ICDL
PROFILE
Presented by : Shajid C
MODULE - 12
IT SECURITY
SECURITY CONCEPTS
International Computer Driving License Module 12
Data Threats
Distinguish between data and information.
Understand the term cybercrime.
Understand the difference between hacking,
cracking and ethical hacking.
Recognise threats to data from force majeure
like: fire, floods, war, earthquake.
Recognise threats to data from: employees,
service providers and external individuals.
International Computer Driving License Module 12
ExecuTrain of Qatar
Distinguish between data and information
Data is raw, unorganized facts that need to be
processed. Data can be something simple and
seemingly random and useless until it is
organized.
When data is processed, organized, structured or
presented in a given context so as to make it
useful, it is called information.
International Computer Driving License Module 5
ExecuTrain of Qatar
Cybercrime
Identity Theft
Phishing
Hacking
Downloading illegal music or videos.
Electronic Vandalism, terrorism and extortion.
Illegal interception of communications.
Inappropriate and other offensive material
Electronic money laundering.
International Computer Driving License Module 12
ExecuTrain of Qatar
Hacking / Cracking/ Ethical Hacking
International Computer Driving License Module 12
ExecuTrain of Qatar
Threats to data from force majeure
Force Majeure relates to unforeseen events beyond
the control of the company.
Fire
Floods
War
Earthquake.
International Computer Driving License Module 12
ExecuTrain of Qatar
Other threats to data
Employees
Service providers
External individuals
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
Reasons for protecting personal
information like:
Avoiding identity theft
Name, Credit Card Number, Address, DOB, etc.
Fraud
Borrow money
Obtain Services
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
cont..
Reasons for protecting commercially sensitive
information like:
Preventing theft or misuse of :
Client details
Financial information
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
cont..
Identify measures for preventing unauthorised
access to data like:
Encryption
Digital ID (Private Key)
Certificate (Public Key)
Passwords
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
cont..
Basic characteristics of information security like:
Confidentiality
Integrity
Availability
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
cont..
Identify the main data/privacy protection, retention
and control requirements in your country.
Data Protection Act.
1995 European Data Protection Directive
To Protect the rights of the Data Subject
To set out the responsibilities of the data controller
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
cont..
Rights of the Data Subject:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate
Not kept longer than necessary
Processed in accordance with the data subject rights
Secure
Not transferred to countries without adequate data
protection
International Computer Driving License Module 12
ExecuTrain of Qatar
Value of Information
cont..
Importance of creating and adhering to guidelines
and policies for ICT use.
Firewall
Automatic Updates
Anti virus
Anti-spyware
Passwords
Internet Security
Install and Uninstall Devices or Software's.
International Computer Driving License Module 12
ExecuTrain of Qatar
Personal Security
Social engineering
Information gathering.
Fraud.
Computer system access.
International Computer Driving License Module 12
ExecuTrain of Qatar
Methods Of Social Engineering
Phone Calls
Phishing
Shoulder Surfing
International Computer Driving License Module 12
ExecuTrain of Qatar
Identity theft and its implications
Personal
Financial
Business
Legal
International Computer Driving License Module 12
ExecuTrain of Qatar
Methods of identity theft
Information Diving
Skimming
Pretexting
International Computer Driving License Module 12
ExecuTrain of Qatar
File Security
Understand the effect of enabling/ disabling
macro security settings.
Set a password for files like:
Documents
Compressed files
Spreadsheets
International Computer Driving License Module 12
ExecuTrain of Qatar
Encryption
Advantages Of Encryption
Limitations Of Encryption
International Computer Driving License Module 12
ExecuTrain of Qatar
MALWARE
International Computer Driving License Module 12
ExecuTrain of Qatar
Malware
Trojans
Rootkits
Backdoors
International Computer Driving License
Infectious Malware
Viruses
Worms
International Computer Driving License Module 12
ExecuTrain of Qatar
Malwares
Types of data theft, profit generating/extortion
malwares :
Adware
Spyware
Botnets
Keystroke Logging
Diallers
International Computer Driving License Module 12
ExecuTrain of Qatar
Anti-virus software
Anti-Virus
Limitations of Anti-Virus
Virus Scan
Specific drives
Folders
Files using
Schedule scans
International Computer Driving License Module 12
ExecuTrain of Qatar
Anti-virus software
Quarantine : Effect of quarantining
infected/suspicious files.
International Computer Driving License Module 12
ExecuTrain of Qatar
Anti-virus software - Installation
Importance of :
Downloading and installing software updates
Anti-virus definition files
International Computer Driving License Module 12
ExecuTrain of Qatar
NETWORK SECURITY
International Computer Driving License Module 12
ExecuTrain of Qatar
Networks
Network types:
Local area network (LAN)
Wide area network (WAN)
Virtual private network (VPN)
International Computer Driving License
Role of the network administrator
Managing the:
Authentication
Authorisation
Accounting
International Computer Driving License Module 12
ExecuTrain of Qatar
Firewall
Functions
Limitations
International Computer Driving License Module 12
ExecuTrain of Qatar
Network Connections
Cables
Wireless
International Computer Driving License Module 12
ExecuTrain of Qatar
Network Security Implications
Malware
Unauthorised data access
Maintaining Privacy
International Computer Driving License Module 12
ExecuTrain of Qatar
Wireless Security
Password for Wireless network.
Wired Equivalent Privacy (WEP)
Encryption using Network Security key.
Wi-Fi Protected Access (WPA)
Media Access Control (MAC)
International Computer Driving License Module 12
ExecuTrain of Qatar
Unprotected Network - Security issues
Visibility to other users
International Computer Driving License Module 12
ExecuTrain of Qatar
Connect to a Wi-Fi network
International Computer Driving License Module 12
ExecuTrain of Qatar
Access Control
Network Account
Login
Username and Password
Password Policies
Easy to remember difficult to guess
Minimum Eight Characters
Mix of Numbers letters symbols
Case sensitive
International Computer Driving License Module 12
ExecuTrain of Qatar
Biometric Security
Fingerprint Scanning
Facial Recognition
Voice Recognition
Eye Scanning
International Computer Driving License Module 12
ExecuTrain of Qatar
SECURE WEB USE
International Computer Driving License Module 12
ExecuTrain of Qatar
Web Browsing
Be aware that certain online activity (purchasing,
financial transactions) should only be undertaken
on secure web pages.
Identify a secure website like:
https
lock symbol
International Computer Driving License Module 12
ExecuTrain of Qatar
Pharming
Pharming is a cyber attack intended to redirect a
website's traffic to another, fake site.
Pharming can be conducted either by changing
the hosts file on a victim's computer or by
exploitation of a vulnerability in DNS server
software
International Computer Driving License Module 12
ExecuTrain of Qatar
Digital Certificate
In cryptography, a public key certificate (also
known as a digital certificate or identity
certificate) is an electronic document used to
prove ownership of a public key.
Secure Socket Layer (SSL)
Transport Layer Security (TSL)
International Computer Driving License Module 12
ExecuTrain of Qatar
SSL
International Computer Driving License Module 12
ExecuTrain of Qatar
One Time Password - OTP
A one-time password is a password that is valid
for only one login session or transaction, on a
computer system or other digital device.
International Computer Driving License Module 12
ExecuTrain of Qatar
Browser Settings
Autocomplete
Cookie
Delete Private Data
International Computer Driving License Module 12
ExecuTrain of Qatar
Content Control
Internet filtering software,
Parental control software.
International Computer Driving License Module 12
ExecuTrain of Qatar
Social Networking
Understand the importance of not disclosing
confidential information on social networking
sites
International Computer Driving License Module 12
ExecuTrain of Qatar
Social Networking
Cont..
Be aware of the need to apply appropriate social
networking account privacy settings.
Understand potential dangers when using social
networking sites like:
Cyber Bullying
Grooming
Misleading/Dangerous Information
False Identities
Fraudulent Links Or Messages.
International Computer Driving License Module 12
ExecuTrain of Qatar
COMMUNICATIONS
International Computer Driving License Module 12
ExecuTrain of Qatar
Encrypting, Decrypting An Email
Understand the purpose of encrypting, decrypting
an email.
Understand the term digital signature.
Create and add a digital signature.
International Computer Driving License Module 12
ExecuTrain of Qatar
eMail Security
Be aware of the possibility of receiving fraudulent
and unsolicited e-mail
Understand the term phishing. Identify common
characteristics of phishing like: using names of
legitimate companies, people, false web links.
Be aware of the danger of infecting the computer
with malware by opening an e-mail attachment
that contains a macro or an executable file.
International Computer Driving License Module 12
ExecuTrain of Qatar
Instant Messaging
Understand the term instant messaging (IM) and
its uses
Understand the security vulnerabilities of IM like:
malware, backdoor access, access to files.
Recognise methods of ensuring confidentiality
while using IM like: encryption, non-disclosure
of important information, restricting file sharing
International Computer Driving License Module 12
ExecuTrain of Qatar
SECURE DATA MANAGEMENT
International Computer Driving License Module 12
ExecuTrain of Qatar
Securing and Backing Up Data
Recognise ways of ensuring physical security of
devices like: log equipment location and details,
use cable locks, access
control.
International Computer Driving License Module 12
ExecuTrain of Qatar
Securing and Backing Up Data
Recognise the importance of
having a back-up procedure in case of loss of
data, financial records, web bookmarks/history.
International Computer Driving License Module 12
ExecuTrain of Qatar
Securing and Backing Up Data
Identify the features of a backup procedure like:
regularity/frequency, schedule, storage location.
International Computer Driving License Module 12
ExecuTrain of Qatar
Back up and Restore data
Back up data.
Restore and validate backed up data.
International Computer Driving License Module 12
ExecuTrain of Qatar
Secure Destruction
Understand the reason for permanently deleting
data from drives or devices.
Distinguish between deleting and permanently
destroying data
International Computer Driving License Module 12
ExecuTrain of Qatar
Secure Destruction
Identify common methods of permanently
destroying data like:
shredding
drive/media destruction
degaussing
Using data destruction utilities.
International Computer Driving License Module 12
ExecuTrain of Qatar
International Computer Driving License