Digital Thinking and Innovation

CT109-3-1
VD1

Digital Security

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 1

Learning Outcomes of the Lecture

At the end of this section you will be able to:

• Define digital security risks and types of Malware
• Describe types of Internet and network attacks and explain
ways to safeguard against these attacks
• Describe digital signatures and digital certificates

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 3

 Computer Security Risks
Digital security risk - any event that could
cause loss of or damage to a computer or mobile device
hardware, software, data, information or processing
capability
•Computer Crime
•Cybercrime
•Hackers
•Crackers
•Script Kiddies
•Corporate Spies
•Unethical Employees

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 7

 Computer Security Risks
Cybercrime –also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography
and intellectual property, stealing identities, or violating privacy. Its online or Internet-based
illegal act

•Email and internet fraud.

•Identity fraud (where personal information is stolen and used).
•Theft of financial or card payment data.
•Theft and sale of corporate data.
•Cyberextortion (demanding money to prevent a threatened attack).
•Ransomware attacks (a type of cyberextortion).

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 8

1
0

Malicious Software (Malware)

Worm copies
Malware, or malicious software, is itself repeatedly, using up
any program or file that is resources
harmful to a computer user. and possibly shutting down
Malware includes computer or network
computer viruses, worms, Trojan
horses and spyware. These Trojans a program that appears to be
malicious programs can perform a something safe but is performing
variety of functions, including tasks such as giving access to your
stealing, encrypting or deleting computer or sending personal
sensitive data, altering or information to other computers.
hijacking core computing Trojans do not reproduce by infecting
functions and monitoring users' other files nor do they self-replicate.
computer activity without their Mostly Trojans are introduced via
permission. email attachments.

Spyware is software that is installed on a

computing device without the end user's virus designed to spread from
knowledge. host to host and has the ability to
replicate itself.
Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 10
1
1

Malicious Software (Malware)

TROJAN worm
HORSE

SPYWARE

TROJAN HORSE

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 11

 Internet and Network Attacks
Type Description
A program that displays an online advertisement
in a banner, pop-up window, or pop-under
Adware
window on webpages, email messages, or other
Internet services.
A program that blocks or limits access to a
Ransomware computer, phone, or file until the user pays a
specified amount of money.
A program that hides in a computer or mobile device
Rootkit and allows someone from a remote location to
take full control of the computer or device.

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 12

 Internet and Network Attacks

1. Botnet - group of compromised computers or mobile devices

connected to a network
2. Zombie PC - a computer connected to the Internet that has been
compromised by a hacker, computer virus or trojan horse program
and can be used to perform malicious tasks of one sort or another under
remote direction
3. Denial of service attack (DoS) - a type of cyber attack designed to
disable, shut down or disrupt a network, website or service.
4. Distributed DoS attack (DDoS attack) – attack uses multiple infected
devices and connections spread around the world as a botnet
5. Back door - program or set of instructions in a program that allow users
to bypass security controls (firewall)

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 13

 Antivirus
antivirus
 programs scan for programs that attempt to modify a computer’s start-up files,
the operating system, and other programs that normally are read from but not
modified
 Identifies and removes computer viruses, worms and Trojan horses

Any good
antivirus?

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 14

1
5

Antivirus
Virus Signature
• Also called virus definition
•is a string of characters or numbers that makes up the signature that anti-
virus programs are designed to detect. One signature may contain
several virus signatures, which are algorithms or hashes that uniquely
identify a specific virus.

What we called this?

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 15

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 16
Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 17
1
8

Antivirus

Typically, antivirus software uses all three scanning detection processes:

•Specific Detection – This works by looking for known malware by a

specific set of characteristics.
•Generic Detection – This process looks for malware that are variants of
known “families,” or malware related by a common codebase.
•Heuristic Detection – This process scans for previously unknown viruses
by looking for known suspicious behavior or file structures.

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 18

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 19
 Hardware Theft, Software Theft, information Theft

Safeguards against Information theft

Digital signatures : encrypted code that a person, website

or organization attaches to an electronic message to verify
the identity of the message sender.

Digital certificates :a notice that guarantees a user or a

website is legitimate.

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 20

2
1

Certificate Authority (CA)

• Authorized company issues and verifies digital

certificates
• Users apply for digital certificate from CA
• Stores info such as user’s name, issuing CA’s
name/signature, serial number of the certificate
• Digital certificate is encrypted

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 21

2
2

System Failure

A system failure can occur because of a

hardware failure or a severe software
issue, causing the system to freeze,
reboot, or stop functioning altogether.

Caused by aging hardware,

natural disasters, or electrical
power disturbances

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 22

2
3

Surge Protector

• Protects computer and equipment from electrical power disturbances

• Uninterruptible power supply (UPS) - surge protector that provides
power during power loss

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 23

2
4

Secure Socket Layer (SSL)

• Provides encryption of all data that passes between

client and Internet server Web addresses beginning
with “https” indicate secure connections
• Provides encryption and requires the client to have
a digital cert. Prevents illegal tampering of data

Example?

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 24

2
5

Four types of Backup

TYPE DEFINATION
Full backup a full backup is when every single file and folder in the system is
backed up. A full backup takes longer and requires more space than
other types of backups but the process of restoring lost data from backup
is much faster.
Incremental With incremental backup, only the initial backup is a full one.
Backup Subsequent backups only stores changes that were made since the
previous backup. The process of restoring lost data from backup is
longer but the backup process is much quicker.
Differential Differential backup only saves the new data or data that has changed
backup since the last full backup; it does not make a backup of all the data
every single time. This type of backup requires more storage space than
incremental backup does, however, but it also allows for a faster restore
time.
Mirror backup A mirror backup is an exact copy of the source data. With a mirror, the
only copy that is stored in your backup source is the data source as it
existed during your last backup. The advantage of a mirror is that the
backup does not contain old or files.

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 25

 Backing up – the ultimate safeguard
Disaster recovery- Written plan for restoring
computer operations in the event of a disaster

Backup plan

4
Emergency plan how backup files
steps to be taken and equipment would be
immediately used to resume information
after disaster processing

Recovery plan Test plan

actions to be taken simulates various levels of disasters
to restore full information and records
processing operations ability to recover

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 26

 Questions and Answer

Q&A

Digital Thinking and Innovation: CT109-3-1-DGTIN Digital Security SLIDE 29