logging in or signing up CCNC Computer security ict4champions Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 57 Category: Entertainment License: Some Rights Reserved Like it (0) Dislike it (0) Added: August 11, 2012 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript PowerPoint Presentation: 8/11/2012 1 This section will take 8 hours to complete Section Overview In this section you will be introduced to protecting your computer from theft and viruses as well as understand the term information security. You will be familiar with privacy issues in computing and understand the importance of data backup. Module 1 Section 5 Computer SecurityPowerPoint Presentation: Units Learning Outcomes Competency Standards 1 What is information s ecurity ? Understand the term information security and the importance of keeping personal and company information private. Understand the term information security. Understand the importance of keeping personal information private. Understand the importance of protecting company information by educating employees and putting privacy, confidentiality and security policies in place. 2 Safeguarding data Understand the various procedures to safeguard your computer and data. Understand how to physically protect your computer, software and data. Understand what a firewall is. Understand how to set access rights to protect your computer data. Understand the value of good password policies. Understand what data encryption is. 3 Data backup Understand why it is important to backup your data and know the tools and practices for backing up data. Understand why it is important to backup your data. Understand the various options for backing up and restoring data. Be aware of possible implications of computer theft. 4 Computer viruses Know what a computer virus is, how it is spread and how to keep your computer virus free. Know what a computer virus is and the various types of viruses. Understand how computer viruses are spread and how to detect if your computer is infected. Know how to protect your computer against computer viruses by following best practices. Module 1 Section 5 Computer SecurityPowerPoint Presentation: Click on the button for the Self evaluation rubric and activities For a printable PDF Summary of the section , click on the button Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Module 1 Section 5 Computer SecurityPowerPoint Presentation: Module 1 Section 5 Computer Security Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Module 1 Section 5 Computer Security Information Security Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Information Security Because information and information technology are fundamental to just about all aspects of modern life, the modern era is often referred to as the Information age. By its very nature, much information is private and confidential. Information security therefore refers to all the procedures which are used to protect information from deliberate or accidental misuse or dissemination. Technically, it refers to the maintenance of the integrity of information. Integrity means that the information remains correct at all times and cannot be accessed by unauthorised agents. There are various ways in which to keep information safe. The first thing to do is to install software to protect the data on a computer. Then you need to make sure that the computer itself is safe from theft and environmental hazards. Unfortunately these two precautions will mean nothing if you do not make sure that you follow safety procedures. Let us look at the various elements that form part of computer security as well as the consequences of failing to keep your data safe. Personal Security If personal information such as health or finance status, personal or family issues and background details became available to unauthorised agents, this could lead to the standing of individuals being seriously compromised. In some cases it may have little more effect than a feeling of invasion of personal privacy, while in other cases it may lead to serious embarrassment, loss of status or job and even blackmail. Make sure that you keep your personal information safe at all times! Module 1 Section 5 Computer Security Information Security Click on picture to Play Video Click here to read more online about online personal securityPowerPoint Presentation: Organisational security Organisations or businesses function by trying to achieve a competitive edge. This is achieved by making better products and having better marketing strategies. If competitors found out the formulation of products or details of manufacturing or the marketing plans for new products, a company would lose its competitive edge. There is a whole dark area to business known as industrial espionage in which a variety of means are used to discover trade secrets and business dealings. Information can either be changed or deleted to sabotage the functioning of the organisation. It is therefore imperative to maintain the confidentiality of all company information at all times. Companies have to make sure that all the factors that can jeapardise the security of their information, must be taken into account. Not only do they have to ensure that employees take their personal security seriously, but also put procedures in place to make sure that confidentiality, integrity and the availability of their information are at all times secure. It calls for quite an involved system as is evident in the graphic alongside. Information Security Components Activity Investigate what companies are doing to safeguard their information by reading this Online | Offline article. Module 1 Section 5 Computer Security Information SecurityPowerPoint Presentation: Staff employment practices Protecting company information There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records. Module 1 Section 5 Computer Security Information Security Security proceduresPowerPoint Presentation: Security procedures Protecting company information There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records. Staff employment practices Good company security first and foremost starts with loyal and trustworthy staff. If staff members are likely to have access to sensitive information, they should be thoroughly screened before they are employed. The more sensitive the information they have access to, the more vital is this process. Promotion to more sensitive positions can be based on a good history or loyalty and trust. Part of the staff induction process and on-going staff training should inculcate in staff the importance of security and an awareness of the consequences of its violation. Module 1 Section 5 Computer Security Information Security Staff employment practicesPowerPoint Presentation: Protecting company information There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records. Security procedures Information should be classified on the basis of its sensitivity. Access rights to this information should be limited to those who need to know. To access certain information, an employee might need a special security clearance. All access to sensitive information should be recorded. The question of access rights is discussed further in the next section. Sensitive information that is stored in the form of paper files should be kept in a secure vault. Procedures should be in place to enable staff to report breaches or suspected breaches of security. They should be able to report these without fear of reprisal. In large organisations security departments can be established specifically for the purpose of providing such channels and monitoring security on an on-going basis. This is often done in conjunction with forensic auditing. This is a special form of auditing to detect mismanagement and corruption. Module 1 Section 5 Computer Security Information Security Staff employment practices Security proceduresPowerPoint Presentation: Module 1 Section 5 Computer Security Safeguarding data Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Privacy Issues Information stored on computers All computers from laptop computers to mainframes contain information. Much of this, whether corporate or personal, is confidential. Many thousands of laptop computers containing important company or State information have been stolen. Since most corporate records are now kept in electronic form on computer systems, procedures need to be put in place to protect the computers. Apart from deliberate violations by people, computers are also subject to accidental damage and natural disasters. Physical procedures Physical access to mainframes should be restricted to operators and systems administrators. Facilities should be fire and flood proof. Highly sensitive installations should also have adequate protection from criminal and terrorist activities. Desktop and laptop computers are very vulnerable to theft. A simple procedure is to only allow authorised people access to offices. The use of security cameras can also act as a deterrent. Desktop computers can be physically attached to the floor or a work surface. Laptop computers present the greatest risk. They are not only light and easy to pick up, but they are also more expensive and valuable than desktops. The best protection is not to let them out of sight. If a manager is staying at a hotel, he or she can leave the computer in the hotel safe rather than their room. You can also attach devices that will sound alarm if the laptop is moved or you can use the physical locking system that attaches the laptop with a wire to a table. Always make sure that your equipment is locked away or under your eyes! Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Privacy Issues Information stored on computers All computers from laptop computers to mainframes contain information. Much of this, whether corporate or personal, is confidential. Many thousands of laptop computers containing important company or State information have been stolen. Since most corporate records are now kept in electronic form on computer systems, procedures need to be put in place to protect the computers. Apart from deliberate violations by people, computers are also subject to accidental damage and natural disasters. Physical procedures Physical access to mainframes should be restricted to operators and systems administrators. Facilities should be fire and flood proof. Highly sensitive installations should also have adequate protection from criminal and terrorist activities. Desktop and laptop computers are very vulnerable to theft. A simple procedure is to only allow authorised people access to offices. The use of security cameras can also act as a deterrent. Desktop computers can be physically attached to the floor or a work surface. Laptop computers present the greatest risk. They are not only light and easy to pick up, but they are also more expensive and valuable than desktops. The best protection is not to let them out of sight. If a manager is staying at a hotel, he or she can leave the computer in the hotel safe rather than their room. You can also attach devices that will sound alarm if the laptop is moved or you can use the physical locking system that attaches the laptop with a wire to a table. Always make sure that your equipment is locked away or under your eyes! Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Software procedures Information can be stolen, altered or deleted without the computer being physically removed. The information may even be accessed across the Internet. It is therefore important to have systems in place to ensure that data cannot be accessed by any unauthorised person via the internet. Firewalls A firewall is the first line of defense against hackers. It is a computer programme that is installed on a computer that connects a network to the Internet. The firewall analyses the packets that pass in and out of the network. It is programmed to follow certain rules which enable it to decide whether or not to allow a packet to pass. There is firewall software available that can be installed on a stand-alone PC. Online Activity Read more about how firewalls work. Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password Policy Guidelines Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Tip sheet Password guidelines Password: Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Password: Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: They should never be blank. Most secure systems will not allow you to leave the password field blank. Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: They should not be the names of family members or pets or anything else that would be easy for an intruder to try out. fluffie Fluff1ethed0g12# Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: Ideally they should never be words, especially words like administrator, admin or root. mypassword admin Adm1nman1*&^% Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: fluffie They should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. Me Adm1nman1*&^% Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. S6g4%2mK9 Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: fluffie Fluff1ethed0g12# mypassword admin Adm1nman1*&^% Me Adm1nman1*&^% S6g4%2mK9 Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. M1Gg$#@12 Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: They should never be blank. Most secure systems will not allow you to leave the password field blank They should not be the names of family members or pets or anything else that would be easy for an intruder to try out. fluffie Fluff1ethed0g12# Ideally they should never be words, especially words like administrator, admin or root. mypassword admin They should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. Adm1nman1*&^% Me Adm1nman1*&^% A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. S6g4%2mK9 Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. M1Gg$#@12 When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT / 2000 / XP / 2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Tip sheet Close this Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: XPowerPoint Presentation: Close this Tip sheet Password: Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Fluff1ethed0g12# XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Fluff1ethed0g12# mypassword admin Adm1nman1*&^% XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Me Adm1nman1*&^% XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: S6g4%2mK9 XPowerPoint Presentation: X Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Fluff1ethed0g12# mypassword admin Adm1nman1*&^% Me Adm1nman1*&^% S6g4%2mK9 M1Gg$#@12PowerPoint Presentation: Data encryption Data encryption has various uses in our everyday lives. In e-commerce it is used to make sure that financial transactions are secure. Companies use it to stop industrial espionage, governments and the military use it to keep information secret and individuals in oppressed situations have used it to pass on valuable information to the outside world. It is a way in which to turn ordinary plain text data into a version that cannot be read without a “key”. The key can be a programme that will make it possible for the receiver of the message to open it. An example of this is bank documents like statements that are sent to you via e-mail. The bank has made sure, however, that you have a software programme with a key, that will enable you to open the document. Without this software you will not be able to read your statement. Activity Read more about how data encryption works. Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Module 1 Section 5 Computer Security Data Backup Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Vulnerability of data Data is vulnerable in many ways. The system on which it is stored can fail. For example, a hard drive may crash due to component failure. The medium itself may become corrupt. Where data is stored on a magnetic medium, this can become corrupt due to a number of factors including moisture, heat, magnetic fields and electromagnetic radiation. Even optical storage which is highly reliable should never be regarded as infallible. The system can be stolen. The system could be physically damaged through war, criminal activity, vandalism or carelessness. The system could be damaged as a result of a natural disaster such as a flood, fire or earthquake. The data could be deleted or changed through criminal activity, vandalism or carelessness. No matter what care you may take to protect a system, additional copies of data need to be made and stored on a regular basis. Copies of data are referred to as backups. Data Backup Backing up files can be accomplished either from a graphical user interface (GUI) that is installed with your computer operating system, or by using, software applications. You can even back up your essential files on online file storage sites. Always back up your data in at least 2 different places Tip sheet Backup guidelines You can backup your data by either synchronising the folders or by creating an archive. Folder synchronization makes sure that two different data sources are kept exactly the same using pre determined rules, no matter where the files are changed. Archiving, however, creates an exact copy of the source and can be set to compress data for better storage. Data backup software There are various data backup software applications available if you do not want to use your operating system. Here are some free ones that you can install Syncback (Windows) Dar disk backup ( Ubuntu ) Online Activity See a list of backup programmes. Module 1 Section 5 Computer Security Data BackupPowerPoint Presentation: Tip sheet X Close this Tip sheet Data Backup Once backups have been created, they should be stored in a secure area at a different site. Never keep backups on the same site as the system. They could be stolen or destroyed along with the rest of the system. Backups should be made on a very regular basis. Even for a small organisation, this should be done daily. Even the loss of a single day’s work would be a major problem. In large organisations backing up may take place on an ongoing basis. A schedule of backing up should be clear policy and strictly adhered to. More than one copy of data should be made. If the data is very valuable, the different copies could be stored in different secure locations. Different versions of the backup should be retained. The following is an example of a backup schedule that could be followed. The cycle of backing up starts on the first Monday of the month. At the end of each day of the week a backup is made. At the end of the week, there is a Monday, Tuesday, Wednesday ... Saturday backup. On Sunday a backup is created and labeled Week 1 backup. This is kept for the rest of the month. The weekday tapes are then reused and the process repeated. At the end of the month you end up with a series of weekly backups. The last one becomes the backup for the month and the process starts over the next month. At the end of the year you then have a series of monthly backups. Backup guidelines An appropriate medium for backing up must be used. In the case of companies this would generally be done using tape, although optical storage is becoming more common. For personal use, a CD or DVD makes an excellent backup. Never use diskettes for backup purposes. They are not reliable for this purpose. Even when backing up a PC, make multiple copies and keep them at another site for safe storage. You could, for example, use a safety deposit box at a bank. Often a network server has two identical hard drives, one being a mirror image of the other. This means that if one fails the other one can take over. In other words all the software on the first is identical to the software on the second. Software can be backed up by making a copy of the CD/DVD media and then storing the originals and using the backups to install from. This is allowed by most software manufacturers. The original is kept under lock and key along with the license numbers.PowerPoint Presentation: Implication of Theft Highly portable devices such as cell phones, PDAs and laptop computers can contain vital and confidential information. Even if the information is not confidential, it could be vital to your work. Losing your contact list or diary will seriously compromise your business operations. PDAs, cell phones and laptops usually contain contact lists and diaries. Make sure that copies of these are kept elsewhere. Cell phones and PDAs come with synchronisation software. This software links the device with a personal computer or laptop and updates each of them with the latest data. In other words, if you keep your diary on your PDA, synchronising will automatically update the diary (and contacts) on the PC or laptop. You should make sure that your diary and contact list are on two different devices. These should be kept apart so that they are unlikely to be stolen at the same time. Ideally, you should make backups of these at the end of every day and keep these backups in a safe location. Although you can at least retain your diary, contacts and files through the use of backups, loss of these can compromise your personal security if it falls into the wrong hands. For example, if you keep information of your bank and credit cards details on your PDA, cell phone or laptop, a criminal could make use of this personal information to gain access to your bank accounts if they steal these devices. Personal information and telephone numbers of friends and business colleagues could make them vulnerable to the actions of criminals. A good idea is to synchronise your essential information to an online site . Module 1 Section 5 Computer Security Data BackupPowerPoint Presentation: Module 1 Section 5 Computer Security Computer Viruses Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Trojans Worms Time bombs Logic bombs Macro-viruses Module 1 Section 5 Computer Security Computer Viruses Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A Trojan (or Trojan horse) is a virus that hides itself inside another legitimate programme. When the programme is used, the virus is released and can begin its work of replication and annoyance or damage. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A Worm is a program that replicates itself over and over in the computer’s memory until the computer can barely function. One of the signs of invasion by a worm is that the computer slows down. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A time bomb is a virus which lies dormant until a certain date or time or for a period of time. At this date or time, the virus suddenly becomes active and carries out whatever task it is programmed to do. This can include the deletion of everything on the hard drive. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A logic bomb is similar to a time bomb, except that instead of becoming active at a certain time, it becomes active when a particular activity happens. For example, instead of formatting a diskette, the virus causes the hard drive to be formatted. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play Video Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses Macro-viruses make use of a special customisation feature in applications called macros. Macros allow you to create mini-programs to carry out certain tasks in your applications.PowerPoint Presentation: Virus detection It is important that you are always aware of the possibility of a virus infection and should therefore look out for the telltale signs of your computer being infected. The following symptoms can be an indication of a virus infection: Your computer is running slower than usual and does not respond to basic commands. Applications do not want to open or behave strangely Files start disappearing. The free space on your computer is reduced and you know your data does not take up that much space. You see error messages that you have not seen before. Your computer does not want to start up. Applications that you have not opened, open by themselves and you struggle to close them. Your system constantly freezes and you have to reboot. Your computer takes long to start-up and to shut down. How do I know if my computer has been infected by a virus? Module 1 Section 5 Computer Security Computer Viruses Tip sheet How to detect if your computer has been infectedPowerPoint Presentation: Tip sheet X Close this Tip sheet Computer Viruses How to detect if your computer has been infected Look for the following signs: Your computer is running slower than usual and does not respond to basic commands . Applications do not want to open or behave strangely. Files start disappearing . The free space on your computer is reduced and you know your data does not take up that much space . You see error messages that you have not seen before . Your computer does not want to start up . Applications that you have not opened, open by themselves and you struggle to close them . Your system constantly freezes and you have to reboot . Your computer takes long to start-up and to shut down.PowerPoint Presentation: Virus Protection Now that you know what a computer virus is and how it is spread, you need to take measures to protect your computer from being invaded! You can protect yourself by … Using anti virus software and updating it regularly Following safe downloading practices Not using CD’s and other portable devices in your computer if you are not sure that it is virus free Not using pirated software Antivirus software The first line of defence is to install antivirus software. This software scans files for pieces of code, called signatures, which it recognises as part of a virus. It is not just enough to install the software, you also need to keep it up to date at all times in order to be protected. This is even more the case when you receive files regularly from outside sources like the internet. Updating antivirus software mostly involves updating the signature file. The actual antivirus programme itself will be updated from time to time with updates which include additional features and improved methods of scanning. It is important to keep in mind that no antivirus software is perfect. It is only as good as the techniques it uses for detecting viruses and the currency of the signature file. There is always the chance that a virus will go undetected. However, a good antivirus system installed on your system is essential and will usually detect most viruses. When a virus is detected, the software will attempt to remove the virus. This is called cleaning or disinfecting. It sometimes happens that the system can detect the virus but not get rid of it. In this case, you will usually be given the option of deleting or quarantining the infected file. When a file is quarantined, it is made unusable and so unable to spread the virus. A future update of the software may be able to remove the virus. If it can, the quarantine is removed. Set your computer to update your anti virus definitions automatically! Module 1 Section 5 Computer Security Computer VirusesPowerPoint Presentation: Best Practices when Downloading It is when we are connected to the internet that we are at our most vulnerable to virus attacks. It is therefore important that we establish a set of best practices whenever we browse the internet and download files. Tip sheet How to protect yourself when downloading Using Virus Scanning Applications Because viruses are still uncommon on Linux systems, there has not been a great deal of development of antivirus software. One example of open-source antivirus software that scans computer files as well as incoming emails is KlamAV . The Importance of Updating Virus-Scanning Software Regularly As viruses are created on an on-going basis, they need to be analysed continuously by the developers of antivirus software. Not only do the developers need to be able to extract the signature of the virus, they also need to analyse how the virus acts and how it can be removed from the programme . These changes then need to be incorporated into the antivirus software. Users in turn need to download these changes and update their software. The longer the period between updates, the more vulnerable computer systems are to the action of new viruses. Updates are often made available on a daily basis by developers. You will learn more about viruses and how to install software to protect your data in section 7. Module 1 Section 5 Computer Security Computer VirusesPowerPoint Presentation: Tip sheet X Close this Tip sheet Computer Viruses How to protect yourself when downloading Install good antivirus software and update it on a regular basis, for example at least once a month but preferably once a week. But always remember, antivirus software is not perfect. It cannot be the only measure you take. Scan all diskettes before reading them. Enable the auto-protection feature on the antivirus software to scan emails. Be wary of emails from unknown sources, particularly if they contain attachments. Some very careful users delete emails they are unsure of without opening them. Use an Internet Service Provider that scans emails before delivery. Do not download files/software from unknown Internet sites. Be careful of using diskettes from unknown sources. Do not install pirated software. Do not accept invites from criminals.PowerPoint Presentation: Additional online resources: Access all the online resources and articles related to this section For a condensed version of this entire section, use the cheat sheet To see a summary of all topics , assessment standards, videos and tip sheets, click here S Summary and additional resources In summary…. After studying this section you now know how to protect your computer from theft and viruses and can explain the term information security. You can now confidently: Explain what the term information security means and the importance of keeping personal and company information private. Describe the various procedures to safeguard your computer and data. Explain why it is important to backup your data and name the tools and practices for backing up data. Explain what a computer virus is, how it is spread and how to keep your computer virus free . Module 1 Section 5 Computer SecurityPowerPoint Presentation: X Close this Summary Sheet Summary of objects Click on the relevant linked topic to go back to the topic page. You can also click on the relevant icons, to read more articles online, watch the video offline or online on YouTube Read more online Watch the video offline Watch the video on Youtube Print a cheat sheet (PDF) Understand the term information security . Understand the importance of keeping personal information private . Understand the importance of protecting company information by educating employees and putting privacy, confidentiality and security policies in place . Understand how to physically protect your computer, software and data . Understand what a firewall is . Understand how to set access rights to protect your computer data . Understand the value of good password policies . Understand what data encryption is . Understand why it is important to backup your data . Understand the various options for backing up and restoring data . Be aware of possible implications of computer theft . Know what a computer virus is and the various types of viruses. Understand how computer viruses are spread and how to detect infection . Know how to protect your computer against computer viruses by following best practices . Cheat sheet . Print the tip sheet (PDF)PowerPoint Presentation: I am able to.. Assess your level of competency: 1 Definetely need more practice! 2 Getting there! 3 Can do it- No problems ! Self Assessment Use the Self evaluation rubric to assess your competency levels in this Section. Print the Self evaluation rubric GRADE CALCULATE SCORE Score: More than Excellent! You are ready to proceed to the assessment activities Score: Less than It is a good idea to click on the links to revise the parts that you did not feel confident about! Self evaluation rubric and activities Module 1 Section 5 Computer Security Understand the term information security . Understand the importance of keeping personal information private . Understand the importance of protecting company information by educating employees and putting privacy, confidentiality and security policies in place . Understand how to physically protect my computer, software and data . Understand what a firewall is . Understand how to set access rights to protect my computer data . Understand the value of good password policies . Understand what data encryption is . Understand why it is important to backup my data . Understand the various options for backing up and restoring data . Be aware of possible implications of computer theft . Know what a computer virus is and the various types of viruses. Understand how computer viruses are spread and how to detect infection . Know how to protect my computer against computer viruses by following best practices . 30 30 You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
CCNC Computer security ict4champions Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 57 Category: Entertainment License: Some Rights Reserved Like it (0) Dislike it (0) Added: August 11, 2012 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript PowerPoint Presentation: 8/11/2012 1 This section will take 8 hours to complete Section Overview In this section you will be introduced to protecting your computer from theft and viruses as well as understand the term information security. You will be familiar with privacy issues in computing and understand the importance of data backup. Module 1 Section 5 Computer SecurityPowerPoint Presentation: Units Learning Outcomes Competency Standards 1 What is information s ecurity ? Understand the term information security and the importance of keeping personal and company information private. Understand the term information security. Understand the importance of keeping personal information private. Understand the importance of protecting company information by educating employees and putting privacy, confidentiality and security policies in place. 2 Safeguarding data Understand the various procedures to safeguard your computer and data. Understand how to physically protect your computer, software and data. Understand what a firewall is. Understand how to set access rights to protect your computer data. Understand the value of good password policies. Understand what data encryption is. 3 Data backup Understand why it is important to backup your data and know the tools and practices for backing up data. Understand why it is important to backup your data. Understand the various options for backing up and restoring data. Be aware of possible implications of computer theft. 4 Computer viruses Know what a computer virus is, how it is spread and how to keep your computer virus free. Know what a computer virus is and the various types of viruses. Understand how computer viruses are spread and how to detect if your computer is infected. Know how to protect your computer against computer viruses by following best practices. Module 1 Section 5 Computer SecurityPowerPoint Presentation: Click on the button for the Self evaluation rubric and activities For a printable PDF Summary of the section , click on the button Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Module 1 Section 5 Computer SecurityPowerPoint Presentation: Module 1 Section 5 Computer Security Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Module 1 Section 5 Computer Security Information Security Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Information Security Because information and information technology are fundamental to just about all aspects of modern life, the modern era is often referred to as the Information age. By its very nature, much information is private and confidential. Information security therefore refers to all the procedures which are used to protect information from deliberate or accidental misuse or dissemination. Technically, it refers to the maintenance of the integrity of information. Integrity means that the information remains correct at all times and cannot be accessed by unauthorised agents. There are various ways in which to keep information safe. The first thing to do is to install software to protect the data on a computer. Then you need to make sure that the computer itself is safe from theft and environmental hazards. Unfortunately these two precautions will mean nothing if you do not make sure that you follow safety procedures. Let us look at the various elements that form part of computer security as well as the consequences of failing to keep your data safe. Personal Security If personal information such as health or finance status, personal or family issues and background details became available to unauthorised agents, this could lead to the standing of individuals being seriously compromised. In some cases it may have little more effect than a feeling of invasion of personal privacy, while in other cases it may lead to serious embarrassment, loss of status or job and even blackmail. Make sure that you keep your personal information safe at all times! Module 1 Section 5 Computer Security Information Security Click on picture to Play Video Click here to read more online about online personal securityPowerPoint Presentation: Organisational security Organisations or businesses function by trying to achieve a competitive edge. This is achieved by making better products and having better marketing strategies. If competitors found out the formulation of products or details of manufacturing or the marketing plans for new products, a company would lose its competitive edge. There is a whole dark area to business known as industrial espionage in which a variety of means are used to discover trade secrets and business dealings. Information can either be changed or deleted to sabotage the functioning of the organisation. It is therefore imperative to maintain the confidentiality of all company information at all times. Companies have to make sure that all the factors that can jeapardise the security of their information, must be taken into account. Not only do they have to ensure that employees take their personal security seriously, but also put procedures in place to make sure that confidentiality, integrity and the availability of their information are at all times secure. It calls for quite an involved system as is evident in the graphic alongside. Information Security Components Activity Investigate what companies are doing to safeguard their information by reading this Online | Offline article. Module 1 Section 5 Computer Security Information SecurityPowerPoint Presentation: Staff employment practices Protecting company information There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records. Module 1 Section 5 Computer Security Information Security Security proceduresPowerPoint Presentation: Security procedures Protecting company information There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records. Staff employment practices Good company security first and foremost starts with loyal and trustworthy staff. If staff members are likely to have access to sensitive information, they should be thoroughly screened before they are employed. The more sensitive the information they have access to, the more vital is this process. Promotion to more sensitive positions can be based on a good history or loyalty and trust. Part of the staff induction process and on-going staff training should inculcate in staff the importance of security and an awareness of the consequences of its violation. Module 1 Section 5 Computer Security Information Security Staff employment practicesPowerPoint Presentation: Protecting company information There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records. Security procedures Information should be classified on the basis of its sensitivity. Access rights to this information should be limited to those who need to know. To access certain information, an employee might need a special security clearance. All access to sensitive information should be recorded. The question of access rights is discussed further in the next section. Sensitive information that is stored in the form of paper files should be kept in a secure vault. Procedures should be in place to enable staff to report breaches or suspected breaches of security. They should be able to report these without fear of reprisal. In large organisations security departments can be established specifically for the purpose of providing such channels and monitoring security on an on-going basis. This is often done in conjunction with forensic auditing. This is a special form of auditing to detect mismanagement and corruption. Module 1 Section 5 Computer Security Information Security Staff employment practices Security proceduresPowerPoint Presentation: Module 1 Section 5 Computer Security Safeguarding data Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Privacy Issues Information stored on computers All computers from laptop computers to mainframes contain information. Much of this, whether corporate or personal, is confidential. Many thousands of laptop computers containing important company or State information have been stolen. Since most corporate records are now kept in electronic form on computer systems, procedures need to be put in place to protect the computers. Apart from deliberate violations by people, computers are also subject to accidental damage and natural disasters. Physical procedures Physical access to mainframes should be restricted to operators and systems administrators. Facilities should be fire and flood proof. Highly sensitive installations should also have adequate protection from criminal and terrorist activities. Desktop and laptop computers are very vulnerable to theft. A simple procedure is to only allow authorised people access to offices. The use of security cameras can also act as a deterrent. Desktop computers can be physically attached to the floor or a work surface. Laptop computers present the greatest risk. They are not only light and easy to pick up, but they are also more expensive and valuable than desktops. The best protection is not to let them out of sight. If a manager is staying at a hotel, he or she can leave the computer in the hotel safe rather than their room. You can also attach devices that will sound alarm if the laptop is moved or you can use the physical locking system that attaches the laptop with a wire to a table. Always make sure that your equipment is locked away or under your eyes! Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Privacy Issues Information stored on computers All computers from laptop computers to mainframes contain information. Much of this, whether corporate or personal, is confidential. Many thousands of laptop computers containing important company or State information have been stolen. Since most corporate records are now kept in electronic form on computer systems, procedures need to be put in place to protect the computers. Apart from deliberate violations by people, computers are also subject to accidental damage and natural disasters. Physical procedures Physical access to mainframes should be restricted to operators and systems administrators. Facilities should be fire and flood proof. Highly sensitive installations should also have adequate protection from criminal and terrorist activities. Desktop and laptop computers are very vulnerable to theft. A simple procedure is to only allow authorised people access to offices. The use of security cameras can also act as a deterrent. Desktop computers can be physically attached to the floor or a work surface. Laptop computers present the greatest risk. They are not only light and easy to pick up, but they are also more expensive and valuable than desktops. The best protection is not to let them out of sight. If a manager is staying at a hotel, he or she can leave the computer in the hotel safe rather than their room. You can also attach devices that will sound alarm if the laptop is moved or you can use the physical locking system that attaches the laptop with a wire to a table. Always make sure that your equipment is locked away or under your eyes! Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Software procedures Information can be stolen, altered or deleted without the computer being physically removed. The information may even be accessed across the Internet. It is therefore important to have systems in place to ensure that data cannot be accessed by any unauthorised person via the internet. Firewalls A firewall is the first line of defense against hackers. It is a computer programme that is installed on a computer that connects a network to the Internet. The firewall analyses the packets that pass in and out of the network. It is programmed to follow certain rules which enable it to decide whether or not to allow a packet to pass. There is firewall software available that can be installed on a stand-alone PC. Online Activity Read more about how firewalls work. Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password Policy Guidelines Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Tip sheet Password guidelines Password: Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Password: Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: They should never be blank. Most secure systems will not allow you to leave the password field blank. Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: They should not be the names of family members or pets or anything else that would be easy for an intruder to try out. fluffie Fluff1ethed0g12# Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: Ideally they should never be words, especially words like administrator, admin or root. mypassword admin Adm1nman1*&^% Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: fluffie They should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. Me Adm1nman1*&^% Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. S6g4%2mK9 Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: fluffie Fluff1ethed0g12# mypassword admin Adm1nman1*&^% Me Adm1nman1*&^% S6g4%2mK9 Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. M1Gg$#@12 Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Access rights Access rights include access to both a computer and its software applications. In a physical sense, these refer to different members of staff who have to gain physical access to certain computer areas. For example, access to the room containing the mainframe may be restricted to operators. Software rights refer to the level of access different users have to different levels of data and information. For example, some users may have no access to certain data, others may only be able to read the data but not change it. Others in turn may have full rights to create and change data. Access rights are associated with a user id and password. A user id could be a user name or a combination of letters and numbers. To log on to a system a user would need a user id and a password. As other users may know the user id of colleagues, another level of security in terms of passwords needs to be added. Passwords are private and should never be divulged to anyone else. Users could have several user ids, each with a different level of security. They would log on each time with the lowest level of security they need to accomplish a given task. Password policies Password policies refer to guidelines or requirements on the structure and use of passwords. They can be required for access to a computer system or a group of files or a single file. The following are some guidelines for password policies: Password: They should never be blank. Most secure systems will not allow you to leave the password field blank They should not be the names of family members or pets or anything else that would be easy for an intruder to try out. fluffie Fluff1ethed0g12# Ideally they should never be words, especially words like administrator, admin or root. mypassword admin They should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. Adm1nman1*&^% Me Adm1nman1*&^% A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. S6g4%2mK9 Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. M1Gg$#@12 When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT / 2000 / XP / 2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Make sure that you do not set your computer or application to keep you signed in as anybody will be able to sign into your application. Module 1 Section 5 Computer Security Safeguarding data Password Policy Guidelines Tip sheet Password guidelinesPowerPoint Presentation: Tip sheet Close this Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: XPowerPoint Presentation: Close this Tip sheet Password: Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Fluff1ethed0g12# XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Fluff1ethed0g12# mypassword admin Adm1nman1*&^% XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Me Adm1nman1*&^% XPowerPoint Presentation: Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: S6g4%2mK9 XPowerPoint Presentation: X Close this Tip sheet Tip sheet Safeguarding data Passwords should never be blank. Passwords should not be the names of family members or pets or anything else that would be easy for an intruder to try out. Ideally passwords should never be words, especially words like administrator, admin or root. Passwords should never be less than five characters and preferably longer. Short passwords can easily be determined by a brute force password cracker. This is a piece of software that repeatedly feeds in all combinations of letters and numbers until access is gained. With short passwords this can be done in seconds. A good policy is to use a meaningless combination of letters and numbers that is seven or eight characters long. What some users do is to take a meaningful word such as looking and replace the o with the number 0 and the letter i with the number 1 so that the password becomes l00k1ng. You could also make a less obvious change, for example replace k with 3 and g with 9 so that the password becomes loo3in9. Passwords should be changed on a regular basis. Administrators can set a policy that automatically causes passwords to expire after a certain period of time, for example 7 days. When using a PC, you would need to use an operating system that provides genuine access protection with a user id and password. This means using Linux or Windows NT/2000/XP/2003. In Windows 95/98/Me the logon procedure can be bypassed. If Windows NT, 2000, XP or 2003 are used, it should be in conjunction with the NTFS file system (NTFS is the standard file system of Windows NT and later versions of Windows). Password guidelines Password: fluffie Fluff1ethed0g12# mypassword admin Adm1nman1*&^% Me Adm1nman1*&^% S6g4%2mK9 M1Gg$#@12PowerPoint Presentation: Data encryption Data encryption has various uses in our everyday lives. In e-commerce it is used to make sure that financial transactions are secure. Companies use it to stop industrial espionage, governments and the military use it to keep information secret and individuals in oppressed situations have used it to pass on valuable information to the outside world. It is a way in which to turn ordinary plain text data into a version that cannot be read without a “key”. The key can be a programme that will make it possible for the receiver of the message to open it. An example of this is bank documents like statements that are sent to you via e-mail. The bank has made sure, however, that you have a software programme with a key, that will enable you to open the document. Without this software you will not be able to read your statement. Activity Read more about how data encryption works. Module 1 Section 5 Computer Security Safeguarding dataPowerPoint Presentation: Module 1 Section 5 Computer Security Data Backup Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Vulnerability of data Data is vulnerable in many ways. The system on which it is stored can fail. For example, a hard drive may crash due to component failure. The medium itself may become corrupt. Where data is stored on a magnetic medium, this can become corrupt due to a number of factors including moisture, heat, magnetic fields and electromagnetic radiation. Even optical storage which is highly reliable should never be regarded as infallible. The system can be stolen. The system could be physically damaged through war, criminal activity, vandalism or carelessness. The system could be damaged as a result of a natural disaster such as a flood, fire or earthquake. The data could be deleted or changed through criminal activity, vandalism or carelessness. No matter what care you may take to protect a system, additional copies of data need to be made and stored on a regular basis. Copies of data are referred to as backups. Data Backup Backing up files can be accomplished either from a graphical user interface (GUI) that is installed with your computer operating system, or by using, software applications. You can even back up your essential files on online file storage sites. Always back up your data in at least 2 different places Tip sheet Backup guidelines You can backup your data by either synchronising the folders or by creating an archive. Folder synchronization makes sure that two different data sources are kept exactly the same using pre determined rules, no matter where the files are changed. Archiving, however, creates an exact copy of the source and can be set to compress data for better storage. Data backup software There are various data backup software applications available if you do not want to use your operating system. Here are some free ones that you can install Syncback (Windows) Dar disk backup ( Ubuntu ) Online Activity See a list of backup programmes. Module 1 Section 5 Computer Security Data BackupPowerPoint Presentation: Tip sheet X Close this Tip sheet Data Backup Once backups have been created, they should be stored in a secure area at a different site. Never keep backups on the same site as the system. They could be stolen or destroyed along with the rest of the system. Backups should be made on a very regular basis. Even for a small organisation, this should be done daily. Even the loss of a single day’s work would be a major problem. In large organisations backing up may take place on an ongoing basis. A schedule of backing up should be clear policy and strictly adhered to. More than one copy of data should be made. If the data is very valuable, the different copies could be stored in different secure locations. Different versions of the backup should be retained. The following is an example of a backup schedule that could be followed. The cycle of backing up starts on the first Monday of the month. At the end of each day of the week a backup is made. At the end of the week, there is a Monday, Tuesday, Wednesday ... Saturday backup. On Sunday a backup is created and labeled Week 1 backup. This is kept for the rest of the month. The weekday tapes are then reused and the process repeated. At the end of the month you end up with a series of weekly backups. The last one becomes the backup for the month and the process starts over the next month. At the end of the year you then have a series of monthly backups. Backup guidelines An appropriate medium for backing up must be used. In the case of companies this would generally be done using tape, although optical storage is becoming more common. For personal use, a CD or DVD makes an excellent backup. Never use diskettes for backup purposes. They are not reliable for this purpose. Even when backing up a PC, make multiple copies and keep them at another site for safe storage. You could, for example, use a safety deposit box at a bank. Often a network server has two identical hard drives, one being a mirror image of the other. This means that if one fails the other one can take over. In other words all the software on the first is identical to the software on the second. Software can be backed up by making a copy of the CD/DVD media and then storing the originals and using the backups to install from. This is allowed by most software manufacturers. The original is kept under lock and key along with the license numbers.PowerPoint Presentation: Implication of Theft Highly portable devices such as cell phones, PDAs and laptop computers can contain vital and confidential information. Even if the information is not confidential, it could be vital to your work. Losing your contact list or diary will seriously compromise your business operations. PDAs, cell phones and laptops usually contain contact lists and diaries. Make sure that copies of these are kept elsewhere. Cell phones and PDAs come with synchronisation software. This software links the device with a personal computer or laptop and updates each of them with the latest data. In other words, if you keep your diary on your PDA, synchronising will automatically update the diary (and contacts) on the PC or laptop. You should make sure that your diary and contact list are on two different devices. These should be kept apart so that they are unlikely to be stolen at the same time. Ideally, you should make backups of these at the end of every day and keep these backups in a safe location. Although you can at least retain your diary, contacts and files through the use of backups, loss of these can compromise your personal security if it falls into the wrong hands. For example, if you keep information of your bank and credit cards details on your PDA, cell phone or laptop, a criminal could make use of this personal information to gain access to your bank accounts if they steal these devices. Personal information and telephone numbers of friends and business colleagues could make them vulnerable to the actions of criminals. A good idea is to synchronise your essential information to an online site . Module 1 Section 5 Computer Security Data BackupPowerPoint Presentation: Module 1 Section 5 Computer Security Computer Viruses Data Backup Safeguarding data Information Security Computer Viruses Summary and additional resources Self evaluation rubric and activities Understand the term “information security” and the importance of keeping personal and company information private. Understand the various procedures to safeguard your computer and data . Understand why it is important to backup your data and know the tools and practices for backing up data. Know what a computer virus is, how it is spread and how to keep your computer virus free.PowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Trojans Worms Time bombs Logic bombs Macro-viruses Module 1 Section 5 Computer Security Computer Viruses Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A Trojan (or Trojan horse) is a virus that hides itself inside another legitimate programme. When the programme is used, the virus is released and can begin its work of replication and annoyance or damage. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A Worm is a program that replicates itself over and over in the computer’s memory until the computer can barely function. One of the signs of invasion by a worm is that the computer slows down. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A time bomb is a virus which lies dormant until a certain date or time or for a period of time. At this date or time, the virus suddenly becomes active and carries out whatever task it is programmed to do. This can include the deletion of everything on the hard drive. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses A logic bomb is similar to a time bomb, except that instead of becoming active at a certain time, it becomes active when a particular activity happens. For example, instead of formatting a diskette, the virus causes the hard drive to be formatted. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play VideoPowerPoint Presentation: Computer Viruses A computer virus is a program that is deliberately created to cause annoyance, alter or delete data. Some viruses cause computer systems to slow down to the point where they are not usable. One of the features of viruses is that they are designed to replicate and spread. Spread of computer viruses Viruses are spread in a number of ways: Downloads from the Internet. Pirated software. Exchange of CD’s and flash drives. In attachments to emails and in emails themselves. In documents – macro-virus, described above, can be hidden in ordinary documents, spreadsheets and presentations. Don’t ever open an attachment from anybody that you don’t know! Click on picture to Play Video Module 1 Section 5 Computer Security Computer Viruses Trojans Worms Time bombs Logic bombs Macro-viruses Macro-viruses make use of a special customisation feature in applications called macros. Macros allow you to create mini-programs to carry out certain tasks in your applications.PowerPoint Presentation: Virus detection It is important that you are always aware of the possibility of a virus infection and should therefore look out for the telltale signs of your computer being infected. The following symptoms can be an indication of a virus infection: Your computer is running slower than usual and does not respond to basic commands. Applications do not want to open or behave strangely Files start disappearing. The free space on your computer is reduced and you know your data does not take up that much space. You see error messages that you have not seen before. Your computer does not want to start up. Applications that you have not opened, open by themselves and you struggle to close them. Your system constantly freezes and you have to reboot. Your computer takes long to start-up and to shut down. How do I know if my computer has been infected by a virus? Module 1 Section 5 Computer Security Computer Viruses Tip sheet How to detect if your computer has been infectedPowerPoint Presentation: Tip sheet X Close this Tip sheet Computer Viruses How to detect if your computer has been infected Look for the following signs: Your computer is running slower than usual and does not respond to basic commands . Applications do not want to open or behave strangely. Files start disappearing . The free space on your computer is reduced and you know your data does not take up that much space . You see error messages that you have not seen before . Your computer does not want to start up . Applications that you have not opened, open by themselves and you struggle to close them . Your system constantly freezes and you have to reboot . Your computer takes long to start-up and to shut down.PowerPoint Presentation: Virus Protection Now that you know what a computer virus is and how it is spread, you need to take measures to protect your computer from being invaded! You can protect yourself by … Using anti virus software and updating it regularly Following safe downloading practices Not using CD’s and other portable devices in your computer if you are not sure that it is virus free Not using pirated software Antivirus software The first line of defence is to install antivirus software. This software scans files for pieces of code, called signatures, which it recognises as part of a virus. It is not just enough to install the software, you also need to keep it up to date at all times in order to be protected. This is even more the case when you receive files regularly from outside sources like the internet. Updating antivirus software mostly involves updating the signature file. The actual antivirus programme itself will be updated from time to time with updates which include additional features and improved methods of scanning. It is important to keep in mind that no antivirus software is perfect. It is only as good as the techniques it uses for detecting viruses and the currency of the signature file. There is always the chance that a virus will go undetected. However, a good antivirus system installed on your system is essential and will usually detect most viruses. When a virus is detected, the software will attempt to remove the virus. This is called cleaning or disinfecting. It sometimes happens that the system can detect the virus but not get rid of it. In this case, you will usually be given the option of deleting or quarantining the infected file. When a file is quarantined, it is made unusable and so unable to spread the virus. A future update of the software may be able to remove the virus. If it can, the quarantine is removed. Set your computer to update your anti virus definitions automatically! Module 1 Section 5 Computer Security Computer VirusesPowerPoint Presentation: Best Practices when Downloading It is when we are connected to the internet that we are at our most vulnerable to virus attacks. It is therefore important that we establish a set of best practices whenever we browse the internet and download files. Tip sheet How to protect yourself when downloading Using Virus Scanning Applications Because viruses are still uncommon on Linux systems, there has not been a great deal of development of antivirus software. One example of open-source antivirus software that scans computer files as well as incoming emails is KlamAV . The Importance of Updating Virus-Scanning Software Regularly As viruses are created on an on-going basis, they need to be analysed continuously by the developers of antivirus software. Not only do the developers need to be able to extract the signature of the virus, they also need to analyse how the virus acts and how it can be removed from the programme . These changes then need to be incorporated into the antivirus software. Users in turn need to download these changes and update their software. The longer the period between updates, the more vulnerable computer systems are to the action of new viruses. Updates are often made available on a daily basis by developers. You will learn more about viruses and how to install software to protect your data in section 7. Module 1 Section 5 Computer Security Computer VirusesPowerPoint Presentation: Tip sheet X Close this Tip sheet Computer Viruses How to protect yourself when downloading Install good antivirus software and update it on a regular basis, for example at least once a month but preferably once a week. But always remember, antivirus software is not perfect. It cannot be the only measure you take. Scan all diskettes before reading them. Enable the auto-protection feature on the antivirus software to scan emails. Be wary of emails from unknown sources, particularly if they contain attachments. Some very careful users delete emails they are unsure of without opening them. Use an Internet Service Provider that scans emails before delivery. Do not download files/software from unknown Internet sites. Be careful of using diskettes from unknown sources. Do not install pirated software. Do not accept invites from criminals.PowerPoint Presentation: Additional online resources: Access all the online resources and articles related to this section For a condensed version of this entire section, use the cheat sheet To see a summary of all topics , assessment standards, videos and tip sheets, click here S Summary and additional resources In summary…. After studying this section you now know how to protect your computer from theft and viruses and can explain the term information security. You can now confidently: Explain what the term information security means and the importance of keeping personal and company information private. Describe the various procedures to safeguard your computer and data. Explain why it is important to backup your data and name the tools and practices for backing up data. Explain what a computer virus is, how it is spread and how to keep your computer virus free . Module 1 Section 5 Computer SecurityPowerPoint Presentation: X Close this Summary Sheet Summary of objects Click on the relevant linked topic to go back to the topic page. You can also click on the relevant icons, to read more articles online, watch the video offline or online on YouTube Read more online Watch the video offline Watch the video on Youtube Print a cheat sheet (PDF) Understand the term information security . Understand the importance of keeping personal information private . Understand the importance of protecting company information by educating employees and putting privacy, confidentiality and security policies in place . Understand how to physically protect your computer, software and data . Understand what a firewall is . Understand how to set access rights to protect your computer data . Understand the value of good password policies . Understand what data encryption is . Understand why it is important to backup your data . Understand the various options for backing up and restoring data . Be aware of possible implications of computer theft . Know what a computer virus is and the various types of viruses. Understand how computer viruses are spread and how to detect infection . Know how to protect your computer against computer viruses by following best practices . Cheat sheet . Print the tip sheet (PDF)PowerPoint Presentation: I am able to.. Assess your level of competency: 1 Definetely need more practice! 2 Getting there! 3 Can do it- No problems ! Self Assessment Use the Self evaluation rubric to assess your competency levels in this Section. Print the Self evaluation rubric GRADE CALCULATE SCORE Score: More than Excellent! You are ready to proceed to the assessment activities Score: Less than It is a good idea to click on the links to revise the parts that you did not feel confident about! Self evaluation rubric and activities Module 1 Section 5 Computer Security Understand the term information security . Understand the importance of keeping personal information private . Understand the importance of protecting company information by educating employees and putting privacy, confidentiality and security policies in place . Understand how to physically protect my computer, software and data . Understand what a firewall is . Understand how to set access rights to protect my computer data . Understand the value of good password policies . Understand what data encryption is . Understand why it is important to backup my data . Understand the various options for backing up and restoring data . Be aware of possible implications of computer theft . Know what a computer virus is and the various types of viruses. Understand how computer viruses are spread and how to detect infection . Know how to protect my computer against computer viruses by following best practices . 30 30