Discovering Computers 2016

Tools, Apps, Devices, and the Impact of Technology

Chapter 5
Digital Security,
Ethics, and Privacy
Objectives Overview

Describe various types

Define the term, digital Discuss techniques to
of Internet and network
security risks, and prevent unauthorized
attacks, and explain
briefly describe the computer access and
ways to safeguard
types of cybercriminals use
against these attacks

Explain the ways that Discuss how

software manufacturers encryption, digital
protect against signatures, and digital
software piracy certificates work

© 2016 Cengage Learning®. May not be scanned, copied

See Page 212 or duplicated, or posted to a publicly accessible website, 2
for Detailed Objectives in whole or in part.
Objectives Overview

Identify risks and

Identify safeguards
Explain the options safeguards associated
against hardware theft,
available for backing up with wireless
vandalism, and failure
communications

Recognize issues related

to information accuracy, Discuss issues
intellectual property surrounding information
rights, codes of conduct, privacy
and green computing

© 2016 Cengage Learning®. May not be scanned, copied

See Page 212 or duplicated, or posted to a publicly accessible website, 3
for Detailed Objectives in whole or in part.
Digital Security Risks

• A digital security risk is any event or action that could

cause a loss of or damage to a computer or mobile device
hardware, software, data, information, or processing
capability
• Any illegal act involving the use of a computer or related
devices generally is referred to as a computer crime
• A cybercrime is an online or Internet-based illegal act

© 2016 Cengage Learning®. May not be scanned, copied

Page 212 or duplicated, or posted to a publicly accessible website, 4
in whole or in part.
Digital Security Risks

© 2016 Cengage Learning®. May not be scanned, copied

Page 213 or duplicated, or posted to a publicly accessible website, 5
Figure 5-1 in whole or in part.
Digital Security Risks

Hacker Cracker Script kiddie

Corporate Unethical Cyber

spies employees extortionist

Cyberterrorist

© 2016 Cengage Learning®. May not be scanned, copied

Page 214 or duplicated, or posted to a publicly accessible website, 6
in whole or in part.
• Script kiddie: A person who uses existing
computer scripts or codes to hack into computers,
lacking the expertise to write their own.
• Cracker: A person who breaks into a computer
system without authorization, whose purpose is
to do damage (destroy files, steal credit card
numbers, plant viruses, etc.).

© 2016 Cengage Learning®. May not be scanned, copied

or duplicated, or posted to a publicly accessible website, 7
in whole or in part.
• The unlawful theft/acquisition of intellectual
property, such as key trade secret and patent
information as well as industrial manufacturing
techniques and processes, ideas and formulas.
Cyber extortion: is an online crime in which
hackers hold your data, website, computer
systems, or other sensitive information hostage
until you meet their demands for payment.

© 2016 Cengage Learning®. May not be scanned, copied

or duplicated, or posted to a publicly accessible website, 8
in whole or in part.
Internet and Network Attacks

• Information transmitted
over networks has a
higher degree of security
risk than information kept
on an organization’s
premises
• Malware is a software
that is specifically
designed to disrupt,
damage, or gain
unauthorized access to a
computer system.
Page 215 © 2016 Cengage Learning®. May not be scanned, copied
9
or duplicated, or posted to a publicly accessible website,
Table 5-1
Internet and Network Attacks

© 2016 Cengage Learning®. May not be scanned, copied

Page 215 or duplicated, or posted to a publicly accessible website, 10
Figure 5-2 in whole or in part.
Internet and Network Attacks

• A botnet is a group of compromised computers or mobile devices

connected to a network
– A compromised computer or device is known as a zombie
• A denial of service attack (DoS attack) disrupts computer access to
an Internet service
– Distributed DoS attack (DDoS attack)
• A back door is a program or set of instructions in a program that
allow users to bypass security controls
• Spoofing is a technique intruders use to make their network or
Internet transmission appear legal.

© 2016 Cengage Learning®. May not be scanned, copied

Pages 216 - 217 or duplicated, or posted to a publicly accessible website, 11
in whole or in part.
Internet and Network Attacks

• A firewall is hardware and/or software that

protects a network’s resources from intrusion

© 2016 Cengage Learning®. May not be scanned, copied

Pages 219 - 220 or duplicated, or posted to a publicly accessible website, 12
Figure 5-4 in whole or in part.
Unauthorized Access and Use

Unauthorized access is Unauthorized use is the

the use of a computer or use of a computer or its
network without data for unapproved or
permission possibly illegal activities

© 2016 Cengage Learning®. May not be scanned, copied

Page 221 or duplicated, or posted to a publicly accessible website, 13
in whole or in part.
Unauthorized Access and Use

• Organizations take
several measures to
help prevent
unauthorized access
and use
– Acceptable use policy
– Disable file and printer
sharing

Page 221 © 2016 Cengage Learning®. May not be scanned, copied

14
or duplicated, or posted to a publicly accessible website,
Figure 5-5
Unauthorized Access and Use

• Access controls define who can access a

computer, device, or network; when they can
access it; and what actions they can take while
accessing it
• The computer, device, or network should
maintain an audit trail that records in a file both
successful and unsuccessful access attempts
– User name
– Password
© 2016 Cengage Learning®. May not be scanned, copied
Pages 222 - 223 or duplicated, or posted to a publicly accessible website, 15
Figure 5-6 in whole or in part.
Unauthorized Access and Use
• A passphrase is a private combination of words, often containing
mixed capitalization and punctuation, associated with a user name
that allows access to certain computer resources
• A PIN (personal identification number), sometimes called a
passcode, is a numeric password, either assigned by a company or
selected by a user
• A possessed object is any item that you must possess, or carry
with you, in order to gain access to a computer or computer
facility
• A biometric device is an electronic device that
uses biometric identifiers to identify and verify
individuals.
© 2016 Cengage Learning®. May not be scanned, copied
Pages 223 - 224 or duplicated, or posted to a publicly accessible website, 16
in whole or in part.
Unauthorized Access and Use

Face
Fingerprint
recognition
reader
system

Hand Voice
geometry verification
system system

Signature Iris
verification recognition
system system
© 2016 Cengage Learning®. May not be scanned, copied
Pages 224 – 226 or duplicated, or posted to a publicly accessible website, 17
Figures 5-8 – 5-11 in whole or in part.
Unauthorized Access and Use

• Two-step verification uses two separate methods,

one after the next, to verify the identity of a user

© 2016 Cengage Learning®. May not be scanned, copied

Pages 226 – 227 or duplicated, or posted to a publicly accessible website, 18
Figure 5-12 in whole or in part.
Unauthorized Access and Use

• Digital forensics is the discovery, collection, and

analysis of evidence found on computers and
networks
• Many areas use digital forensics
Law Criminal Military
enforcement prosecutors intelligence

Information
Insurance
security
agencies
departments
© 2016 Cengage Learning®. May not be scanned, copied
Page 227 or duplicated, or posted to a publicly accessible website, 19
in whole or in part.
Software Theft

• Software theft occurs when someone:

Steals software Intentionally

media erases programs

Illegally registers
Illegally copies a
and/or activates
program
a program
© 2016 Cengage Learning®. May not be scanned, copied
Page 228 or duplicated, or posted to a publicly accessible website, 20
in whole or in part.
Software Theft

• Many manufacturers incorporate an activation

process into their programs to ensure the
software is not installed on more computers than
legally licensed
• During the product activation, which is conducted
either online or by phone, users provide the
software product’s identification number to
associate the software with the computer or
mobile device on which the software is installed
© 2016 Cengage Learning®. May not be scanned, copied
Page 228 or duplicated, or posted to a publicly accessible website, 21
in whole or in part.
Software Theft

• A license agreement is the right to use software

© 2016 Cengage Learning®. May not be scanned, copied

Pages 228 – 229 or duplicated, or posted to a publicly accessible website, 22
Figure 5-13 in whole or in part.
Information Theft

• Information theft occurs when someone steals

personal or confidential information
• Encryption is a process of converting data that is
readable by humans into encoded characters to
prevent unauthorized access

© 2016 Cengage Learning®. May not be scanned, copied

Page 229 or duplicated, or posted to a publicly accessible website, 23
in whole or in part.
Information Theft

© 2016 Cengage Learning®. May not be scanned, copied

Page 230 or duplicated, or posted to a publicly accessible website, 24
Figure 5-14 in whole or in part.
Information Theft

• A digital signature—a type of electronic

signature—is a mathematical algorithm routinely
used to validate the authenticity and integrity of a
message (e.g., an email, a credit card transaction,
or a digital document).
• A digital certificate is a notice that guarantees a
user or a website is legitimate
• A website that uses encryption techniques to
secure its data is known as a secure site
© 2016 Cengage Learning®. May not be scanned, copied
Page 231 or duplicated, or posted to a publicly accessible website, 25
in whole or in part.
Information Theft

© 2016 Cengage Learning®. May not be scanned, copied

Page 231 or duplicated, or posted to a publicly accessible website, 26
Figure 5-15 in whole or in part.
Hardware Theft, Vandalism, and Failure

Hardware vandalism
Hardware theft is
is the act of defacing
the act of stealing
or destroying digital
digital equipment
equipment

© 2016 Cengage Learning®. May not be scanned, copied

Page 233 or duplicated, or posted to a publicly accessible website, 27
in whole or in part.
Hardware Theft, Vandalism, and Failure

© 2016 Cengage Learning®. May not be scanned, copied

Page 233 or duplicated, or posted to a publicly accessible website, 28
Figure 5-16 in whole or in part.
Backing Up – The Ultimate Safeguard

• A backup is a duplicate of a file, program, or

media that can be used if the original is lost,
damaged, or destroyed
– To back up a file means to make a copy of it
• Off-site backups are stored in a location separate
from the computer or mobile device site

Cloud
Storage
© 2016 Cengage Learning®. May not be scanned, copied
Pages 233 - 234 or duplicated, or posted to a publicly accessible website, 29
in whole or in part.
Backing Up – The Ultimate Safeguard

• Categories of backups: • Three-generation

– Full backup policy
– Differential
Grandparent
– Incremental
– Selective
– Continuous data
protection Parent

– Cloud

Child

© 2016 Cengage Learning®. May not be scanned, copied

Page 234 30
or duplicated, or posted to a publicly accessible website,
Backing Up – The Ultimate Safeguard

© 2016 Cengage Learning®. May not be scanned, copied

Page 234 or duplicated, or posted to a publicly accessible website, 31
Table 5-2 in whole or in part.
Wireless Security
• Wireless access poses
additional security risks
• Some perpetrators
connect to other’s
wireless networks to gain
free Internet access or
confidential data
• Others connect to a
network through an
unsecured wireless access
point (WAP) or
combination router/WAP

Page 236 © 2016 Cengage Learning®. May not be scanned, copied

32
or duplicated, or posted to a publicly accessible website,
Figure 5-18
Ethics and Society

• Technology ethics are

the moral guidelines
that govern the use of
computers, mobile
devices, information
systems, and related
technologies
• Information accuracy is
a concern
– Not all information on
the Internet is correct

Pages 238 - 240 © 2016 Cengage Learning®. May not be scanned, copied
33
or duplicated, or posted to a publicly accessible website,
Figure 5-20
Ethics and Society

• Intellectual property refers to unique and original

works such as ideas, inventions, art, writings,
processes, company and product names, and logos
• Intellectual property rights are the rights to which
creators are entitled to their work
• A copyright protects any tangible form of expression
• Digital rights management (DRM) is a strategy
designed to prevent illegal distribution of movies,
music, and other digital content
© 2016 Cengage Learning®. May not be scanned, copied
Page 240 or duplicated, or posted to a publicly accessible website, 34
in whole or in part.
Ethics and Society

• A code of conduct is a written guideline that helps

determine whether a specification is
ethical/unethical or allowed/not allowed

© 2016 Cengage Learning®. May not be scanned, copied

Page 241 or duplicated, or posted to a publicly accessible website, 35
Figure 5-21 in whole or in part.
Ethics and Society

• Green computing involves reducing the electricity

and environmental waste while using computers,
mobile devices, and related technologies

© 2016 Cengage Learning®. May not be scanned, copied

Page 241 or duplicated, or posted to a publicly accessible website, 36
Figure 5-22 in whole or in part.
Information Privacy

• Information privacy refers to the right of individuals

and companies to deny or restrict the collection, use,
and dissemination of information about them
• Huge databases store data online
• Websites often collect data about you, so that they
can customize advertisements and send you
personalized email messages
• Some employers monitor your computer usage and
email messages
© 2016 Cengage Learning®. May not be scanned, copied
Page 242 or duplicated, or posted to a publicly accessible website, 37
in whole or in part.
Information Privacy

Page 242 © 2016 Cengage Learning®. May not be scanned, copied

38
or duplicated, or posted to a publicly accessible website,
Figure 5-23
Information Privacy

• Information about you

can be stored in a
database when you:
– Fill out a printed or
online form
– Create a profile on an
online social network
– Register a product
warranty

Pages 242 - 243 © 2016 Cengage Learning®. May not be scanned, copied
39
or duplicated, or posted to a publicly accessible website,
Figure 5-24
Information Privacy

• A cookie is a small text file that a web server stores on

your computer
• Websites use cookies for a variety of reasons:
Store user Assist with
Allow for
names and/or online
personalization
passwords shopping

Track how
Target
often users
advertisements
visit a site
© 2016 Cengage Learning®. May not be scanned, copied
Pages 243 - 244 or duplicated, or posted to a publicly accessible website, 40
in whole or in part.
Information Privacy

© 2016 Cengage Learning®. May not be scanned, copied

Page 244 or duplicated, or posted to a publicly accessible website, 41
Figure 5-25 in whole or in part.
Information Privacy

• Phishing is a scam in which a perpetrator sends an

official looking email message that attempts to
obtain your personal and/or financial information
• With clickjacking, an object that can be tapped or
clicked on a website contains a malicious program

© 2016 Cengage Learning®. May not be scanned, copied

Pages 244 - 245 or duplicated, or posted to a publicly accessible website, 42
in whole or in part.
Information Privacy

• Spyware is a program placed on a computer or

mobile device without the user’s knowledge that
secretly collects information about the user and
then communicates the information it collects to
some outside source while the user is online
• Adware is a program that displays an online
advertisement in a banner or pop-up window on
webpages, email messages, or other Internet
services
© 2016 Cengage Learning®. May not be scanned, copied
Page 245 or duplicated, or posted to a publicly accessible website, 43
in whole or in part.
Information Privacy

• Social engineering is defined as gaining

unauthorized access to or obtaining confidential
information by taking advantage of the trusting
human nature of some victims and the naivety of
others

© 2016 Cengage Learning®. May not be scanned, copied

Page 245 or duplicated, or posted to a publicly accessible website, 44
in whole or in part.
Information Privacy

• The concern about privacy has led to the

enactment of federal and state laws regarding the
storage and disclosure of personal data
– See Table 5-3 on page 246 for a listing of major U.S.
government laws concerning privacy

© 2016 Cengage Learning®. May not be scanned, copied

Page 246 or duplicated, or posted to a publicly accessible website, 45
in whole or in part.
Information Privacy

Employee monitoring involves the use of computers, mobile

devices, or cameras to observe, record, and review an
employee’s use of a technology, including communications such
as email messages, keyboard activity (used to measure
productivity), and websites visited

Many programs exist that easily allow employers to monitor

employees. Further, it is legal for employers to use these
programs

© 2016 Cengage Learning®. May not be scanned, copied

Page 247 or duplicated, or posted to a publicly accessible website, 46
in whole or in part.
Information Privacy

• Content filtering is a
process that manages
or screens access to
specific emails or
webpages.
• Web filtering software
restricts access to
specified websites

Pages 247 - 248 © 2016 Cengage Learning®. May not be scanned, copied
47
or duplicated, or posted to a publicly accessible website,
Figure 5-26
Summary

Risks and safeguards associated

with Internet and network
attacks, unauthorized access and
Variety of digital security risks Cybercrime and cybercriminals
use, software theft, information
theft, and hardware theft,
vandalism, and failure

Various backup strategies and Ethical issues in society and

methods of securing wireless various ways to protect the
communications privacy of personal information

© 2016 Cengage Learning®. May not be scanned, copied

Page 249 or duplicated, or posted to a publicly accessible website, 48
in whole or in part.
 Discovering Computers 2016
Tools, Apps, Devices, and the Impact of Technology

Chapter 5
Digital Security,
Ethics, and Privacy
Chapter 5 Complete