Chapter 5 Computer Security and Privacy Flashcards
What is hardware theft?
The theft of computer hardware
What is Hardware loss?
When a personal computer, USB flash drive, mobile device, or other pice of hardware is stolen or is lost by owner
What is System failure?
The complete malfunction of a computer system
What are some ways to proven against Hardware loss?
- secure computers with cable locks and cable anchors
- secure with laptop alarm software if the unit is unplugged it emits a very loud alarm or us USB devices are removed or if computer is shutdown
What are some ways to prevent information from being accessed from hard drives if the computer is stolen or broken into?
- Full disk encryption
self encrypting hard drives
What is full disk encryption (FDE)?
A technology that encrypts everything on a storage medium, with out any user interaction
What is a self encrypting hard drive?
A hard drive that uses full disk encryption.
What is stealth tracking software used for?
A software program that runs on the computer that tracks the computers whereabouts…this can run without the thief know that it is present.
What is a kill switch
A technology software that causes the computer to “self-destruct” if it it stolen.
What are asset tags and how do they work?
These are permanently attached to hardware and other expensive assets. The labels usually identify the owner.
Some tags are indestructible and others have labels on the surface but etching underneath the label which is exposed when the label is removed
What are some additional software precautions that are for mobile users?
- Mobile device management software (MDM software)
- Mobile tracking software
- Wireless tether system
How does Mobile device management software work?
Controls what apps can be installed or disables the camera etc if cameras are not allowed
How does mobile tracking software work?
Software that remotely locks down or wipes a device if it is stolen.
How does a wireless tether work?
This ties your phone to a key fob in order to sound and alarm if you go further than the allowable distance.
What are some general mobile computing precautions for the end user?
- install and use encryption, antivirus etc.
- secure computers with boot passwords,
- set your mobile phone etc to auto lock after a short period and require a password to unlock
- use only secure Wi-Fi connections and disable Wi-Fi and bluetooth when they are not in use
- never leave usernames, passwords oath other data attached to your computer or inside its carrying case
- use a plain carrying case to make it less conspicuous
- kepp and ey on your devices esp when going through airport security systems
- avoid setting devices on floor or leaving them in your hotel room; use cable lock to secure the dive to a desk when it is unavoidable
- back up the data stored on the device regularly
- consider installing tracking or kill switch software
What is a ruggedized device?
A device such as a portable computer or mobile phone that is designed to withstand much more physical abuse than its conventional counterpart
What is a surge suppressor?
A device that protects a computer system from damage due to electrical fluctuations
What is an uninterruptible power supply? (UPS)
A device containing a built-in battery that provides continuous power to a computer and the other connected components should the electricity goes out.
What is Software piracy?
the unauthorized copying of a computer program
What is digital counterfeiting?
The use of computers or other types of digital equipment to make illegal copies of currency, cheques, collectibles, and other items
What does EULA mean
End user license agreement
computer retailers installing unlicensed copies of software on computers sold to consumers and large scale operations in which the software and packaging are illegally duplicated and then sold as supposedly legitimate products
What is a product registration code or product key?
An antipiracy tool that requires a unique activation code before the software can be installed
What is SIIA?
Software and Information Industry Association
A trade association that helps fight against piracy.
What does V.i Labs CodeArmor Intelligence software do?
It is designed to detect and report products that have been tampered with such as products whose licensing feature has been disabled then resold
What are some steps that the USTreasury dept use to prevent counterfeiting of U.S. Currency?
- Release new currency designs every 7 to 10 years
- New designs contain such features as microprinting, watermarks, and security threads
- They also have colours and watermarks
What are some prevention techniques for other types of documents such as cheques and ID cards?
Watermarks
RFID tags
What is privacy?
The state of being concealed or free from unauthorized intrusions
What is information privacy?
The rights of an individuals and companies to control how information about them is collected and used.
What is a marketing database?
A collection of data about people that is stored in a large database for marketing purposes
What is a government database?
A collection of data about people and maintained by the government?
It contains such information as: SIN, earning history etc
What is electronic profiling?
Using electronic means to collect a variety of in depth info about an individual such as names buying habits, address, income.
What is a privacy policy?
A policy posted on a company’s website that explains how personal info provided to that company will be used.
What is spam?
Unsolicited email
What is the CAN-SPAM Act of 2003?
Must use truthful subject lines and honouring removal requests for commercial emailers
What is a throw away email address and why should you have one?
An email address used only for nonessential purposes and activities that may result in spam, the address can be disposed of and replaced if spam becomes a problem.
What are some precautions one can take to protect one’s own privacy?
- read web sites privacy policy
- use throw away email addresses
- avoid putting too much information on your website or on social networking sites
- when signing up for trials use throw away email address
- consider using privacy software such as Anonymized Universal or Privacy Guardian or Google Dashboard privacy settings
- if you are using public computers be sure to clear stored information when you end your session or use private browsing function of some browsers
- use filters to block out any spam
What is an email filter?
A tool that automatically sorts your incoming email messages based on your incoming email messages based on specific criterial
What is a spam filter?
An email filter used to redirect spam from a users in box.
What is to “opt out”
to request that you be removed from marketing activities or that your information not be shared with other companies
What is “opt in?”
to request that you be included in marketing activities or that your information be shared with other companies.
What is computer monitoring software?
Software that can be used to monitor an individuals usage, such as capturing images of the screen, recording the actual keystrokes used or creating a summary of websites and programs accessed.`
What is video surveillance?
The use of video cameras to monitor activities of individuals, such as employees or individuals in public locations for work related or crime prevention purposes.
What is employee monitoring?
Observing or reviewing employees actions while they are on the job
What are some types of employee monitoring used?
Video surveillance RFID proximity cards can be used to enter and exit, log on and log off equipment as well as physically show where you are screening/recording phone calls reviewing emails tracking computer and internet usage
What is presence technology?
Technology that enables one computing device such as a computer or mobile phone to locate and identify the current status of another device on the same network.
What is the American recover and reinvestment act?
2009 Requires HIPAA covered entities to notify patients and or customers when protected health information has been compromised
What is the US SAFE WEB Act of 2006?
2006 Grants additional authority to the FTC to help protect consumers from spam, spyware, and internet fraud and deception.
What is the REAL ID Act?
2005 Establishes national standards for state issued drivers’ licenses and ID cards
What is the Junk Fax Prevention Act?
2005 Requires unsolicited faxes to have a highly visible opt out notice.
What is the Do Not Call Implementation Act?
2003 Amendas the Telephone Consumers Protection Act to implement the National Do Not Call Registry
What is the CAN-SPAM Act?
2003 Implements regulations for unsolicited email messages and lays the ground work for a federal Do Not E-Mail Registry
What is the Health Insurance Portability and Accountability Act? (HIPAA)
2003 Includes a Security Rule that sets minimum security standards to protect health information stored electronically
What is the Sarbanes-Oxley Act?
2002 Requires archiving a variety of electronic records and protecting the integrity of corporate financial data
What is the US PATRIOT Act?
2001 Grants federal authorities expanded surveillance and intelligence-gathering powers, such as broadening the ability of the ability of federal agents to obtain the real ID of internet users and to intercept email and other types of internet communications
What is the Financial Modernization (Gramm-Leach-Bliley) Act?
1999 Extends the ability of banks, securities firms, and insurance companies to share consumers’ non-public personal information, but requires them to notify consumers and give them the opportunity to opt out before disclosing any information
What is the Child Online Protection Act? (COPA)
1998 Prohibits online pornography and other content deemed harmful to minors; has been blocked by the supreme court.
What is the Children’s Online Privacy Protection Act? (COPPA)
1998 Regulates how web sites can collect information from minors and communicate with them
What is the Telephone consumer Protection Act
1991 Requires telemarketing companies to respect the rights of people who do not want to be called
What is the Computer Matching and Privacy Protection Act?
1988 Limits the use of government data in determining federal benefit recipients
What is the Video Privacy Protection Act?
1988 Limits disclosure of customer information by video-rental companies
What is the Electronic Communications Privacy Act?
1986 Extends traditional privacy protections governing postal delivery and telephone services to include email, cellular phones, and voice mail.
What is the Cable Communications Policy Act?
1984 Limits disclosure of customer records by cable TV companies, extended in 1992 to include companies that seek wireless services
What is the Education Privacy Act?
1974 Stipulates that in both public and private schools that receive any federal funding, individuals have the right to keep the schools from releasing information such as grades and evaluations of behaviour.
What is the Privacy Act?
1974 Stipulates that the collection of data by federal agencies must have a legitimate purpose
What is the Fair Credit Reporting Act?
1970 Prevents private organizations from unfairly denying credit and provides individuals the right to inspect their credit records
What is the Freedom of Information Act?
Gives individuals the right to inspect data concerning them that is stored by the federal government.