Chpt 7: How to be a safe and responsible user

avatar
Created by
Fiq

Cards (102)

  • Data corruption
    When data is made unusable by errors or alterations
  • Data loss
    When data is destroyed and cannot be recovered
  • Causes of data corruption and loss
    • Human error
    • Power failure
    • Hardware failure or damage
    • Malicious software or viruses
  • Making regular backups of data will help to prevent the loss of data in the event of data corruption
  • Backup
    Copy of data that is made in case the original is damaged or lost
  • Uninterruptible power supply (UPS)

    Device that provides enough emergency power for a computer to properly shut down in case of a power failure
  • Unauthorised access
    Situation where data owned by someone is used by someone else without permission
  • Authentication

    Process of verifying the identity of a user
  • Authentication factor
    Category of evidence that is used for authentication: something the user knows or owns, or something that is measured from a physical part of the user
  • Passwords
    The most common authentication method, where a secret password or phrase known only to the user is entered
  • Avoid using birthdates and surnames as passwords as they can be easily guessed by an intruder
  • Avoid re-using passwords or leaving them unchanged for a long time as doing so makes it easier for an intruder to guess the password
  • Security token
    Device that is used specifically for authentication purposes
  • Two-factor authentication

    Type of authentication that uses evidence from both something the user knows and something the user owns
  • Biometrics
    Type of authentication based on the measurement of human physical characteristics
  • Identity theft
    Impersonation of another person to steal personal details such as name and identity number for fraudulent purposes
  • Access control (or authorisation)
    Ability of a computer to control a user's access to data and resources
  • Permissions
    Settings to control the ability of users to view or make changes to the contents of a file or folder
  • Administrator
    Special user who can override the permissions for almost any file or folder
  • Administrator rights
    Ability of a user to perform tasks related to authentication and authorisation, such as creating and removing user accounts, resetting passwords and overriding file permissions
  • Managing permissions and administrative rights can be a complex task and it is possible to unintentionally grant access to a file or administrative rights to an unauthorised user
  • An intruder that successfully claims to be the administrator can bypass file permissions entirely
  • File permissions do not prevent an intruder with physical access to a storage device from accessing files or folders directly without going through the operating system
  • To prevent such unauthorised access, it is necessary to use encryption
  • Firewall
    Device or computer program that prevents unauthorised access to or from a private network
  • Traffic
    Transmission of data over a network
  • A properly configured firewall allows for a private network, or intranet, to be set up such that any external traffic is blocked and only authenticated and authorised users are able to access it
  • A public network such as the Internet allows anyone to connect to it and share data, so users need to be wary of possible security and privacy risks when accessing it
  • Encryption
    Process of encoding a message so that a secret key is needed to decode the data
  • Intranet
    Private network that only authorised users within an organisation can access
  • Application
    Software designed for users to perform specific tasks
  • Privacy
    Ability to keep specific data or resources from being known by others
  • Privacy policy
    Rules and practices followed by an organisation regarding the collection, protection and use of personal or private data provided by users
  • Once any data is digitised and uploaded to a public network such as the Internet, it can potentially remain there forever
  • The privacy policies for some social networking sites do not guarantee that personal data will be deleted from the site completely or immediately even after the user closes their account or removes the personal data
  • Some companies may decide not to hire candidates after reviewing the information and photographs posted on their social networking accounts
  • Measures to prevent unauthorised access when using social networking sites
    • Read and fully understand the privacy policy
    • Set sharing settings to "private"
    • Think twice before posting personal information
    • Accept friend requests wisely
  • Malicious software (or malware)

    Software that is intentionally used to damage, disrupt or gain unauthorised access to a computer system
  • Spamming
    Mass distribution of unwanted messages or advertising to email addresses which are collected from sources such as public mailing lists, social networking sites, company websites and personal blogs
  • Common types of privacy and security threats
    • Cookies
    • Pharming
    • Phishing
    • Spamming
    • Spyware
    • Trojan horse
    • Unauthorised access
    • Viruses
    • Worms