You are on page 1of 62

ICDL

PROFILE
Presented by : Shajid C

MODULE - 12

IT SECURITY

SECURITY CONCEPTS
International Computer Driving License Module 12

Data Threats

Distinguish between data and information.


Understand the term cybercrime.
Understand the difference between hacking,
cracking and ethical hacking.
Recognise threats to data from force majeure
like: fire, floods, war, earthquake.
Recognise threats to data from: employees,
service providers and external individuals.

International Computer Driving License Module 12

ExecuTrain of Qatar

Distinguish between data and information


Data is raw, unorganized facts that need to be
processed. Data can be something simple and
seemingly random and useless until it is
organized.
When data is processed, organized, structured or
presented in a given context so as to make it
useful, it is called information.

International Computer Driving License Module 5

ExecuTrain of Qatar

Cybercrime

Identity Theft
Phishing
Hacking
Downloading illegal music or videos.
Electronic Vandalism, terrorism and extortion.
Illegal interception of communications.
Inappropriate and other offensive material
Electronic money laundering.

International Computer Driving License Module 12

ExecuTrain of Qatar

Hacking / Cracking/ Ethical Hacking

International Computer Driving License Module 12

ExecuTrain of Qatar

Threats to data from force majeure


Force Majeure relates to unforeseen events beyond
the control of the company.
Fire
Floods
War
Earthquake.

International Computer Driving License Module 12

ExecuTrain of Qatar

Other threats to data

Employees
Service providers
External individuals

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information
Reasons for protecting personal
information like:

Avoiding identity theft

Name, Credit Card Number, Address, DOB, etc.

Fraud

Borrow money
Obtain Services

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information

cont..

Reasons for protecting commercially sensitive


information like:
Preventing theft or misuse of :

Client details
Financial information

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information

cont..

Identify measures for preventing unauthorised


access to data like:

Encryption

Digital ID (Private Key)


Certificate (Public Key)

Passwords

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information

cont..

Basic characteristics of information security like:


Confidentiality
Integrity
Availability

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information

cont..

Identify the main data/privacy protection, retention


and control requirements in your country.
Data Protection Act.
1995 European Data Protection Directive

To Protect the rights of the Data Subject


To set out the responsibilities of the data controller

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information

cont..

Rights of the Data Subject:


Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate
Not kept longer than necessary
Processed in accordance with the data subject rights
Secure
Not transferred to countries without adequate data
protection

International Computer Driving License Module 12

ExecuTrain of Qatar

Value of Information

cont..

Importance of creating and adhering to guidelines


and policies for ICT use.
Firewall
Automatic Updates
Anti virus
Anti-spyware
Passwords
Internet Security
Install and Uninstall Devices or Software's.

International Computer Driving License Module 12

ExecuTrain of Qatar

Personal Security
Social engineering

Information gathering.
Fraud.
Computer system access.

International Computer Driving License Module 12

ExecuTrain of Qatar

Methods Of Social Engineering

Phone Calls
Phishing
Shoulder Surfing

International Computer Driving License Module 12

ExecuTrain of Qatar

Identity theft and its implications

Personal
Financial
Business
Legal

International Computer Driving License Module 12

ExecuTrain of Qatar

Methods of identity theft

Information Diving
Skimming
Pretexting

International Computer Driving License Module 12

ExecuTrain of Qatar

File Security
Understand the effect of enabling/ disabling
macro security settings.
Set a password for files like:

Documents
Compressed files
Spreadsheets

International Computer Driving License Module 12

ExecuTrain of Qatar

Encryption

Advantages Of Encryption
Limitations Of Encryption

International Computer Driving License Module 12

ExecuTrain of Qatar

MALWARE
International Computer Driving License Module 12

ExecuTrain of Qatar

Malware

Trojans
Rootkits
Backdoors

International Computer Driving License

Infectious Malware

Viruses
Worms

International Computer Driving License Module 12

ExecuTrain of Qatar

Malwares
Types of data theft, profit generating/extortion
malwares :

Adware
Spyware
Botnets
Keystroke Logging
Diallers

International Computer Driving License Module 12

ExecuTrain of Qatar

Anti-virus software
Anti-Virus
Limitations of Anti-Virus
Virus Scan

Specific drives
Folders
Files using
Schedule scans

International Computer Driving License Module 12

ExecuTrain of Qatar

Anti-virus software

Quarantine : Effect of quarantining


infected/suspicious files.

International Computer Driving License Module 12

ExecuTrain of Qatar

Anti-virus software - Installation


Importance of :

Downloading and installing software updates


Anti-virus definition files

International Computer Driving License Module 12

ExecuTrain of Qatar

NETWORK SECURITY
International Computer Driving License Module 12

ExecuTrain of Qatar

Networks
Network types:

Local area network (LAN)


Wide area network (WAN)
Virtual private network (VPN)

International Computer Driving License

Role of the network administrator


Managing the:
Authentication
Authorisation
Accounting

International Computer Driving License Module 12

ExecuTrain of Qatar

Firewall

Functions
Limitations

International Computer Driving License Module 12

ExecuTrain of Qatar

Network Connections

Cables
Wireless

International Computer Driving License Module 12

ExecuTrain of Qatar

Network Security Implications

Malware
Unauthorised data access
Maintaining Privacy

International Computer Driving License Module 12

ExecuTrain of Qatar

Wireless Security
Password for Wireless network.
Wired Equivalent Privacy (WEP)

Encryption using Network Security key.

Wi-Fi Protected Access (WPA)


Media Access Control (MAC)

International Computer Driving License Module 12

ExecuTrain of Qatar

Unprotected Network - Security issues


Visibility to other users

International Computer Driving License Module 12

ExecuTrain of Qatar

Connect to a Wi-Fi network

International Computer Driving License Module 12

ExecuTrain of Qatar

Access Control
Network Account

Login
Username and Password

Password Policies

Easy to remember difficult to guess


Minimum Eight Characters
Mix of Numbers letters symbols
Case sensitive

International Computer Driving License Module 12

ExecuTrain of Qatar

Biometric Security

Fingerprint Scanning
Facial Recognition
Voice Recognition
Eye Scanning

International Computer Driving License Module 12

ExecuTrain of Qatar

SECURE WEB USE


International Computer Driving License Module 12

ExecuTrain of Qatar

Web Browsing
Be aware that certain online activity (purchasing,
financial transactions) should only be undertaken
on secure web pages.
Identify a secure website like:

https
lock symbol

International Computer Driving License Module 12

ExecuTrain of Qatar

Pharming

Pharming is a cyber attack intended to redirect a


website's traffic to another, fake site.
Pharming can be conducted either by changing
the hosts file on a victim's computer or by
exploitation of a vulnerability in DNS server
software

International Computer Driving License Module 12

ExecuTrain of Qatar

Digital Certificate

In cryptography, a public key certificate (also


known as a digital certificate or identity
certificate) is an electronic document used to
prove ownership of a public key.
Secure Socket Layer (SSL)
Transport Layer Security (TSL)

International Computer Driving License Module 12

ExecuTrain of Qatar

SSL

International Computer Driving License Module 12

ExecuTrain of Qatar

One Time Password - OTP

A one-time password is a password that is valid


for only one login session or transaction, on a
computer system or other digital device.

International Computer Driving License Module 12

ExecuTrain of Qatar

Browser Settings

Autocomplete
Cookie
Delete Private Data

International Computer Driving License Module 12

ExecuTrain of Qatar

Content Control

Internet filtering software,


Parental control software.

International Computer Driving License Module 12

ExecuTrain of Qatar

Social Networking

Understand the importance of not disclosing


confidential information on social networking
sites

International Computer Driving License Module 12

ExecuTrain of Qatar

Social Networking

Cont..

Be aware of the need to apply appropriate social


networking account privacy settings.
Understand potential dangers when using social
networking sites like:

Cyber Bullying
Grooming
Misleading/Dangerous Information
False Identities
Fraudulent Links Or Messages.

International Computer Driving License Module 12

ExecuTrain of Qatar

COMMUNICATIONS
International Computer Driving License Module 12

ExecuTrain of Qatar

Encrypting, Decrypting An Email

Understand the purpose of encrypting, decrypting


an email.
Understand the term digital signature.
Create and add a digital signature.

International Computer Driving License Module 12

ExecuTrain of Qatar

eMail Security

Be aware of the possibility of receiving fraudulent


and unsolicited e-mail
Understand the term phishing. Identify common
characteristics of phishing like: using names of
legitimate companies, people, false web links.
Be aware of the danger of infecting the computer
with malware by opening an e-mail attachment
that contains a macro or an executable file.

International Computer Driving License Module 12

ExecuTrain of Qatar

Instant Messaging

Understand the term instant messaging (IM) and


its uses
Understand the security vulnerabilities of IM like:
malware, backdoor access, access to files.
Recognise methods of ensuring confidentiality
while using IM like: encryption, non-disclosure
of important information, restricting file sharing

International Computer Driving License Module 12

ExecuTrain of Qatar

SECURE DATA MANAGEMENT


International Computer Driving License Module 12

ExecuTrain of Qatar

Securing and Backing Up Data

Recognise ways of ensuring physical security of


devices like: log equipment location and details,
use cable locks, access
control.

International Computer Driving License Module 12

ExecuTrain of Qatar

Securing and Backing Up Data

Recognise the importance of


having a back-up procedure in case of loss of
data, financial records, web bookmarks/history.

International Computer Driving License Module 12

ExecuTrain of Qatar

Securing and Backing Up Data

Identify the features of a backup procedure like:


regularity/frequency, schedule, storage location.

International Computer Driving License Module 12

ExecuTrain of Qatar

Back up and Restore data

Back up data.
Restore and validate backed up data.

International Computer Driving License Module 12

ExecuTrain of Qatar

Secure Destruction

Understand the reason for permanently deleting


data from drives or devices.
Distinguish between deleting and permanently
destroying data

International Computer Driving License Module 12

ExecuTrain of Qatar

Secure Destruction
Identify common methods of permanently
destroying data like:

shredding
drive/media destruction
degaussing
Using data destruction utilities.

International Computer Driving License Module 12

ExecuTrain of Qatar

International Computer Driving License