This section introduces you to personal data and device security concepts and gives you practice configuring firewalls and anti-malware software on Windows. After finishing this section, you should be able to:
Describe
the most important safeguards in protecting yourself from Internet security
risks.
Describe
best practices for using secure passwords.
Define
different kinds of malware and know how to avoid them.
Safely
spend money on the Internet.
Configure
Windows Defender to protect your home computer from malware.
Configure
Windows Firewall for different networks.
Device Password A security concern regarding network devices and other devices, such smartphones, that give the option of using the device without a password.
Firewall A device that controls the flow of network traffic to protect systems from unauthorized network connections.
Anti-Malware Software Software that helps protect against malicious software infections.
Anti-Spam Software Software that helps remove unwanted, unsolicited email.
Ecommerce The buying and selling of products or services electronically, typically through the Internet.
Topics Discussed:
What
are the most common types of computer security risks?
What
can you do to protect yourself against Internet security risks?
What
are some safeguards you should consider when making online purchases?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.5: Personal Data and Device Security, and achieve a score of 80% or higher on the 15 question Exam to complete the Section.
Assigned: January 23rd, 2020 Teacher Pacing Due Date: January 24th, 2020
Follow along with the in-class demonstration to learn how the Caesar Cipher (also known as the Shift Cipher) works, and how you can use it to encode and decode text messages.
Follow the Instructable to learn how keywords can be incorporated with this cipher to make it more difficult to decrypt.
I have placed 8 encrypted messages around the perimeter of the room. Work together to decrypt them all! Submit a Google Doc to my Google Classroom page with the decrypted messages by the end of the day tomorrow.
Some of the decrypted messages lead to treasure! The first to decode each message gets the goods!
Remember, you may work together, but each student must submit their own original document to the Google Classroom page by tomorrow to receive credit for the lab. Don’t put more than one name on your document, and don’t submit someone else’s document as your own!
Assigned: January 21st, 2020 Due Date: January 22nd, 2020
This section introduces you to basic security concepts, including authentication, authorization, accounting, and encryption. After finishing this section, you should be able to:
Describe
the most common authentication types and when to use them.
Explain
the purpose of multifactor authentication.
Describe
various models for creating and maintaining access control lists.
Explain
why access control frameworks need to keep track of who gains access to the system.
Type 1 Authentication A type of authentication that requires the user to provide something that they know, such as a password or PIN.
Type 2 Authentication A type of authentication that requires the user to provide something that they have, such as a key, fob, electronic chip, or smart card.
Type 3 Authentication A type of authentication that requires the user to provide something that they are, such as a fingerprint, handprint, retinal pattern, face, or voice.
Multifactor Authentication Authentication that requires two or more evidences of authentication, usually of different types.
Single Sign-on A method of authenticating with one system to gain access to other related systems.
Discretionary Access Control (DAC) A type of access control where a user has complete control over a resource, and also determines the permissions other users have to those resources.
Role-based Access Control (RBAC) A type of access control that restricts access based on the user’s role in an organization.
Mandatory Access Control (MAC) A type of access control that historically was associated with multilevel security and military systems and may use a security clearance to restrict access to resources. The security manager controls the security policy, and users aren’t able to override the policy.
Accounting The process of keeping track of user activity while attached to a system.
Logging The capturing and storing of computer and user events.
Non-repudiation The ability to ensure that someone can’t deny that they performed a certain act.
Caesar Cipher An early example of encryption used by Julius Caesar to send confidential military messages.
Data at Rest Data in a persistent storage medium, such as a hard drive or optical disc.
Data in Transit Data that are being transported from one device to another, whether by radio, electrical, or light signals.
Topics Discussed:
What
are the most common and the most secure ways to authenticate a person to a
computer or a network?
How
do information systems assign access control permissions to particular users?
When
is it important to use different types of data encryption?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.4: Security Concepts, and achieve a score of 80% or higher on the 15 question Exam to complete the Section.
Assigned: January 16th, 2020 Teacher Pacing Due Date: January 17th, 2020
This section introduces you to the most common threats to data confidentiality, integrity, and availability. After finishing this section, you should be able to :
Describe the most common threats to data confidentiality.
Describe the most common threats to data integrity.
Describe the most common threats to data availability.
Identify common social engineering techniques used by hackers to gain access to online data.
Evaluate email messages to determine if they represent a possible social engineering attack
Snooping Attempting to secretively discover private information about a person, company, or other entity.
Wiretapping A form of eavesdropping that uses programs such as packet sniffers to capture data being transmitted over a network.
Social Engineering The use of deception to gain personal and/or private information for unlawful purposes.
Reconnaissance The passive gathering of information about a potential victim.
Pretexting Tricking a victim into revealing sensitive information under false pretenses.
Email Attack Exploiting a victim using email messages.
Browser Attack Convincing a victim that they are performing a legitimate task within their web browser window when, in fact, they are being tricked into revealing sensitive information or installing malware on their computer.
Man-in-the-Middle Attack An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
Replay Attack An attempt to connect to a server by capturing and resending authentication information.
Impersonation TCP session hacking and other methods where an attacker takes over the communication to a server by appearing to be the victim.
Denial of Service An attack that attempts to overload a system so that the services it provides are no longer available to legitimate network clients.
Topics Discussed:
How
can businesses and individuals protect confidential information?
What
are some of the most common ways hackers gain unauthorized access to online
data?
What
are the biggest threats to business data availability?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.3: Threats to Data, and achieve a score of 80% or higher on the 15 question Exam to complete the Section.
Assigned: January 14th, 2020 Teacher Pacing Due Date: January 15th, 2020
This section introduces you to data and information assets, intellectual property laws, and digital privacy. After finishing this section, you should be able to:
Describe the relationship between data and information assets.
Identify the basic steps in the data analytics process.
Describe the implications of copyright and intellectual property laws for Internet use.
Explain how much privacy you can expect when using the Internet for social networking, file sharing, and financial transactions.
Explain how much privacy you can expect when using computers at work.
Data Analytics The process of turning data points into useful information.
Copyright Protections granted by the federal government to creators, writers, and inventors regarding rights to reproduce, display, make derivatives of, sell, rent, or lend a work.
Intellectual Property Anything that is owned by a copyright holder.
Piracy The crime of using someone else’s intellectual property in a way that should be reserved for the copyright holder.
Fair Use An exception to copyright law that allows short excerpts of a copyrighted work to be used for purposes that benefit the public.
Public Domain Works whose copyrights have expired and are free for anyone to reproduce, display, and make derivatives.
Proprietary Software Any software where the publisher retains intellectual property rights to the source code.
Open-source Software Software where anyone can inspect, enhance, and modify the source code.
Patent A license given by a government that provides inventors a temporary monopoly on their invention.
Trademark Any word, picture, or symbol that’s used to distinguish a good from other similar goods.
Privacy Expectation A reasonable belief that personal information collected by an information system is controlled and protected, not shared or used beyond its original intent.
Topics Discussed:
How do businesses use data to make informed decisions and to use their resources more efficiently?
How can I protect my intellectual property? How can I protect the intellectual property of others?
How much privacy do you personally expect when using the Internet?
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.2: Data, and achieve a score of 80% or higher on the 10 question Exam to complete the Section.
Assigned: January 8th, 2020 Teacher Pacing Due Date: January 9th, 2020
Information System A combination of technology, people, and procedures used to organize, analyze, and store data.
Information System Types The various forms of information systems including transaction processing, management, and expert systems.
Systems Analysis and Design The study and design of a system, accomplished by examining its components and their interactions.
System Development Life Cycle (SDLC) A methodology or framework that defines steps and tasks for developing and maintaining information systems.
Waterfall Model A development model that breaks down project activities into a series of sequential or linear phases, each phase depending on the deliverables from the previous phase.
Iterative Design A development model that involves designing, implementing, and testing smaller pieces of the overall project, then cycling back and doing more analysis and design.
Planning Phase The SDLC phase that involves gathering information about the technology and software needs of an organization, deciding which options are most feasible, and setting timelines and deliverables for the entire project.
Analysis Phase The SDLC phase that involves studying existing information systems that are already in place and the requirements for new information systems.
Design Phase The SDLC phase that involves reviewing the system requirements document from the analysis phase and producing detailed specifications that cover all aspects of the system.
Implementation Phase The SDLC phase that involves purchasing and installing new hardware and software, integrating the various system components, and testing the operation of the new system.
Maintenance Phase The SDLC phase that involves monitoring and evaluating the new information system.
Project Management The practice of initiating, planning, executing, controlling, and closing the work of a team to achieve specific goals and meet specific success criteria at the specified time.
Systems Integration An activity that involves integrating various computing systems and software applications to function together as a whole.
Agile Methodologies A project management process that divides a large or complex project into smaller, more manageable projects that can be completed as part of an incremental or iterative process.
Needs Assessment A systematic process for determining and addressing needs, or “gaps” between current conditions, and desired conditions, or “wants”.
Risk Management The identification, evaluation, and prioritization of risks followed by activities that minimize, monitor, and control the impact of the risk.
Topics Discussed:
How do technology, people, and procedures work together in an information system?
What are some principles of effective systems analysis and design?
What role does project management play in the design and implementation of information systems
Assignment:
Access the TestOut Courseware through the provided link.
Study Section 4.1: Information Systems, and achieve a score of 80% or higher on the 8 question Exam to complete the Section.
Assigned: January 6th, 2020 Teacher Pacing Due Date: January 8th, 2020
