Information Systems/Security



This lesson covers security in various forms of technology, such as phones, the internet, and computers.

Objectives and Skills
Objectives and skills for the security portion of CLEP Information Systems include:
 * Economic effects (secure transactions, viruses, malware, cost of security)
 * Privacy concerns (individual, business, identity theft)
 * Computer security and controls (system, application, personal computer, disaster recovery)

Readings

 * 1)  Introduction to Computer Information Systems/Security
 * 2)  Computer security
 * 3)  Backup
 * 4)  Data recovery
 * 5)  Internet safety
 * 6)  Internet security
 * 7)  Internet privacy
 * 8)  Multi-factor authentication
 * 9)  Password manager
 * 10)  Mobile Security
 * 11)  Phishing
 * 12)  Encryption

Multimedia

 * 1) YouTube: Protecting Your Computer from Malware
 * 2) YouTube: Malware: Difference Between Computer Viruses, Worms and Trojans
 * 3) YouTube: Backup and Disaster Recovery Explained
 * 4) YouTube:  How your computer gets hacked in under a minute
 * 5) YouTube:  Computer Security
 * 6) YouTube:  Securing your WIFI network
 * 7) YouTube:  5 tips for staying safe on the web
 * 8) YouTube: Protect your Privacy Completely: Web Browsing with TAILS
 * 9) YouTube: How to create a strong password
 * 10) YouTube: What is Two-Factor Authentication? (2FA)
 * 11) YouTube: Common Threats to Information Security
 * 12) YouTube: HTTPS and SSL tutorial
 * 13) YouTube: Information Security Management-Learn and Gain
 * 14) YouTube: Cyber Security – Top 10 Threats
 * 15) [https://www.youtube.com/watch?v=q2nsUgG0zfQ YouTube: The Best Password Managers, Compared

Activities

 * 1) Research Data Backup and Recovery. Schedule and perform regular data backups.
 * 2) Learn tips to make stronger passwords. Then research password managers.  Consider installing and using a password manager on your system.
 * 3) Configure password management on your system.
 * 4) * Windows: Review Microsoft: How to Configure Security Policy Settings. Consider modifying Password Policy and Account Lockout Policy settings.
 * 5) * Linux: Review Xmodulo: How to set password policy on Linux. Consider modifying password policy settings.
 * 6) Mac: Review Mac Security. Consider one of these options for best Mac security.
 * 7) Research multi-factor authentication.  Consider setting up multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
 * 8) Review Protecting Your Computer. Use anti-malware software to scan your system and test malware detection.
 * 9) * All: Set anti-malware,anti-virus software and operating system to automatically update.
 * 10) * All: Review Comparison of antivirus software.  Download a free, well-known anti-malware application and scan your system.
 * 11) * All: Review EICAR test file.  Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
 * 12) Review  Wardriving.  Use a free wireless scanner and scan your environment for wireless networks:
 * 13) * Windows:
 * 14) *# Review BitDreamers: Improve WLAN Signal Without Additional Tools on Windows.
 * 15) *# Use the  command to scan for wireless networks.
 * 16) * macOS:
 * 17) *# Review AppStorm: How to Discover Any Network with iStumbler.
 * 18) *# Download and install iStumbler and scan for wireless networks.
 * 19) * Linux:
 * 20) *# Review TuxMobil.org: Linux Wireless Sniffer.
 * 21) *# Download and install a wireless scanner and scan for wireless networks.
 * 22) * Android:
 * 23) *# Review Google: farproc Wifi Analyzer.
 * 24) *# Download and install Wifi Analyzer and scan for wireless networks.
 * 25) * iOS:
 * 26) *# Review WLANBook: Free WiFi Scanner for iPhone and iPad Without Jailbreak.
 * 27) *# Download and install the Apple AirPort Utility and scan for wireless networks.
 * 28) Windows password security testing:
 * 29) * Test your Windows environment to extract plain texts passwords, hash, PIN codes, and kerberos tickets from memory through the use of Mimikatz.

Research and Discussion

 * 1) You are browsing the Internet at your favorite restaurant. How can you browse the Internet safely? Identify different threats and potential solutions associated with using unsecured Wi-Fi locations?
 * 2) Identify various vulnerabilities that can affect you, your personal information. and your computer devices. Research, discuss and share information on how you can protect yourself against identify theft.
 * 3) Security is an important concern while using email. Identify risks and list best practice solutions on how to safely use email.
 * 4) Research top security software for common personal computer and mobile platforms. Include both proprietary and open source options. Install and test trial versions of one or more products. Which products would you recommend others use, and why?

Lesson Summary

 * Computer security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. This includes controlling physical access to hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. There are security tips you can follow to protect your computer and personal information. Tips, like updating your software, turning on two-factor authentication protection of passwords, back up your files and giving personal information over encrypted websites only, will keep Security threats like backdoors, denial-of-service attacks, direct-access attacks, eavesdropping, malware, spoofing, tampering, privilege escalation, phishing, and clickjacking. at a distance.


 * Network Backups is a system where the named data from a single computer/network of computers is dispatched and sent to a backup server. The primary aim of backups is to recover data after its loss, be it by data deletion or corruption and the minor purpose is to recover data from an earlier time, according to a user-defined data retention policy.


 * Data recovery is a process of retrieving inaccessible data from corrupted or damaged secondary storage, removable media or files, when the data they store cannot be accessed in a normal way. Data recovery framework involves an operating system failure, break down and logical failure of storage devices and accidental damages.
 * A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. It responds to unplanned incidents with precautions to minimize the effects of a disaster for an organization to continue with its operations.
 * Internet safety is the knowledge of maximizing the user's personal safety and security risks to private information and property associated with using the internet, and the self-protection from computer crime in general. For your own safety from hackers, you need to keep your personal information professional and limited, keep your privacy settings on and practice safe browsing among other safe rules.
 * Common threats to personal safety on the Internet include cyberstalking, cyberbullying, online predation, and obscene/offensive content. . we need to take precautions whenever we are suspicious of these threats.
 * Malware, short for malicious software, is any software used to cause damage to a computer network, gather sensitive information, or gain access to private computer systems.  It includes botnets, viruses, Trojan horses, spyware, scareware, ransomware, and worms. . A game plan for protecting against malware is to stop harmful software from gaining access to the target computer.
 * Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. It is concerned with protecting user information. Privacy can entail either Personally-Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website.
 * Risks to Internet privacy include activity monitoring, content searches, and social network profiling. .You may, however, protect your privacy online by using built-in features of many social networks and browsers and third-party tools.
 * Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting several separate authentication stages through credentials based on knowledge (something you know), possession (something you have), and inherence (something you are). . in other words, it is a system that requires more than one method of authentication from a self-reliant listing of credentials to verify a user's identity for login.
 * A password manager is a software application that helps a user store and organizes passwords. . It assists in initiating and retrieving complex passwords, possibly calculating them on request. Password managers require a user to remember and create one master password to unlock and access any information stored in their databases.

Key Terms

 * authentication
 * The process of confirming identity.


 * authorization
 * The function of specifying access rights to resources.


 * backdoor
 * A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls.


 * backup
 * Copying and archiving of computer data so it may be used to restore the original after a data loss event.


 * biometrics
 * Refers to measurements of human characteristics.


 * BitLocker
 * A full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and later Windows operating systems.


 * bot
 * A software application that runs automated tasks over the Internet.


 * botnet
 * A number of Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.


 * brute-force attack
 * A cryptanalytic attack that consists of systematically checking all possible keys or passwords until the correct one is found.


 * computer forensics
 * A branch of digital forensic science pertaining to the recovery and investigation of material found in computers and digital storage media, often related to computer crime.


 * computer security
 * The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.


 * cyber crime
 * Any crime that involves a computer and a network.


 * cryptography
 * the practice and study of techniques for secure communication in the presence of third parties called adversaries.


 * denial-of-service attack
 * An attempt to make a machine or network resource unavailable to its intended users.


 * device hardening
 * The process of securing a system by reducing its surface of vulnerability through the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.


 * dictionary attack
 * A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities from a list.


 * disaster recovery plan
 * A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.


 * dumpster diving
 * The practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the collector.


 * eavesdropping
 * The act of surreptitiously listening to a private conversation, typically between hosts on a network.


 * encryption
 * The process of encoding messages or information in such a way that only authorized parties can read it.


 * ethical hacker
 * A computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.

On the Internet, a filter is a program to screen and exclude from access or availability Web pages or e-mail that is deemed inappropriate.
 * filter
 * firewall
 * A network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.


 * hacking
 * Seek and exploit weaknesses in a computer system or computer network.


 * HTTPS
 * A communications protocol for secure communication over a computer network which is widely used on the Internet.


 * identity theft
 * The deliberate use of someone else's personal information, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name.


 * internet security
 * A catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.


 * iptables
 * A Linux kernel software firewall that allows system administrators to configure rules and chains.


 * keystroke logging
 * The action of recording the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.


 * malware
 * Any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.


 * multi-factor authentication
 * A method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories of knowledge, possession, and inherence.


 * packet sniffer
 * A computer program that can intercept and log traffic passing over a digital network.


 * password complexity
 * The length and character set combinations used to create a password, such as upper case and lower case letters, numbers, and punctuation.


 * password confidentiality
 * A set of rules or a promise that limits access or places restrictions on password sharing.


 * password cracking
 * The process of recovering passwords from data that have been stored in or transmitted by a computer system, most often through brute-force or dictionary attacks.


 * password expiration
 * A policy that requires users to change passwords periodically.


 * password reuse
 * A policy that prevents users from repeating recently used passwords.


 * permissions
 * Access rights assigned to specific users and groups of users to control the ability of the users to view or make changes to system objects.


 * penetration test
 * A targeted and simulated attack on a system to identify potential security vulnerabilities.


 * phishing
 * The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.


 * physical security
 * Measures designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.


 * ransomware
 * A type of malware which restricts access to the computer system that it infects, and demands a fee be paid to the operators of the malware in order for the restriction to be removed.


 * rootkit
 * A stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.


 * security patch
 * A change applied to an asset to correct the weakness described by a vulnerability.


 * shoulder surfing
 * Using direct observation techniques to obtain information such as passwords, PINs, security codes, and similar data.


 * single sign-on
 * A property of access control systems that allows a user to log in once and gain access to all interrelated systems without being prompted to log in again.


 * social engineering
 * Psychological manipulation of people to cause them to perform actions or divulge confidential information.


 * spam
 * Unsolicited electronic messages, especially advertising.


 * spoofing
 * Concealing the identity of the sender by impersonating another computing system.


 * spyware
 * Software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.


 * system administrator
 * A person who is responsible for the upkeep, configuration, and reliable operation of computer systems; especially multi-user computers.


 * Trojan
 * A non-self-replicating type of malware program containing malicious code that, when executed typically causes loss or theft of data, and possible system harm.


 * virus
 * A malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or firmware.


 * worm
 * A standalone malware computer program that replicates itself in order to spread to other computers.


 * WPA / WPA2 (Wi-Fi Protected Access)
 * Security protocol used secure wireless computer networks.


 * zombie computer
 * A computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.

Assessments

 * Flashcards: / Study Stack: Information Security
 * Quiz: Quizlet: Information Systems - Security
 * Flashcards: Quizlet: Information Security & Computer Fraud
 * Picture Match: / Study Stack: Information Security