Chapter 15:
Download
1 / 44

Chapter 15: Computer Security and Privacy - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

Chapter 15: Computer Security and Privacy. Learning Objectives. Explain why all computer users should be concerned about computer security. List some risks associated with hardware loss, damage, and system failure, and understand ways to safeguard a PC against these risks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Chapter 15: Computer Security and Privacy' - miriam-nolan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Chapter 15:

Computer Security and Privacy


Learning objectives
Learning Objectives

Explain why all computer users should be concerned about computer security.

List some risks associated with hardware loss, damage, and system failure, and understand ways to safeguard a PC against these risks.

Define software piracy and digital counterfeiting and explain how they may be prevented.

Explain what information privacy is and why computer users should be concerned about it.


Learning objectives1
Learning Objectives

Describe some privacy concerns regarding databases, electronic profiling, spam, and telemarketing, and identify ways individuals can protect their privacy.

Discuss several types of electronic surveillance and monitoring and list ways individuals can protect their privacy.

Discuss the status of security and privacy legislation.


Overview
Overview

This chapter covers:

Why computer security is important

Security concerns related to hardware loss and damage and precautions that can be taken

A discussion of software piracy and digital counterfeiting and steps to reduce the occurrence of them

Why information privacy is important

Possible risks for personal privacy violations and precautions to safeguard one’s privacy

Discussion of legislation related to computer security and privacy


Why be concerned about computer security
Why Be Concerned About Computer Security?

There are a number of security concerns related to computers that users should be aware of, including:

Having a PC stolen

Losing important data

Losing contact lists

Pirated or counterfeited products


Hardware loss damage and system failure
Hardware Loss, Damage, and System Failure

Hardware loss: Can occur when a portable PC, USB flash drive, mobile device, or other piece of hardware is stolen or lost by the owner

Hardware theft: One of the most obvious types of hardware loss

Occurs when hardware is stolen from an individual or an organization

Hardware can be stolen from homes, businesses, cars, airports, hotels, etc.

Often for the value of the hardware, but increasingly for the information that might be contained on the hardware

C level attacks are growing


Hardware loss damage and system failure1
Hardware Loss, Damage, and System Failure

Hardware damage: Can be accidental or intentional

System failure: The complete malfunction of a computer system

Can be due to a hardware problem, software problem, or computer virus

Can be due to a natural disaster or planned attack


Protecting against hardware loss damage and system failure
Protecting Against Hardware Loss, Damage, and System Failure

Use door and computer equipment locks

Cable locks

Security slots


Protecting against hardware loss damage and system failure1
Protecting Against Hardware Loss, Damage, and System Failure

Use encryption to protect data

Increasingly used with USB flash drives, notebook PCs, hard drives, etc.

Full disk encryption (FDE): Everything on storage medium is encrypted

Self-encrypting hard drive: A hard drive using FDE


Protecting against hardware loss damage and system failure2
Protecting Against Hardware Loss, Damage, and System Failure

Computer tracking software: Used to find a PC after it is lost or stolen

Sends out identifying data via the Internet

Law enforcement can use this data to recover the PC

Most often used with PCs but also available for other devices

Kill switch: Software used to destroy sensitive data on a stolen or lost PC

Other precautions:

Alarm software, tamper evident labels, etc.

Common sense



Protecting against hardware loss damage and system failure4
Protecting Against Hardware Loss, Damage, and System Failure

Proper hardware care: Needed to prevent damage

Ruggedized PCs: Designed for more abuse than conventional hardware


Protecting against hardware loss damage and system failure5
Protecting Against Hardware Loss, Damage, and System Failure

Surge suppressor: Protects hardware from damage due to electrical fluctuations

Uninterruptible power supply (UPS): Provides continuous power to a computer system for a period of time after the power goes off


Protecting against hardware loss damage and system failure6
Protecting Against Hardware Loss, Damage, and System Failure

Also:

Watch dust, moisture, static, heat, etc.

Avoid head crash

Stop USB devices before removing

Use screen protectors, jewel cases, etc.


Protecting against hardware loss damage and system failure7
Protecting Against Hardware Loss, Damage, and System Failure

Backup and disaster recovery plans:

Both businesses and individuals should use appropriate backup procedures

Continuous data protection (CDP): Enables data backups to be made on a continual basis

Backup media needs to be secured

Data storage companies store backup media at secure remote locations

Online backup is another possibility

Disaster-recovery plan: Spells out what an organization will do to prepare for and recover from a disruptive event

Hot sites


Software piracy and digital counterfeiting
Software Piracy and Digital Counterfeiting

Software piracy: Unauthorized copying of a computer program

Widespread, global problem

Occurs when:

Individuals make illegal copies of software to give to friends

Businesses or individuals install software on more than the number of computers allowed according to the end-user license agreement (EULA)

Sellers install unlicensed copies on PCs sold to consumers

Large-scale operations in which programs and packaging are illegally duplicated and sold as supposedly legitimate products



Software piracy and digital counterfeiting2
Software Piracy and Digital Counterfeiting

Digital counterfeiting: The use of computers to make illegal copies of currency, checks, collectibles, and other items

Often scanned and printed or color-copied


Protection against software piracy and digital counterfeiting
Protection Against Software Piracy and Digital Counterfeiting

Protection against software piracy:

Educating businesses and consumers

Strengthening antipiracy laws

Holograms: Printed text or images attached to a product that change their appearance when the product is tilted

Mandatory product registration/activation

Watching online auction sites/lawsuits


Protection against software piracy and digital counterfeiting1
Protection Against Software Piracy and Digital Counterfeiting

Protecting against digitalcounterfeiting

New currency designs

Microprinting, watermarks, security thread, etc.

Special paper is used with U.S. currency

Identifying technology included in digital imaging hardware

Digital watermarks: Subtle alteration to a digital item that is not noticeable but that can be retrieved to identify the owner of the item

Also can use:

Holograms, RFID tags, and other hard-to-reproduce content



Why be concerned about information privacy
Why Be Concerned About CounterfeitingInformation Privacy?

Privacy: State of being concealed or free from unauthorized intrusion

Information privacy: Rights of individuals and companies to control how information about them is collected and used

Computers add additional privacy challenges

Many data breaches recently due to lost or stolen hardware, carelessness with documents containing sensitive data, database breaches, etc.

Businesses need to be concerned with the expense, damage to reputation, and possible lawsuits

Web activity and e-mail privacy was discussed in Chapter 8; other privacy concerns are discussed next


Databases electronic profiling spam and other marketing activities
Databases, Electronic Profiling, Spam, and Other Marketing Activities

Marketing database: Collection of data about people, used for marketing purposes

Data obtained through online and offline purchases, public information, etc.

Beginning to be used in conjunction with Web activities

Government database: Collection of data about people, collected and maintained by the government

Tax information, Social Security earnings, personal health records, marriage and divorce information

Some information is confidential, other is public



Databases electronic profiling spam and other marketing activities2
Databases, Electronic Profiling, Spam, and Other Marketing Activities

Electronic profiling

Using electronic means to collect a variety of in-depth information about an individual


Databases electronic profiling spam and other marketing activities3
Databases, Electronic Profiling, Spam, and Other Marketing Activities

Privacy policy: Discloses how information you provide will be used

Included on many Web sites


Spam and other marketing activities
Spam and Other Marketing Activities Activities

Spam: Unsolicited, bulk e-mail sent over the Internet

Often involves health-related products, fraudulent business opportunities, pornography, etc.

Ads from companies a person has done business with are also considered to be spam by many

Appearing via instant messaging (spim)

Also delivered via mobile phones and fax machines

Spam legislation enacted some regulations regarding spam

Other annoyances

Pop-up ads

Pop-under ads

Telemarketing


Protecting the privacy of personal information
Protecting the Privacy of ActivitiesPersonal Information

Safeguard your e-mail address

Use a throw-away e-mail address (an extra e-mail address that you can use for activities that might result in spam)

Get a second e-mail address from your ISP or from Hotmail, Yahoo! Mail, or Gmail

Can stop using it and get a new one when needed


Protecting the privacy of personal information1
Protecting the Privacy of ActivitiesPersonal Information

Be cautious of revealing personal information

Read a Web site’s privacy policy

Can use privacy software, such as the free Privacy Bird program

Do not supply personal information to people in chat rooms


Protecting the privacy of personal information2
Protecting the Privacy of ActivitiesPersonal Information

Avoid putting too many personal details on your Web site

Be wary of sites offering prizes in exchange for personal information

Can use an anonymous Web browsing service, such as Anonymizer

Supply only the required information in registration forms

Delete your browsing history and e-mail settings when using a public computer


Protecting the privacy of personal information3
Protecting the Privacy of ActivitiesPersonal Information


Protecting the privacy of personal information4
Protecting the Privacy of ActivitiesPersonal Information

Use an e-mail filter to automatically route possible spam into a special folder to deal with later


Protecting the privacy of personal information5
Protecting the Privacy of ActivitiesPersonal Information

Can opt out from marketing activities

Some privacy groups want individuals to have to opt in to activities instead

Do Not Call Registry: Can reduce calls from telemarketers

Do Not E-Mail Registry: May be a possibility for the future, but more difficult to implement

Web servers holding sensitive data should be secured

Only enter personal information on Web sites using secure servers

Automatic encryption systems for e-mail can help sensitive data from accidentally being revealed


Protecting the privacy of personal information6
Protecting the Privacy of ActivitiesPersonal Information

Properly dispose of hardware and outdated data

Wipe(not just delete) data on hard drives before disposing of a computer or hard drive

Storage media containing sensitive data should be shredded

Businesses should have a media sanitation/data destruction policy


Electronic surveillance and monitoring
Electronic Surveillance and Monitoring Activities

Computer monitoring software: Used to record an individual’s computer usage either by capturing images of the screen or by recording the actual keystrokes used

Can be used in homes by adults to monitor computer usage of children or spouse

Can be used in businesses to monitor employee computer usage

Keystroke-logging programs: Used to capture keystrokes

Can be used by hacker to capture usernames, passwords, and other sensitive information entered into a PC

Used by the government in criminal investigations



Electronic surveillance and monitoring1
Electronic Surveillance and Monitoring Activities

Video surveillance: The use of video cameras to monitor activities of individuals

Used to monitor employees

Used in public locations for crime-prevention purposes

Stores and other businesses

Public streets

Subways, airports, etc.

Can be used with face recognition software

Privacy issues also involved with the use of camera phones


Video surveillance
Video Surveillance Activities


Electronic surveillance and monitoring2
Electronic Surveillance and Monitoring Activities

Employee monitoring: Observing or reviewing employees’ actions while they are on the job

Can monitor computer usage

Can monitor physical location

Video cameras

GPS capabilities built into cars or mobile phones

Proximity cards

Can also be used to access facility, computer, etc.

Businesses should notifyemployees


Electronic surveillance and monitoring3
Electronic Surveillance and Monitoring Activities

Presence technology: Enables one computing device to locate and identify the current status of another device on the same network

Instant messaging, mobile phones, etc.

Can be used to locate coworkers or by customers

May also be used for marketing activities in the future


Protecting personal and workspace privacy
Protecting Personal and ActivitiesWorkspace Privacy

Can use antispyware software to detect if someone is monitoring your computer usage

Employers have a responsibility to keep employee and customer information private and secured

Employees should be familiar with their company’s employee policy and avoid personal activities at work


Computer security and privacy legislation
Computer Security and ActivitiesPrivacy Legislation

Difficult for legal system to keep pace with technology

Difficult to balance freedom of speech with privacy


Computer security and privacy legislation1
Computer Security and ActivitiesPrivacy Legislation


Summary
Summary Activities

Why Be Concerned About Computer Security

Hardware Loss, Damage, and System Failure

Software Piracy and Digital Counterfeiting

Why Be Concerned About Information Privacy

Databases, Electronic Profiling, Spam, and Other Marketing Activities

Electronic Surveillance and Monitoring

Computer Security and Privacy Legislation


ad