Discovering Computers

2016
Tools, Apps, Devices, and the Impact of
Technology

Chapter 5
Digital
Security,
Ethics, and
Privacy
Objectives Overview

Describe various types

Define the term, digital
of Internet and network
security risks, and
attacks, and explain
briefly describe the
ways to safeguard
types of cybercriminals
against these attacks

Discuss techniques to Explain the ways that

prevent unauthorized software manufacturers
computer access and protect against software
use piracy

Discuss how encryption,

digital signatures, and
digital certificates work

© 2016 Cengage Learning®. May not be

See Page 212 scanned, copied or duplicated, or posted
for Detailed 2
to a publicly accessible website, in whole
Objectives
or in part.
Objectives Overview

Identify safeguards
Explain the options
against hardware theft,
available for backing up
vandalism, and failure

Recognize issues related

Identify risks and
to information accuracy,
safeguards associated
intellectual property
with wireless
rights, codes of conduct,
communications
and green computing

Discuss issues
surrounding information
privacy

© 2016 Cengage Learning®. May not be

See Page 212 scanned, copied or duplicated, or posted
for Detailed 3
to a publicly accessible website, in whole
Objectives
or in part.
Digital Security Risks

• A digital security risk is any event or

action that could cause a loss of or
damage to a computer or mobile device
hardware, software, data, information, or
processing capability
• Any illegal act involving the use of a
computer or related devices generally is
referred to as a computer crime
• A cybercrime is an online or Internet-
based illegal act

© 2016 Cengage Learning®. May not be

Page 212 scanned, copied or duplicated, or posted 4
to a publicly accessible website, in whole
or in part.
Digital Security Risks

© 2016 Cengage Learning®. May not be

Page 213 scanned, copied or duplicated, or posted 5
Figure 5-1 to a publicly accessible website, in whole
or in part.
Digital Security Risks

Hacker Cracker

Script kiddie Corporate spies

Unethical
Cyberextortionist
employees

Cyberterrorist

© 2016 Cengage Learning®. May not be

Page 214 scanned, copied or duplicated, or posted 6
to a publicly accessible website, in whole
or in part.
Internet and Network Attacks

• Information
transmitted over
networks has a higher
degree of security
risk than information
kept on an
organization’s
premises
• Malware, short for
malicious software,
consists of programs
that act without a
user’s knowledge and
deliberately alter the
operations of
computers and
mobile devices

© 2016 Cengage Learning®. May not be

Page 215
scanned, copied or duplicated, or posted 7
Table 5-1 to a publicly accessible website, in whole
Internet and Network Attacks

© 2016 Cengage Learning®. May not be

Page 215 scanned, copied or duplicated, or posted 8
Figure 5-2 to a publicly accessible website, in whole
or in part.
Internet and Network Attacks

• A botnet is a group of compromised computers or

mobile devices connected to a network
– A compromised computer or device is known as a zombie
• A denial of service attack (DoS attack) disrupts
computer access to an Internet service
– Distributed DoS attack (DDoS attack)
• A back door is a program or set of instructions in a
program that allow users to bypass security
controls
• Spoofing is a technique intruders use to make their
network or Internet transmission appear legitimate

© 2016 Cengage Learning®. May not be

Pages 216 - 217 scanned, copied or duplicated, or posted 9
to a publicly accessible website, in whole
or in part.
Internet and Network Attacks

• A firewall is hardware and/or

software that protects a network’s
resources from intrusion

© 2016 Cengage Learning®. May not be

Pages 219 - 220 scanned, copied or duplicated, or posted 10
Figure 5-4 to a publicly accessible website, in whole
or in part.
Unauthorized Access and Use

Unauthorized access is Unauthorized use is the

the use of a computer use of a computer or its
or network without data for unapproved or
permission possibly illegal activities

© 2016 Cengage Learning®. May not be

Page 221 scanned, copied or duplicated, or posted 11
to a publicly accessible website, in whole
or in part.
Unauthorized Access and Use

• Organizations
take several
measures to help
prevent
unauthorized
access and use
– Acceptable use
policy
– Disable file and
printer sharing

© 2016 Cengage Learning®. May not be

Page 221
scanned, copied or duplicated, or posted 12
Figure 5-5 to a publicly accessible website, in whole
Unauthorized Access and Use

• Access controls define who can access

a computer, device, or network; when
they can access it; and what actions
they can take while accessing it
• The computer, device, or network
should maintain an audit trail that
records in a file both successful and
unsuccessful access attempts
– User name
– Password

© 2016 Cengage Learning®. May not be

Pages 222 - 223 scanned, copied or duplicated, or posted 13
Figure 5-6 to a publicly accessible website, in whole
or in part.
Unauthorized Access and Use

• A passphrase is a private combination of words,

often containing mixed capitalization and
punctuation, associated with a user name that
allows access to certain computer resources
• A PIN (personal identification number),
sometimes called a passcode, is a numeric
password, either assigned by a company or
selected by a user
• A possessed object is any item that you must
possess, or carry with you, in order to gain access
to a computer or computer facility
• A biometric device authenticates a person’s
identity by translating a personal characteristic
into a digital code that is compared with a digital
code in a computer or mobile device verifying a
physical or behavioral characteristic
© 2016 Cengage Learning®. May not be
Pages 223 - 224 scanned, copied or duplicated, or posted 14
to a publicly accessible website, in whole
or in part.
Unauthorized Access and Use

Face
Fingerprint
recognition
reader
system

Hand Voice
geometry verification
system system

Signature
Iris recognition
verification
system
system

© 2016 Cengage Learning®. May not be

Pages 224 – 226 scanned, copied or duplicated, or posted
Figures 5-8 – 5-11 15
to a publicly accessible website, in whole
or in part.
Unauthorized Access and Use

• Two-step verification uses two

separate methods, one after the
next, to verify the identity of a user

© 2016 Cengage Learning®. May not be

Pages 226 – 227 scanned, copied or duplicated, or posted 16
Figure 5-12 to a publicly accessible website, in whole
or in part.
Unauthorized Access and Use

• Digital forensics is the discovery,

collection, and analysis of evidence
found on computers and networks
• Many areas use digital forensics

Law Criminal Military

enforcement prosecutors intelligence

Information
Insurance
security
agencies
departments

© 2016 Cengage Learning®. May not be

Page 227 scanned, copied or duplicated, or posted 17
to a publicly accessible website, in whole
or in part.
Software Theft

• Software theft occurs when

someone:

Steals software Intentionally

media erases programs

Illegally registers
Illegally copies a
and/or activates
program
a program

© 2016 Cengage Learning®. May not be

Page 228 scanned, copied or duplicated, or posted 18
to a publicly accessible website, in whole
or in part.
Software Theft

• Many manufacturers incorporate an

activation process into their programs
to ensure the software is not installed
on more computers than legally
licensed
• During the product activation, which
is conducted either online or by
phone, users provide the software
product’s identification number to
associate the software with the
computer or mobile device on which
the software is installed

© 2016 Cengage Learning®. May not be

Page 228 scanned, copied or duplicated, or posted 19
to a publicly accessible website, in whole
or in part.
Software Theft

• A license agreement is the right to use

software

© 2016 Cengage Learning®. May not be

Pages 228 – 229 scanned, copied or duplicated, or posted 20
Figure 5-13 to a publicly accessible website, in whole
or in part.
Information Theft

• Information theft occurs when

someone steals personal or
confidential information
• Encryption is a process of converting
data that is readable by humans into
encoded characters to prevent
unauthorized access

© 2016 Cengage Learning®. May not be

Page 229 scanned, copied or duplicated, or posted 21
to a publicly accessible website, in whole
or in part.
Information Theft

© 2016 Cengage Learning®. May not be

Page 230 scanned, copied or duplicated, or posted 22
Figure 5-14 to a publicly accessible website, in whole
or in part.
Information Theft

• A digital signature is an encrypted code

that a person, website, or organization
attaches to an electronic message to verify
the identity of the message sender
– Often used to ensure that an impostor is not
participating in an Internet transaction
• A digital certificate is a notice that
guarantees a user or a website is legitimate
• A website that uses encryption techniques
to secure its data is known as a secure site

© 2016 Cengage Learning®. May not be

Page 231 scanned, copied or duplicated, or posted 23
to a publicly accessible website, in whole
or in part.
Information Theft

© 2016 Cengage Learning®. May not be

Page 231 scanned, copied or duplicated, or posted 24
Figure 5-15 to a publicly accessible website, in whole
or in part.
Hardware Theft, Vandalism,
and Failure

Hardware theftis the

act of stealing digital
equipment

Hardware vandalismis
the act of defacing or
destroying digital
equipment
© 2016 Cengage Learning®. May not be
Page 233 scanned, copied or duplicated, or posted 25
to a publicly accessible website, in whole
or in part.
Hardware Theft, Vandalism,
and Failure

© 2016 Cengage Learning®. May not be

Page 233 scanned, copied or duplicated, or posted 26
Figure 5-16 to a publicly accessible website, in whole
or in part.
Backing Up – The Ultimate
Safeguard

• A backup is a duplicate of a file,

program, or media that can be used
if the original is lost, damaged, or
destroyed
– To back up a file means to make a copy
of it
• Off-site backups are stored in a
location separate from the computer
or mobile device site
Cloud
Storage

© 2016 Cengage Learning®. May not be

Pages 233 - 234 scanned, copied or duplicated, or posted 27
to a publicly accessible website, in whole
or in part.
Backing Up – The Ultimate
Safeguard

• Categories of • Three-
backups: generation
– Full backup policy
– Differential
– Incremental Grandparent
– Selective
– Continuous data
protection
– Cloud Parent

Child

© 2016 Cengage Learning®. May not be

Page 234 28
scanned, copied or duplicated, or posted
to a publicly accessible website, in whole
Backing Up – The Ultimate
Safeguard

© 2016 Cengage Learning®. May not be

Page 234 scanned, copied or duplicated, or posted 29
Table 5-2 to a publicly accessible website, in whole
or in part.
Wireless Security

• Wireless access
poses additional
security risks
• Some perpetrators
connect to other’s
wireless networks
to gain free
Internet access or
confidential data
• Others connect to
a network through
an unsecured
wireless access
point (WAP) or
combination
router/WAP

© 2016 Cengage Learning®. May not be

Page 236
scanned, copied or duplicated, or posted 30
Figure 5-18 to a publicly accessible website, in whole
Ethics and Society

• Technology ethics
are the moral
guidelines that
govern the use of
computers, mobile
devices, information
systems, and related
technologies
• Information
accuracy is a
concern
– Not all information
on the Internet is
correct

© 2016 Cengage Learning®. May not be

Pages 238 - 240
scanned, copied or duplicated, or posted 31
Figure 5-20 to a publicly accessible website, in whole
Ethics and Society

• Intellectual property refers to unique

and original works such as ideas,
inventions, art, writings, processes,
company and product names, and logos
• Intellectual property rights are the rights
to which creators are entitled to their
work
• A copyright protects any tangible form
of expression
• Digital rights management (DRM) is a
strategy designed to prevent illegal
distribution of movies, music, and other
digital content

© 2016 Cengage Learning®. May not be

Page 240 scanned, copied or duplicated, or posted 32
to a publicly accessible website, in whole
or in part.
Ethics and Society

• A code of conduct is a written

guideline that helps determine
whether a specification is
ethical/unethical or allowed/not
allowed

© 2016 Cengage Learning®. May not be

Page 241 scanned, copied or duplicated, or posted 33
Figure 5-21 to a publicly accessible website, in whole
or in part.
Ethics and Society

• Green computing involves reducing

the electricity and environmental
waste while using computers,
mobile devices, and related
technologies

© 2016 Cengage Learning®. May not be

Page 241 scanned, copied or duplicated, or posted 34
Figure 5-22 to a publicly accessible website, in whole
or in part.
Information Privacy

• Information privacy refers to the right

of individuals and companies to deny
or restrict the collection, use, and
dissemination of information about
them
• Huge databases store data online
• Websites often collect data about
you, so that they can customize
advertisements and send you
personalized email messages
• Some employers monitor your
computer usage and email messages

© 2016 Cengage Learning®. May not be

Page 242 scanned, copied or duplicated, or posted 35
to a publicly accessible website, in whole
or in part.
Information Privacy

© 2016 Cengage Learning®. May not be

Page 242
scanned, copied or duplicated, or posted 36
Figure 5-23 to a publicly accessible website, in whole
Information Privacy

• Information
about you can be
stored in a
database when
you:
– Fill out a printed
or online form
– Create a profile
on an online
social network
– Register a
product warranty

© 2016 Cengage Learning®. May not be

Pages 242 - 243
scanned, copied or duplicated, or posted 37
Figure 5-24 to a publicly accessible website, in whole
Information Privacy

• A cookie is a small text file that a web

server stores on your computer
• Websites use cookies for a variety of
reasons:
Store user
Allow for
names and/or
personalization
passwords

Assist with Track how

online often users visit
shopping a site

Target
advertisements
© 2016 Cengage Learning®. May not be
Pages 243 - 244 scanned, copied or duplicated, or posted 38
to a publicly accessible website, in whole
or in part.
Information Privacy

© 2016 Cengage Learning®. May not be

Page 244 scanned, copied or duplicated, or posted 39
Figure 5-25 to a publicly accessible website, in whole
or in part.
Information Privacy

• Phishing is a scam in which a

perpetrator sends an official looking
email message that attempts to
obtain your personal and/or
financial information
• With clickjacking, an object that can
be tapped or clicked on a website
contains a malicious program

© 2016 Cengage Learning®. May not be

Pages 244 - 245 scanned, copied or duplicated, or posted 40
to a publicly accessible website, in whole
or in part.
Information Privacy

• Spyware is a program placed on a

computer or mobile device without
the user’s knowledge that secretly
collects information about the user
and then communicates the
information it collects to some
outside source while the user is
online
• Adware is a program that displays an
online advertisement in a banner or
pop-up window on webpages, email
messages, or other Internet services

© 2016 Cengage Learning®. May not be

Page 245 scanned, copied or duplicated, or posted 41
to a publicly accessible website, in whole
or in part.
Information Privacy

• Social engineering is defined as

gaining unauthorized access to or
obtaining confidential information
by taking advantage of the trusting
human nature of some victims and
the naivety of others

© 2016 Cengage Learning®. May not be

Page 245 scanned, copied or duplicated, or posted 42
to a publicly accessible website, in whole
or in part.
Information Privacy

• The concern about privacy has led to

the enactment of federal and state
laws regarding the storage and
disclosure of personal data
– See Table 5-3 on page 246 for a listing
of major U.S. government laws
concerning privacy

© 2016 Cengage Learning®. May not be

Page 246 scanned, copied or duplicated, or posted 43
to a publicly accessible website, in whole
or in part.
Information Privacy

Employee monitoringinvolves the use of

computers, mobile devices, or cameras to
observe, record, and review an employee’s use
of a technology, including communications such
as email messages, keyboard activity (used to
measure productivity), and websites visited

Many programs exist that easily allow

employers to monitor employees. Further, it is
legal for employers to use these programs

© 2016 Cengage Learning®. May not be

Page 247 scanned, copied or duplicated, or posted 44
to a publicly accessible website, in whole
or in part.
Information Privacy

• Content filtering
is the process of
restricting access
to certain
material
– Many businesses
use content
filtering
• Web filtering
software restricts
access to
specified
websites

© 2016 Cengage Learning®. May not be

Pages 247 - 248
scanned, copied or duplicated, or posted 45
Figure 5-26 to a publicly accessible website, in whole
Summary

Variety of digital security risks Cybercrime and cybercriminals

Risks and safeguards associated

with Internet and network
Various backup strategies and
attacks, unauthorized access and
methods of securing wireless
use, software theft, information
communications
theft, and hardware theft,
vandalism, and failure

Ethical issues in society and

various ways to protect the
privacy of personal information

© 2016 Cengage Learning®. May not be

Page 249 scanned, copied or duplicated, or posted 46
to a publicly accessible website, in whole
or in part.
Discovering Computers
2016
Tools, Apps, Devices, and the Impact of
Technology

Chapter 5
Digital
Security,
Ethics, and
Privacy
Chapter 5 Complete