❖ something you know (for example, a password or PIN code) ❖ something you have (for example, a mobile phone or tablet) ❖ something which is unique to you (for example, biometrics). form of verification which requires two methods of authentication to verify who a user is. It is used predominantly when a user makes an online purchase, using a credit/debit card as payment method. User Ids and passwords Passwords are used to restrict access to data or systems. They should be hard to break and changed frequently to retain any real level of security. In addition to protecting access levels to computer systems, passwords are frequently used when accessing the internet, for example: » when accessing email accounts » when carrying out online banking or shopping » when accessing social networking sites. It is important that passwords are protected; some ways of doing this are described below: ❖ Run anti-spyware software to make sure that your passwords are not being relayed back to anyone who put the spyware on your computer. ❖ Change passwords on a regular basis ❖ Passwords should not be easy to break ❖ It is possible to make a password strong but also be easy to remember; Strong passwords should contain: ❖ at least one capital letter ❖ at least one numerical value ❖ at least one other keyboard character (such as @, *, &. etc.) An example of a strong password would be: Sy12@#TT90kj=0 An example of a weak password would be: GREEN Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security 27
  • 31. Give your neighbour advice about: • Usernames and Passwords • Online Safety • Cyberbullying • Meeting online friends • Photographs and Webcams • Emails, USB sticks, Viruses, Downloads, etc Ajiro Tech – Best IGCSE ICT YouTube Channel Safety and Security Chapter 8: Safety and Security In the words of my friend Yasar Ahmad one of the best IGCSE ICT Teacher have seen