Scribd Logo
Upload

Welcome to Scribd!

  • IT Security Book

    Uploaded by

    Ayaz naimi
    20 views62 pages
    This document discusses concepts related to IT security. It defines data and information, and discusses various threats to data security such as cybercrime, hacking, and threats from employees, natural disasters, and other sources. It also covers the importance of protecting personal and commercial information, and techniques for doing so like encryption, passwords, and data protection laws and guidelines. The overall purpose is to explain key security concepts and the value of protecting information assets.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses concepts related to IT security. It defines data and information, and discusses various threats to data security such as cybercrime, hacking, and threats from employees, natural disasters, and other sources. It also covers the importance of protecting personal and commercial information, and techniques for doing so like encryption, passwords, and data protection laws and guidelines. The overall purpose is to explain key security concepts and the value of protecting information assets.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views62 pages

    IT Security Book

    Uploaded by

    Ayaz naimi
    This document discusses concepts related to IT security. It defines data and information, and discusses various threats to data security such as cybercrime, hacking, and threats from employees, natural disasters, and other sources. It also covers the importance of protecting personal and commercial information, and techniques for doing so like encryption, passwords, and data protection laws and guidelines. The overall purpose is to explain key security concepts and the value of protecting information assets.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 62

    ICDL Presented

    PROFILE by : Shajid C
    MODULE - 12
    IT SECURITY
    SECURITY CONCEPTS

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12
    Data Threats
     Distinguish between data and information.
     Understand the term cybercrime.
     Understand the difference between hacking,
    cracking and ethical hacking.
     Recognise threats to data from force majeure
    like: fire, floods, war, earthquake.
     Recognise threats to data from: employees,
    service providers and external individuals.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Distinguish between data and information
     Data is raw, unorganized facts that need to be

    processed. Data can be something simple and


    seemingly random and useless until it is
    organized.
     When data is processed, organized, structured or

    presented in a given context so as to make it


    useful, it is called information.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 55 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Cybercrime
     Identity Theft
     Phishing
     Hacking
     Downloading illegal music or videos.
     Electronic Vandalism, terrorism and extortion.
     Illegal interception of communications.
     Inappropriate and other offensive material
     Electronic money laundering.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Hacking / Cracking/ Ethical Hacking

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Threats to data from force majeure
    Force Majeure relates to unforeseen events beyond
    the control of the company.
     Fire

     Floods

     War

     Earthquake.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Other threats to data
     Employees
     Service providers
     External individuals

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information
     Reasons for protecting personal
    information like:
     Avoiding identity theft
     Name, Credit Card Number, Address, DOB, etc.
     Fraud
     Borrow money
     Obtain Services

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information cont..
     Reasons for protecting commercially sensitive
    information like:
    Preventing theft or misuse of :
     Client details
     Financial information

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information cont..
     Identify measures for preventing unauthorised
    access to data like:
     Encryption
     Digital ID (Private Key)
     Certificate (Public Key)
     Passwords

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information cont..
    Basic characteristics of information security like:
     Confidentiality

     Integrity

     Availability

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information cont..
    Identify the main data/privacy protection, retention
    and control requirements in your country.
    Data Protection Act.
     1995 European Data Protection Directive
    To Protect the rights of the Data Subject
    To set out the responsibilities of the data controller

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information cont..
    Rights of the Data Subject:
    Fairly and lawfully processed

    Processed for limited purposes

    Adequate, relevant and not excessive

    Accurate

    Not kept longer than necessary

    Processed in accordance with the data subject rights

    Secure

    Not transferred to countries without adequate data

    protection

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Value of Information cont..
    Importance of creating and adhering to guidelines
    and policies for ICT use.
    Firewall

    Automatic Updates

    Anti virus

    Anti-spyware

    Passwords

    Internet Security

    Install and Uninstall Devices or Software's.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Personal Security
     Social engineering
     Information gathering.
     Fraud.
     Computer system access.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Methods Of Social Engineering
     Phone Calls
     Phishing
     Shoulder Surfing

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Identity theft and its implications
     Personal
     Financial
     Business
     Legal

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Methods of identity theft
     Information Diving
     Skimming
     Pretexting

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    File Security
     Understand the effect of enabling/ disabling
    macro security settings.
     Set a password for files like:
     Documents
     Compressed files
     Spreadsheets

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Encryption
     Advantages Of Encryption
     Limitations Of Encryption

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    MALWARE
    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Malware
     Trojans
     Rootkits
     Backdoors

    International
    International Computer
    Computer Driving
    Driving License
    License
    Infectious Malware
     Viruses
     Worms

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Malwares
     Types of data theft, profit generating/extortion
    malwares :
     Adware
     Spyware
     Botnets
     Keystroke Logging
     Diallers

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Anti-virus software
     Anti-Virus
     Limitations of Anti-Virus
     Virus Scan
     Specific drives
     Folders
     Files using
     Schedule scans

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Anti-virus software
     Quarantine : Effect of quarantining
    infected/suspicious files.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Anti-virus software - Installation
     Importance of :
     Downloading and installing software updates
     Anti-virus definition files

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    NETWORK SECURITY
    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Networks
     Network types:
     Local area network (LAN)
     Wide area network (WAN)
     Virtual private network (VPN)

    International
    International Computer
    Computer Driving
    Driving License
    License
    Role of the network administrator
    Managing the:
     Authentication

     Authorisation

     Accounting

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Firewall
     Functions
     Limitations

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Network Connections
     Cables
     Wireless

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Network – Security Implications
     Malware
     Unauthorised data access
     Maintaining Privacy

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Wireless Security
     Password for Wireless network.
     Wired Equivalent Privacy (WEP)
     Encryption using Network Security key.
     Wi-Fi Protected Access (WPA)
     Media Access Control (MAC)

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Unprotected Network - Security issues
     Visibility to other users

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Connect to a Wi-Fi network

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Access Control
     Network Account
     Login
     Username and Password
     Password Policies
     Easy to remember difficult to guess
     Minimum Eight Characters
     Mix of Numbers letters symbols
     Case sensitive

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Biometric Security
     Fingerprint Scanning
     Facial Recognition
     Voice Recognition
     Eye Scanning

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    SECURE WEB USE
    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Web Browsing
     Be aware that certain online activity (purchasing,
    financial transactions) should only be undertaken
    on secure web pages.
     Identify a secure website like:
     https
     lock symbol

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Pharming
     Pharming is a cyber attack intended to redirect a
    website's traffic to another, fake site. 
     Pharming can be conducted either by changing
    the hosts file on a victim's computer or by
    exploitation of a vulnerability in DNS server
    software

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Digital Certificate
     In cryptography, a public key certificate (also
    known as a digital certificate or identity
    certificate) is an electronic document used to
    prove ownership of a public key.
     Secure Socket Layer (SSL)
     Transport Layer Security (TSL)

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    SSL

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    One Time Password - OTP
     A one-time password is a password that is valid
    for only one login session or transaction, on a
    computer system or other digital device.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Browser Settings
     Autocomplete
     Cookie
     Delete Private Data

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Content Control
     Internet filtering software,
     Parental control software.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Social Networking
     Understand the importance of not disclosing
    confidential information on social networking sites

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Social Networking Cont..
     Be aware of the need to apply appropriate social
    networking account privacy settings.
     Understand potential dangers when using social
    networking sites like:
     Cyber Bullying
     Grooming
     Misleading/Dangerous Information
     False Identities
     Fraudulent Links Or Messages.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    COMMUNICATIONS
    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Encrypting, Decrypting An Email
     Understand the purpose of encrypting, decrypting
    an email.
     Understand the term digital signature.
     Create and add a digital signature.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    eMail Security
     Be aware of the possibility of receiving fraudulent
    and unsolicited e-mail
     Understand the term phishing. Identify common
    characteristics of phishing like: using names of
    legitimate companies, people, false web links.
     Be aware of the danger of infecting the computer
    with malware by opening an e-mail attachment
    that contains a macro or an executable file.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Instant Messaging
     Understand the term instant messaging (IM) and
    its uses
     Understand the security vulnerabilities of IM like:
    malware, backdoor access, access to files.
     Recognise methods of ensuring confidentiality
    while using IM like: encryption, non-disclosure
    of important information, restricting file sharing

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    SECURE DATA MANAGEMENT

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Securing and Backing Up Data
     Recognise ways of ensuring physical security of
    devices like: log equipment location and details,
    use cable locks, access
    control.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Securing and Backing Up Data
     Recognise the importance of
    having a back-up procedure in case of loss of
    data, financial records, web bookmarks/history.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Securing and Backing Up Data
     Identify the features of a backup procedure like:
    regularity/frequency, schedule, storage location.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Back up and Restore data
     Back up data.
     Restore and validate backed up data.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Secure Destruction
     Understand the reason for permanently deleting
    data from drives or devices.
     Distinguish between deleting and permanently
    destroying data

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    Secure Destruction
     Identify common methods of permanently
    destroying data like:
     shredding
     drive/media destruction
     degaussing
     Using data destruction utilities.

    International
    International Computer
    Computer Driving
    Driving License
    License –– Module
    Module 12
    12 ExecuTrain
    ExecuTrain of
    of Qatar
    Qatar
    International
    International Computer
    Computer Driving
    Driving License
    License

    You might also like