SlideShare a Scribd company logo

Secure Use of IT

Michael Lew, profile picture
Michael Lew

The document outlines important guidelines and content related to the secure use of IT, focusing on various topics such as security concepts, malware, network security, access controls, secure web usage, and secure data management. It includes essential practices like password management, email safety, and methods for secure data deletion and destruction. Additionally, the course requires a summative assessment, highlighting the importance of attendance and test performance for competency certification.

Internet
Related topics:
IT Security Data Security
1 of 39
1
2
Most read
3
Most read
4
Most read
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Secure Use of IT 1 European Computer Driving Licence 9/26/2017
2  Please check the spelling of your name (in accordance with NRIC or Passport)  Please set mobiles to silent  No food and drinks (except bottle drinks with CAP)  Training materials  Washroom and emergency exits location  AM Tea break: 10 – 10:15 am (15 minutes)  Lunch break: 12-1pm (1 hour)  PM Tea break: 3 – 3.15pm (15 minutes)  Please scan your thumb drives for viruses Points to Note 9/26/2017
3  WSQ is a national credentials system developed and managed by Singapore Workforce Development Agency (WDA)  Aim to train, develop, assess and recognise adult workers for competencies that companies need of their employees What is ES WSQ 9/26/2017
4  At end of lesson, you are required to take a summative assessment using the online tools of International Computer Driving Test (ICDL)  To be assessed as competent you must attain:  Minimum 75% attendance  Minimum 75% pass for ICDL Test Assessment 9/26/2017
5  Secure Use of IT  Security Concepts  Malware  Network Security  Access Controls  Secure Web Use  Communications  Secure Data Management Course Outline 9/26/2017
Security Concepts  1.1 Data Threats  Common Terms o What is Data? o What is Information? o Cybercrime o Hacking  Cloud Computing o What is Cloud Computing? o Vulnerabilities • Session Hijacking • Service Reliability • Reliance on the Internet o Threats • Data Control • Denial of Service • Potential Loss of Privacy • Malicious Insiders • Loss of Data 69/26/2017
Security Concepts  1.2 Value of Information  Basic Characteristics o Confidentiality o Integrity o Availability  Protecting Personal Information o Personal Privacy, Data theft  Protecting Commercial Information o Financial Statements, Customers Records o Trade Secrets, New Products & Patents  Data Privacy or Protection o Data Protection Legislation  Data Subjects and Data Controllers  ICT Policies 79/26/2017
Security Concepts  1.3 Personal Security  Social Engineering o Information Gathering (Illegally obtain sensitive data) o Fraud (Faking identity to obtain confidential information) o Computer System Access (Infiltrate 3rd Party Computer Systems)  Methods of Social Engineering o Phone Calls (Impersonating Person) o Phishing (Fraud Email to Fraud Website) o Shoulder Surfing (Looking Over Shoulder)  Identity Thefts and Its Implications  Methods of Identity Theft o Information Driving (Look in Trash Bins for Credit Card Statements) o Skimming (Device attached to ATM to capture Victim's Cards) o Pretexting (Inventing Scenario to engage Victim) 89/26/2017
Security Concepts  1.4 File Security  Enabling/Disabling Macro Security Settings  Setting File Passwords  Encrypt a Folder or Drive  Advantages of Encryption o Ensure Confidentiality of Data o Prevents Unauthorised Person From Opening and Reading Data o Ensure Data Integrity and Prevent Unauthorised Alteration of Data o Verify Author of Document 99/26/2017
Security Concepts  1.4 File Security  Limitation of Encryption o Cannot recover data if you forget your password o Easy to crack password for older version of Words Document and Zip archive o Attract attention for encrypted files o Cannot prevent deletion of data 109/26/2017
Security Concepts  1.5 Review Exercise 1. The process of intentionally accessing a computer without authorisation or exceeding authorised access is known as: c. Hacking 2. Which of the following is not a basic characteristic of information security? b. Locality 3. Which of the following is an advantage of encryption? b. Ensures data integrity 4. Which one of the following terms describe the process of someone monitoring you keying in your ATM pin with malicious intent? a. Shoulder surfing 119/26/2017
MALWARE  2.1 Types of Malware  Definition of Malware o Malware is malicious software designed to install and harm your computer  Types of Infectious Malware o Viruses o Worms (WannaCry Ransomware) o Trojan horses (pretends as harmless program that collect you login info and password o Rootkits o Backdoor  Types of Data Thefts o Adware o Spyware o Botnet o Keylogger o Dialler 129/26/2017
MALWARE  2.2 Protection  Understanding Anti-Virus Software o Identify and eliminate malware by scanning files in your computer  Limitations o Anti-virus software features o Zero-day exploits o Vulnerabilities  Using an Anti-Virus Software o Scanning o Scanning Specific Drives o Scheduling Scans  Quarantine Files  Updating Anti-Virus Software 139/26/2017
MALWARE  2.3 Review Exercise 1. __________ is created and distributed for malicious purposes: a. Malware 2. Which of the following is not a characteristic of spyware? d. Call numbers without consent 3. A network of infected computers used to distribute malware is known as: b. Botnet 4. Which one of the following options is not a common option when anti-virus software detects an infected file? c. Open 5. Match the malware type on the left with the description on the right? 149/26/2017
Network Security  3.1 Networks And Connections  Common Network Types o LAN (Local Area Network) o WAN (Wide Area Network) o WLAN (Wireless Local Area Network) o VPN (Virtual Private Network)  Security Implications of Connecting to a Network o Malware o Unauthorised Data Access, Privacy  Roles of the Network Administrator  Functions of Firewall  Limitation of Firewall o Viruses o Attacks o Monitoring 159/26/2017
Network Security  3.2 Wireless Security  Potential Risks of Using Unprotected Wireless Network o Eavesdroppers o Network Hijacking o Man in the Middle  Types of Wireless Security o Wired Equivalent Privacy (WEP) o Wi-Fi Protected Access (WPA) o Media Access Control (MAC) Address Filtering) o Service Set Identifier (SSID) Hiding  Using Personal Hotspots  Enabling/Disabling a Personal Hotspot (Smartphone) 169/26/2017
Network Security  3.3 Review Exercise 1. Which of the following is not a type of network? b. WAP 2. Which of the following is not a feature of a firewall? a. Encrypts information 3. List 2 security implications of connecting to a network. Malware Unauthorised data access Privacy 4. In wireless security, WPA is: d. Wi-Fi Protected Access 179/26/2017
Access Controls  4.1 Methods  Preventing Unauthorised Data Access  Passwords  PIN (Personal Identification Number)  Encryption  Multi-factor authentication  One-Time Password  Network Accounts  Biometric Security Techniques o Fingerprint Scanning o Hand Geometry o Facial Recognition o Voice 189/26/2017
Access Controls  4.2 Password Management  Good Password Policies: o Complex Password at least 8-12 Characters, include Upper & Lowercase, Numbers and Special Characters o Avoids Words Found in Dictionary o Change Passwords Regularly o Avoid Passwords that include your Name, Birthdate and Spouse Name o Never Use Password such as “admin”, “root” or “password” o Avoid Writing Your Password on Sticky Notes o Do Not Use Same Password for Different Services o Do Not Share Your Password with Anyone  Password Management Software: o Dashlane o LastPass o KeePass 199/26/2017
Access Controls  4.3 Review Exercise 1. Which of the following is not a type of authentication? d. Something I believe 2. When data has been encrypted, what does the recipient need to read the data? b. A key. 3. Which of the following is not a biometric security method? c. One time password 4. Go to the following web page to test how secure your password is: http://howsecureismypassword.net/ 209/26/2017
Secure Web Use  5.1 Browser Settings  Setting AutoComplete Options  Clearing Private Data from Browser: o Temporary Internet Files o Cookies o A History of the Websites You’ve Visited o Information that You have Entered into Websites or The Address Bar o Saved Web Passwords 219/26/2017
Secure Web Use  5.2 Secure Browsing  Measures to Review a Website’s Safety: o Content Quality and Currency o Valid URL o Company or Owner Information o Check for Security Certificate and Validate Domain Owner  Pharming o Attacker targets DNS Service and changes IP Address of a Website. o User Types the Website Address in Web Browser. o User’s Computer Queries DNS Server for IP Address of Website. o Because DNS Server has been ‘poisoned’ by the Attacker, it returns the IP Address of the Fake Website to User’s Computer. o User has now been tricked into Visiting the Fake Website.  Content-Control Software o Client-side filters, Browser-based filters, Content-limited (or filtered) ISPs o Search-engines filters 229/26/2017
Secure Web Use  5.3 Review Exercise 1. How do you identify a secure web site? https:// and Secured Lock Icon Check for Valid URL Check for Company or Owner Information Check Security Certificate and Validate Domain Owner 2. Open your browser and delete all temporary internet files. b. In Internet Explorer, Click “Tools” -> “Delete Browsing History” 3. Go to the Web of Trust website at http://www.mywot.com/ and check the reputation of the following websites: c. www.amazon.com d. Goldenpalace.com e. Whitehouse.com 239/26/2017
Communications  6.1 E-Mails  Encrypting and Decrypting E-Mail  Digital Signature  Receiving Fraudulent and Unsolicited E-mail  Phishing Attack: o Planning o Setup o Attack o Collection o Identify Theft and Fraud  E-mail and Malware 249/26/2017
Communications  6.1 E-Mails  Encrypting and Decrypting E-Mail 259/26/2017
Communications  6.1 E-Mails  Adding Digital Signature in Email 269/26/2017
Communications  6.1 E-Mails  Receiving Fraudulent E-mail (Phishing) 279/26/2017
Communications  6.1 E-Mails  What is Unsolicited Email (Spam) 289/26/2017
Communications  6.2 Social Networking  Potential Dangers: o Cyber Bullying o Cyber Grooming o Misleading or Dangerous Information o False Identities o Fraudulent Links or Messages  Sharing on Social Networks  Privacy Setting 299/26/2017
Communications  6.3 VoIP and Instant Messaging  Security Considerations: o Malware o Backdoor Access o Access to Files o Eavesdropping  Strategies to Ensure Confidentiality when using IM and VoIP: o Encryption o Non-disclosure of important details o Restrict files sharing 309/26/2017
Communications  6.4 Mobile  Risks of Using Mobile Apps from Unofficial Source: o Mobile Malware o Apps not fully tested and quality not approved. Slow down you Mobile Device and other apps. Result in Device Instability. o Apps may also gain permission to access your personal data such as Contacts, Images and Location.  Emergency/Precautionary Measures if You Mobile Devices is Lost/Stolen: o Remote Disable o Remote Wipe o Locate Device  Emergency Features (Android) 319/26/2017
Communications  6.5 Review Exercise 1. An e-mail is sent out to mass recipients asking them to verify their bank account details. This is an example of: b. Phishing 2. Which one of the following details is considered unsafe to share on a social networking site? d. Home address 3. The process of re-directing users to a different website without their knowledge is knowing as: c. Pharming 4. A secure website can be identified by the web address if it begins with: b. https 329/26/2017
Communications  6.5 Review Exercise 5. Consider the following questions: a. What was your favourite holiday destination? b. What is the name of your primary school? c. What is my favourite pet’s name? What would the potential security threats be by answering the questions above? 339/26/2017
Secure Data Management  7.1 Secure and Back Up Data  Measures to Enhance Physical Security of Devices: o Do Not Leave Unsecured Computers or Devices Unattended o Record Details and Location of Items and Equipment o Use Cable Locks to Secure Computers and Devices o Works Areas Can Be Secured Using Access Control Measures such as Swipe Cards or Biometric Scanning  Backup Procedure: o Schedule o Compression o Location o Regularity  Backing Up Data  Cloud Back Up 349/26/2017
Secure Data Management  7.2 Secure Deletion and Destruction  Common Methods of Permanently Destroying Data: o Shredding o Degaussing o Drive/Media Destruction  Specific Destruction Techniques: o Physically Breaking Media Apart, by Grinding, Shredding, etc o Incineration o Phase Transition (Liquefaction or Vaporisation of a Solid Disk) o Application of Corrosive Chemicals, such as Acids, to Recording Surfaces.  Using Data Destruction Utilities  FREE Programs That Perform Secure Over-Writes: o DBAN http://www.dban.org o Eraser http://eraser.heidi.ie 359/26/2017
Secure Data Management  7.2 Secure Deletion and Destruction  Shredding Hard Drives 369/26/2017
Secure Data Management  7.2 Secure Deletion and Destruction  Shredding Optical Disks 379/26/2017
Secure Data Management  7.2 Secure Deletion and Destruction  Degaussing Hard Drives 389/26/2017
Secure Data Management  7.3 Review Exercise 1. Which of the following is not a feature of a backup procedure? c. Volume 2. Which one of the following is not used as a backup method? b. Random access memory 3. Residual traces of deleted data that still remains is known as: b. Data remanence 399/26/2017

More Related Content

PDF
English for Career Development Naiyan Noor.pdf
Naiyan Noor
 
PDF
Le deuil à l'ère numérique (mémoire de recherche)
Thomas Pariente
 
PPTX
SERVICES PROVIDED BY THE INTERNET
Sahil Nagpal
 
DOCX
Dll_empowerment_technologies.docx
rodelmegollas4
 
PDF
Mail server_Synopsis
Manmeet Sinha
 
DOCX
2_ATG_.docx
jarelle2
 
PDF
It security,malware,phishing,information theft
Deepak John
 
PPTX
Ransomeware and malware power point presentation
Parrie Vittiadarane
 
English for Career Development Naiyan Noor.pdf
Naiyan Noor
 
Le deuil à l'ère numérique (mémoire de recherche)
Thomas Pariente
 
SERVICES PROVIDED BY THE INTERNET
Sahil Nagpal
 
Dll_empowerment_technologies.docx
rodelmegollas4
 
Mail server_Synopsis
Manmeet Sinha
 
2_ATG_.docx
jarelle2
 
It security,malware,phishing,information theft
Deepak John
 
Ransomeware and malware power point presentation
Parrie Vittiadarane
 

Similar to Secure Use of IT (20)

PPTX
Internet Security
JainamParikh3
 
PPT
Chapter 3 Ensuring Internet Security
Patty Ramsey
 
PPTX
Can your company survive a modern day cyber attack?
Symptai Consulting Limited
 
PPTX
EverSec + Cyphort: Big Trends in Cybersecurity
Cyphort
 
PDF
Cyber Privacy & Password Protection
Nikhil D
 
PDF
The top 5 basics fundamentals of network security cyberhunter solutions
Cyberhunter Cyber Security
 
PPT
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
PPT
Ch04 Footprinting and Social Engineering
phanleson
 
PDF
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
PPTX
shubhangi.pptx
SheetalKamble39
 
PPTX
Viruses, Biometrics, Encryption
monroel
 
PPTX
Computer-Security.pptx
JoselitoJMebolos
 
PPTX
Types of Cyber Crimes and Security Threats
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
PPTX
Lecture about network and host security to NII students
Akiumi Hasegawa
 
PPTX
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
PPT
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
PPT
oiqwjrfoijqwwieoefmklqwmefioqjweeifmqwklefmqwef
ramrajcottons02
 
PDF
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
 
PPTX
Cybercrime and Security
Noushad Hasan
 
PDF
Impacts of spoofing- why it’s a serious cybersecurity concern
deorwine infotech
 
Internet Security
JainamParikh3
 
Chapter 3 Ensuring Internet Security
Patty Ramsey
 
Can your company survive a modern day cyber attack?
Symptai Consulting Limited
 
EverSec + Cyphort: Big Trends in Cybersecurity
Cyphort
 
Cyber Privacy & Password Protection
Nikhil D
 
The top 5 basics fundamentals of network security cyberhunter solutions
Cyberhunter Cyber Security
 
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
Ch04 Footprinting and Social Engineering
phanleson
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
shubhangi.pptx
SheetalKamble39
 
Viruses, Biometrics, Encryption
monroel
 
Computer-Security.pptx
JoselitoJMebolos
 
Types of Cyber Crimes and Security Threats
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Lecture about network and host security to NII students
Akiumi Hasegawa
 
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
oiqwjrfoijqwwieoefmklqwmefioqjweeifmqwklefmqwef
ramrajcottons02
 
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
 
Cybercrime and Security
Noushad Hasan
 
Impacts of spoofing- why it’s a serious cybersecurity concern
deorwine infotech
 
Ad

More from Michael Lew (20)

PDF
Data Mining & Predictive Analytics - Lesson 14 - Concepts Recapitulation and ...
Michael Lew
 
PDF
Big Data & Text Analytics - Lesson Schedule
Michael Lew
 
PDF
ICDL Computer Fundamentals (MS Windows 10 & Office 2016)
Michael Lew
 
PDF
ICDL Image Editing (GIMP)
Michael Lew
 
PDF
Web browsing and communication using Outlook
Michael Lew
 
PDF
Online collaboration
Michael Lew
 
PDF
Scenario (Evaluation)
Michael Lew
 
PDF
Manage online information
Michael Lew
 
PDF
CE Diagnostic answers
Michael Lew
 
PDF
OE Diagnostic Test Questions
Michael Lew
 
PDF
ICDL Module 2 - Using Computers & Managing Files (Windows XP) - Presentation ...
Michael Lew
 
PDF
ICDL Advanced Excel 2010 - Tutorial
Michael Lew
 
PDF
ICDL Module 1 - Concepts of ICT (Information and Communication Technology) - ...
Michael Lew
 
PDF
ICDL Module 1 - Concepts of ICT (Information and Communication Technology) - ...
Michael Lew
 
PPTX
ICT Blog1
Michael Lew
 
PDF
Ecdl v5 module 7 print
Michael Lew
 
PDF
Ecdl v5 module 6 print
Michael Lew
 
PDF
Ecdl v5 module 5 print
Michael Lew
 
PDF
Ecdl v5 module 4 print
Michael Lew
 
PDF
Ecdl v5 module 3 print
Michael Lew
 
Data Mining & Predictive Analytics - Lesson 14 - Concepts Recapitulation and ...
Michael Lew
 
Big Data & Text Analytics - Lesson Schedule
Michael Lew
 
ICDL Computer Fundamentals (MS Windows 10 & Office 2016)
Michael Lew
 
ICDL Image Editing (GIMP)
Michael Lew
 
Web browsing and communication using Outlook
Michael Lew
 
Online collaboration
Michael Lew
 
Scenario (Evaluation)
Michael Lew
 
Manage online information
Michael Lew
 
CE Diagnostic answers
Michael Lew
 
OE Diagnostic Test Questions
Michael Lew
 
ICDL Module 2 - Using Computers & Managing Files (Windows XP) - Presentation ...
Michael Lew
 
ICDL Advanced Excel 2010 - Tutorial
Michael Lew
 
ICDL Module 1 - Concepts of ICT (Information and Communication Technology) - ...
Michael Lew
 
ICDL Module 1 - Concepts of ICT (Information and Communication Technology) - ...
Michael Lew
 
ICT Blog1
Michael Lew
 
Ecdl v5 module 7 print
Michael Lew
 
Ecdl v5 module 6 print
Michael Lew
 
Ecdl v5 module 5 print
Michael Lew
 
Ecdl v5 module 4 print
Michael Lew
 
Ecdl v5 module 3 print
Michael Lew
 
Ad

Recently uploaded (20)

PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Funds Management Learning Material for Beg
NKKumar16
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 

Secure Use of IT

  • 1. Secure Use of IT 1 European Computer Driving Licence 9/26/2017
  • 2. 2  Please check the spelling of your name (in accordance with NRIC or Passport)  Please set mobiles to silent  No food and drinks (except bottle drinks with CAP)  Training materials  Washroom and emergency exits location  AM Tea break: 10 – 10:15 am (15 minutes)  Lunch break: 12-1pm (1 hour)  PM Tea break: 3 – 3.15pm (15 minutes)  Please scan your thumb drives for viruses Points to Note 9/26/2017
  • 3. 3  WSQ is a national credentials system developed and managed by Singapore Workforce Development Agency (WDA)  Aim to train, develop, assess and recognise adult workers for competencies that companies need of their employees What is ES WSQ 9/26/2017
  • 4. 4  At end of lesson, you are required to take a summative assessment using the online tools of International Computer Driving Test (ICDL)  To be assessed as competent you must attain:  Minimum 75% attendance  Minimum 75% pass for ICDL Test Assessment 9/26/2017
  • 5. 5  Secure Use of IT  Security Concepts  Malware  Network Security  Access Controls  Secure Web Use  Communications  Secure Data Management Course Outline 9/26/2017
  • 6. Security Concepts  1.1 Data Threats  Common Terms o What is Data? o What is Information? o Cybercrime o Hacking  Cloud Computing o What is Cloud Computing? o Vulnerabilities • Session Hijacking • Service Reliability • Reliance on the Internet o Threats • Data Control • Denial of Service • Potential Loss of Privacy • Malicious Insiders • Loss of Data 69/26/2017
  • 7. Security Concepts  1.2 Value of Information  Basic Characteristics o Confidentiality o Integrity o Availability  Protecting Personal Information o Personal Privacy, Data theft  Protecting Commercial Information o Financial Statements, Customers Records o Trade Secrets, New Products & Patents  Data Privacy or Protection o Data Protection Legislation  Data Subjects and Data Controllers  ICT Policies 79/26/2017
  • 8. Security Concepts  1.3 Personal Security  Social Engineering o Information Gathering (Illegally obtain sensitive data) o Fraud (Faking identity to obtain confidential information) o Computer System Access (Infiltrate 3rd Party Computer Systems)  Methods of Social Engineering o Phone Calls (Impersonating Person) o Phishing (Fraud Email to Fraud Website) o Shoulder Surfing (Looking Over Shoulder)  Identity Thefts and Its Implications  Methods of Identity Theft o Information Driving (Look in Trash Bins for Credit Card Statements) o Skimming (Device attached to ATM to capture Victim's Cards) o Pretexting (Inventing Scenario to engage Victim) 89/26/2017
  • 9. Security Concepts  1.4 File Security  Enabling/Disabling Macro Security Settings  Setting File Passwords  Encrypt a Folder or Drive  Advantages of Encryption o Ensure Confidentiality of Data o Prevents Unauthorised Person From Opening and Reading Data o Ensure Data Integrity and Prevent Unauthorised Alteration of Data o Verify Author of Document 99/26/2017
  • 10. Security Concepts  1.4 File Security  Limitation of Encryption o Cannot recover data if you forget your password o Easy to crack password for older version of Words Document and Zip archive o Attract attention for encrypted files o Cannot prevent deletion of data 109/26/2017
  • 11. Security Concepts  1.5 Review Exercise 1. The process of intentionally accessing a computer without authorisation or exceeding authorised access is known as: c. Hacking 2. Which of the following is not a basic characteristic of information security? b. Locality 3. Which of the following is an advantage of encryption? b. Ensures data integrity 4. Which one of the following terms describe the process of someone monitoring you keying in your ATM pin with malicious intent? a. Shoulder surfing 119/26/2017
  • 12. MALWARE  2.1 Types of Malware  Definition of Malware o Malware is malicious software designed to install and harm your computer  Types of Infectious Malware o Viruses o Worms (WannaCry Ransomware) o Trojan horses (pretends as harmless program that collect you login info and password o Rootkits o Backdoor  Types of Data Thefts o Adware o Spyware o Botnet o Keylogger o Dialler 129/26/2017
  • 13. MALWARE  2.2 Protection  Understanding Anti-Virus Software o Identify and eliminate malware by scanning files in your computer  Limitations o Anti-virus software features o Zero-day exploits o Vulnerabilities  Using an Anti-Virus Software o Scanning o Scanning Specific Drives o Scheduling Scans  Quarantine Files  Updating Anti-Virus Software 139/26/2017
  • 14. MALWARE  2.3 Review Exercise 1. __________ is created and distributed for malicious purposes: a. Malware 2. Which of the following is not a characteristic of spyware? d. Call numbers without consent 3. A network of infected computers used to distribute malware is known as: b. Botnet 4. Which one of the following options is not a common option when anti-virus software detects an infected file? c. Open 5. Match the malware type on the left with the description on the right? 149/26/2017
  • 15. Network Security  3.1 Networks And Connections  Common Network Types o LAN (Local Area Network) o WAN (Wide Area Network) o WLAN (Wireless Local Area Network) o VPN (Virtual Private Network)  Security Implications of Connecting to a Network o Malware o Unauthorised Data Access, Privacy  Roles of the Network Administrator  Functions of Firewall  Limitation of Firewall o Viruses o Attacks o Monitoring 159/26/2017
  • 16. Network Security  3.2 Wireless Security  Potential Risks of Using Unprotected Wireless Network o Eavesdroppers o Network Hijacking o Man in the Middle  Types of Wireless Security o Wired Equivalent Privacy (WEP) o Wi-Fi Protected Access (WPA) o Media Access Control (MAC) Address Filtering) o Service Set Identifier (SSID) Hiding  Using Personal Hotspots  Enabling/Disabling a Personal Hotspot (Smartphone) 169/26/2017
  • 17. Network Security  3.3 Review Exercise 1. Which of the following is not a type of network? b. WAP 2. Which of the following is not a feature of a firewall? a. Encrypts information 3. List 2 security implications of connecting to a network. Malware Unauthorised data access Privacy 4. In wireless security, WPA is: d. Wi-Fi Protected Access 179/26/2017
  • 18. Access Controls  4.1 Methods  Preventing Unauthorised Data Access  Passwords  PIN (Personal Identification Number)  Encryption  Multi-factor authentication  One-Time Password  Network Accounts  Biometric Security Techniques o Fingerprint Scanning o Hand Geometry o Facial Recognition o Voice 189/26/2017
  • 19. Access Controls  4.2 Password Management  Good Password Policies: o Complex Password at least 8-12 Characters, include Upper & Lowercase, Numbers and Special Characters o Avoids Words Found in Dictionary o Change Passwords Regularly o Avoid Passwords that include your Name, Birthdate and Spouse Name o Never Use Password such as “admin”, “root” or “password” o Avoid Writing Your Password on Sticky Notes o Do Not Use Same Password for Different Services o Do Not Share Your Password with Anyone  Password Management Software: o Dashlane o LastPass o KeePass 199/26/2017
  • 20. Access Controls  4.3 Review Exercise 1. Which of the following is not a type of authentication? d. Something I believe 2. When data has been encrypted, what does the recipient need to read the data? b. A key. 3. Which of the following is not a biometric security method? c. One time password 4. Go to the following web page to test how secure your password is: http://howsecureismypassword.net/ 209/26/2017
  • 21. Secure Web Use  5.1 Browser Settings  Setting AutoComplete Options  Clearing Private Data from Browser: o Temporary Internet Files o Cookies o A History of the Websites You’ve Visited o Information that You have Entered into Websites or The Address Bar o Saved Web Passwords 219/26/2017
  • 22. Secure Web Use  5.2 Secure Browsing  Measures to Review a Website’s Safety: o Content Quality and Currency o Valid URL o Company or Owner Information o Check for Security Certificate and Validate Domain Owner  Pharming o Attacker targets DNS Service and changes IP Address of a Website. o User Types the Website Address in Web Browser. o User’s Computer Queries DNS Server for IP Address of Website. o Because DNS Server has been ‘poisoned’ by the Attacker, it returns the IP Address of the Fake Website to User’s Computer. o User has now been tricked into Visiting the Fake Website.  Content-Control Software o Client-side filters, Browser-based filters, Content-limited (or filtered) ISPs o Search-engines filters 229/26/2017
  • 23. Secure Web Use  5.3 Review Exercise 1. How do you identify a secure web site? https:// and Secured Lock Icon Check for Valid URL Check for Company or Owner Information Check Security Certificate and Validate Domain Owner 2. Open your browser and delete all temporary internet files. b. In Internet Explorer, Click “Tools” -> “Delete Browsing History” 3. Go to the Web of Trust website at http://www.mywot.com/ and check the reputation of the following websites: c. www.amazon.com d. Goldenpalace.com e. Whitehouse.com 239/26/2017
  • 24. Communications  6.1 E-Mails  Encrypting and Decrypting E-Mail  Digital Signature  Receiving Fraudulent and Unsolicited E-mail  Phishing Attack: o Planning o Setup o Attack o Collection o Identify Theft and Fraud  E-mail and Malware 249/26/2017
  • 25. Communications  6.1 E-Mails  Encrypting and Decrypting E-Mail 259/26/2017
  • 26. Communications  6.1 E-Mails  Adding Digital Signature in Email 269/26/2017
  • 27. Communications  6.1 E-Mails  Receiving Fraudulent E-mail (Phishing) 279/26/2017
  • 28. Communications  6.1 E-Mails  What is Unsolicited Email (Spam) 289/26/2017
  • 29. Communications  6.2 Social Networking  Potential Dangers: o Cyber Bullying o Cyber Grooming o Misleading or Dangerous Information o False Identities o Fraudulent Links or Messages  Sharing on Social Networks  Privacy Setting 299/26/2017
  • 30. Communications  6.3 VoIP and Instant Messaging  Security Considerations: o Malware o Backdoor Access o Access to Files o Eavesdropping  Strategies to Ensure Confidentiality when using IM and VoIP: o Encryption o Non-disclosure of important details o Restrict files sharing 309/26/2017
  • 31. Communications  6.4 Mobile  Risks of Using Mobile Apps from Unofficial Source: o Mobile Malware o Apps not fully tested and quality not approved. Slow down you Mobile Device and other apps. Result in Device Instability. o Apps may also gain permission to access your personal data such as Contacts, Images and Location.  Emergency/Precautionary Measures if You Mobile Devices is Lost/Stolen: o Remote Disable o Remote Wipe o Locate Device  Emergency Features (Android) 319/26/2017
  • 32. Communications  6.5 Review Exercise 1. An e-mail is sent out to mass recipients asking them to verify their bank account details. This is an example of: b. Phishing 2. Which one of the following details is considered unsafe to share on a social networking site? d. Home address 3. The process of re-directing users to a different website without their knowledge is knowing as: c. Pharming 4. A secure website can be identified by the web address if it begins with: b. https 329/26/2017
  • 33. Communications  6.5 Review Exercise 5. Consider the following questions: a. What was your favourite holiday destination? b. What is the name of your primary school? c. What is my favourite pet’s name? What would the potential security threats be by answering the questions above? 339/26/2017
  • 34. Secure Data Management  7.1 Secure and Back Up Data  Measures to Enhance Physical Security of Devices: o Do Not Leave Unsecured Computers or Devices Unattended o Record Details and Location of Items and Equipment o Use Cable Locks to Secure Computers and Devices o Works Areas Can Be Secured Using Access Control Measures such as Swipe Cards or Biometric Scanning  Backup Procedure: o Schedule o Compression o Location o Regularity  Backing Up Data  Cloud Back Up 349/26/2017
  • 35. Secure Data Management  7.2 Secure Deletion and Destruction  Common Methods of Permanently Destroying Data: o Shredding o Degaussing o Drive/Media Destruction  Specific Destruction Techniques: o Physically Breaking Media Apart, by Grinding, Shredding, etc o Incineration o Phase Transition (Liquefaction or Vaporisation of a Solid Disk) o Application of Corrosive Chemicals, such as Acids, to Recording Surfaces.  Using Data Destruction Utilities  FREE Programs That Perform Secure Over-Writes: o DBAN http://www.dban.org o Eraser http://eraser.heidi.ie 359/26/2017
  • 36. Secure Data Management  7.2 Secure Deletion and Destruction  Shredding Hard Drives 369/26/2017
  • 37. Secure Data Management  7.2 Secure Deletion and Destruction  Shredding Optical Disks 379/26/2017
  • 38. Secure Data Management  7.2 Secure Deletion and Destruction  Degaussing Hard Drives 389/26/2017
  • 39. Secure Data Management  7.3 Review Exercise 1. Which of the following is not a feature of a backup procedure? c. Volume 2. Which one of the following is not used as a backup method? b. Random access memory 3. Residual traces of deleted data that still remains is known as: b. Data remanence 399/26/2017