COMPUTING SKILLS (FPCS0001)

Semester 2, AY 2022-2023

Module 4 – Information Security

02/15/2024 MODULE 4 - INFORMATION SECURITY 1

Learning Outcomes:
Upon completion of the course, students should be able to:
1. Identify the benefits and risks of network computing.
2. Identify the security issues with electronic mails.
3. Identify risks to personal and organizational data.

4. Describe the protected web sites, use of digital certificates, encryption-decryption, and
uses of firewall and how to get protected from hackers etc.
5. Explain different types of viruses (including worms, Trojans etc) and clean viruses and
worm-infected system with appropriate software.
6. Explain privacy issues, good passwords and access right.
7. Describe the concept of backup and its importance to data recovery.
8. Explain the provisions under the Omani Data Protection Legislation.

02/15/2024 MODULE 4 - INFORMATION SECURITY 2

Information Security
Information security is the protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, or
destruction in order to achieve confidentiality, integrity, and availability.

Computer network security risks

Computer security risk is a concept that indicates actions or events

that could cause a loss of or damage to computer hardware, software,
information, data or processing capability and signifies the
likelihood of a hazard or dangerous threat.
02/15/2024 MODULE 4 - INFORMATION SECURITY 3
 Network security threats

Risks to personal and organizational data

Information privacy refers to the right of individuals and companies to
deny or restrict the collection and use of information about them.

02/15/2024 MODULE 4 - INFORMATION SECURITY 4

Computer Malware
Malware is malicious software designed specifically to damage
computers without the user’s consent.

02/15/2024 MODULE 4 - INFORMATION SECURITY 5

Virus
Virus is malicious software that is designed to take control of system
operations and destroy some or all files stored on the computer or even
the computer itself.
Viruses can easily copy themselves and spread throughout the
computer system once activated by the user.
Computer viruses can be transferred through downloaded files or
programs, email attachments, CDs, and flash drives.
02/15/2024 MODULE 4 - INFORMATION SECURITY 6
Worm
Worm is a self-replicating program that usually consumes system and
network resources.
It makes copies of itself repeatedly and infects additional computers.

Trojan Horse
This causes damage or compromises the security of the computer.

It can enter a computer as a virus or hide within or even looks like a

legitimate program.

02/15/2024 MODULE 4 - INFORMATION SECURITY 7

Spyware
Spyware is a program placed on a computer without user
consent that can capture information like Web browsing habits,
e-mail messages, usernames and passwords, and credit card
information.

02/15/2024 MODULE 4 - INFORMATION SECURITY 8

Security issues with electronic mails
Phishing email is a type of email-based social engineering in which an attacker
sends an official-looking email from a source, such as a bank, and attempts to
obtain personal and financial information from the victim.

02/15/2024 MODULE 4 - INFORMATION SECURITY 9

Safeguards against Computer Malware
1. Strong password protects your account

A password is a private combination of characters associated with the

username that allows access to certain computer resources.

02/15/2024 MODULE 4 - INFORMATION SECURITY 10

Safeguards against Computer Malware
2. Create the password with adequate length

They should never be less than eight characters and preferably longer.

Short passwords can easily be determined by a brute-force password cracker.

3. Adequate character mix

A good policy is to use a meaningless combination of letters and numbers
that is seven or eight characters long.

02/15/2024 MODULE 4 - INFORMATION SECURITY 11

Safeguards against Computer Malware
4. Avoid using directly identifiable information

They should not be the names of family members or pets or anything

else that would be easy for a hacker.

02/15/2024 MODULE 4 - INFORMATION SECURITY 12

Backup and Recovery
Backup is a way to copy selected
files or an entire hard disk to another
storage medium such as another hard
disk, optical disc, or USB / flash
drive.

Recovery is a special tool that

contains some system files capable of
restarting a computer when the computer
cannot boot from its hard disk due to
system failure.

02/15/2024 MODULE 4 - INFORMATION SECURITY 13

Regular updating software

No computer software is perfect, just as no human is

perfect
1. Security update
2. Updating applications
3. Update operating system applications

02/15/2024 MODULE 4 - INFORMATION SECURITY 14

Regular updating software
Security update
Designed to protect your software (and computer) from harmful programs, viruses, and exploits

Updating applications
Additions to software that can help prevent or fix problems, or enhance and improve how your
computer works.

Update operating system applications

Enhanced overall performance of the software and the computer is also often a good reason to
keep up-to-date with updates to your PC programs

02/15/2024 MODULE 4 - INFORMATION SECURITY 15

Digital Certificates

Digital Certificate
A digital certificate is a notice that guarantees a user or a Web
site is legitimate.
Web browsers, such as Internet Explorer, often display a warning
message if a Web site does not have a valid digital certificate.

02/15/2024 MODULE 4 - INFORMATION SECURITY 16

Digital Certificates

Digital Certificate Real Example

Go to Bank Nizwa website (https://www.banknizwa.om/) and click on the view
certificate link as shown below.

Once you click on the view certificate link, the Windows certificate viewer tool will
open and show the certificate owned by Bank Nizwa. This certificate, as you can see
in the "Issued by" field is issued by DigiCert ShA2 Secure Server CA.

02/15/2024 MODULE 4 - INFORMATION SECURITY 17

Digital Certificates Example

02/15/2024 MODULE 4 - INFORMATION SECURITY 18

Digital Certificates Example

02/15/2024 MODULE 4 - INFORMATION SECURITY 19

Encryption and Decryption

Encryption is a security technique that converts readable data

(plaintext form) to prevent unauthorized access. into unreadable
characters (ciphertext form)

Decryption is the inverse process of encryption that allows

only authorized parties with the necessary decryption information to
read the encrypted files.

02/15/2024 MODULE 4 - INFORMATION SECURITY 20

Encryption and Decryption

02/15/2024 MODULE 4 - INFORMATION SECURITY 21

 Privacy issues
Firewall
A firewall is a hardware and/or software that
protects a network’s resources from intrusion by
users on another network such as the Internet.

It filters and controls the traffic flow of information

coming into and out of a network to decide which
traffic to allow access to and which traffic to block.

02/15/2024 MODULE 4 - INFORMATION SECURITY 22

Antivirus Software

An antivirus program is a type of utility

program used to protect a computer
against viruses by scanning and
removing any computer viruses found in
memory, on storage devices, or on
incoming files. Most antivirus software
has the capability also to protect against
worms, Trojans and spyware.

02/15/2024 MODULE 4 - INFORMATION SECURITY 23

Antivirus Software Examples

02/15/2024 MODULE 4 - INFORMATION SECURITY 24

Security Features in Windows 10
Windows 10 features a series of tools to help you protect your computer from
threats like viruses and other malware.

The three main security tools in Windows 10 are:

▫ User Account Control

▫ Windows Defender

▫ Windows Firewall

02/15/2024 MODULE 4 - INFORMATION SECURITY 25

 User Account Control
User Account Control: is a tool that warns you when someone or something attempts to
change your computer system settings.

This helps protect your computer against accidental changes or malicious software
altering your settings.
User Account Control can be to: Low, Moderate or High:
Low: never notify you
Moderate: notify you only when an application tries to make changes to your computer
High: notify you when programs or you try to make changes to your computer

02/15/2024 MODULE 4 - INFORMATION SECURITY 26

User Account Control
You can change this setting to your desired level by following these steps:

Step 1− Open the Control Panel by searching for it in the Search bar.
Step 2− After the Control Panel is open, choose User Accounts
Step 3- Click on “Change User Account Control settings”
Step 4- In the User Account Control Settings, you can move the
slider to the desired position

02/15/2024 MODULE 4 - INFORMATION SECURITY 27

 Windows Defender

Windows Defender is an antivirus and malware protection included in

the windows operating system.

It allows you to scan your computer for malicious software, while also
checking each file or the program you open.

02/15/2024 MODULE 4 - INFORMATION SECURITY 28

 Windows Defender
You can change this setting to your desired level by following these steps:
Step 1− Go to SETTINGS and select Update & security.
Step 2 – Click on Windows Security.
Step 3− Click on “Virus & threat protection”
Step 4− Click on Manage settings
Here you can:
a) Turn off/Turn on Real-time protection
b) Turn off/Turn on Cloud-delivered protection
 which allows Defender to send Microsoft information about security threats it finds.

02/15/2024 MODULE 4 - INFORMATION SECURITY 29

 Windows Firewall

Windows Firewall prevents unauthorized access from outside to get

into your computer.

02/15/2024 MODULE 4 - INFORMATION SECURITY 30

Windows Firewall
If you want to customize your Firewall, follow these steps:

Step 1− Open the Control Panel by searching for it in the Search bar.
Step 2- Choose Windows Firewall.
Step 3− In the Windows Firewall window, you can turn it on or off or

choosing when to protect your computer.

02/15/2024 MODULE 4 - INFORMATION SECURITY 31

Oman Data Protection Legislation

02/15/2024 MODULE 4 - INFORMATION SECURITY 32

 SUMMARY
This module covered the topic of Information security.

It discussed the basic concepts of Information security and some related topics.

In addition, it included the different types of malware and what can be done to stop them.

It also illustrated the different security features available in Windows 10.

Finally, the module discussed the available Oman Data Protection Legislation.

02/15/2024 MODULE 4 - INFORMATION SECURITY 33

GUIDE QUESTIONS
1. Define the following terms:
a. Antivirus software
b. Backup
c. Trojan Malware
d. Password
e. Spyware

2. How can users safeguard against computer Viruses, Worms, Trojan Horses, and spyware?
3. How do antivirus programs detect and identify a virus?

4. What types of devices/security tools that are available at your college to protect
computers/network against malware?

02/15/2024 MODULE 4 - INFORMATION SECURITY 34

REFERENCES
1. CERT, O. N. (n.d.). Retrieved from
https://cert.gov.om/library_information_glossary.aspx
2. CompTIA. (n.d.). Retrieved from https://www.comptia.org/home
3. Fink, K. (2004). Knowledge Potential Measurement and Uncertainty. Deutscher
Universitä tsverlag.
4. Gary B. Shelly, Thomas J. Cashman, Misty E. Vermaat. (2006). Discovering Computers:
Fundamentals, Third Edition (Shelly Cashman Series). Boston, MA, USA: Course Technology
Press.
5. Keyser, T. (2005). Security policy, The Information Governance Toolkit. CRC Press.
6. mimecat. (n.d.). Safeguard Your Company With Electronic Mail Security From Mimecast.
Retrieved from mimecast.com/content/electronic-mail-security/
7. Portal, T. O. (n.d.). Retrieved from
https://omanportal.gov.om/wps/portal/index/strategiesandpolicies/!ut/p/a1/hc7LDoIwEA
XQb3HBlhksEnFXMT4xxGAUujFoSsEUSmqV3xeNGxMfs7uTczMDDBJgdXYrRWZ
KVWfykZl3iDaO58wjXA2RBEjHQeS6DsWYeB1IO4BfhuK h7YkxCcIUb-
Yr3arin2yW669EOPTCbuC_w4sQQmpDo-301pfSRDAUzznGuu7avu1

02/15/2024 MODULE 4 - INFORMATION SECURITY 35