CIT-18 Home http://www.c-jump.com/CIT18/CIT18syllabus.htm
Consider 2008
Report for 2008 indicates that several critical to national security departments continue failing to implement the Federal Information Security Management Act, FISMA(*).
From a cyber espionage perspective, the lack of prioritization of departments that must be audited first, often results in anecdotal cases...
...But who cares if the Environmental Protection Agency scored A+ when the Nuclear Regulatory Commission and the Department of the Interior have been failing for 2006 and 2007 altogether? Does Housing and Urban Development scores higher than the Department of Defense?
_________________
(*) see Wikipedia article.
While FISMA requires that all 24 Govt. agencies be rated annually,
Sometimes outdated FISMA's security information isn't perfect, so the results of such assessments shouldn't be taken for granted.
The report drives a lot of skepticism, because new technologies used by Gov. departments often outgrow the outdated standards...
Attacker in computer security is an adversary(*) - a malicious entity whose aim is to
prevent the users from achieving their goal
break privacy rules
break integrity and availability of data.
attempt to discover secret data
corrupt some of the data in the system.
Attacker may spoof legitimate user's identity, interfere with e-mail senders/receivers, and forcing system downtime.
_________________
(*) One that opposes another in a battle, contest, controversy, or debate: enemy, antagonist, opponent, opposer, etc.
Hacking can be applied to anything...
A mechanic, taking apart car again and again just trying to squeeze out some extra horsepower...
...is hacking cars, just to see how far he can take it.
Hackers discard conventional wisdom: it's a curiosity to see what happens if one doesn't follow the rules.
Computer hackers follow the same lines.
Computers networks are the new landscape to be explored: hacking technique becomes a key that can open one computer after another.
Criminals are trying to figure out how to break system security of
personal computers
ATMs
online banking systems
government institutions
financial agencies...
...and make illegal profit off it.
Security starts with awareness!
Maintain a backup of important files...
When possible, store information on network drives, not your desktop computer!
Automatically update operating system.
Keep your anti-virus software updated.
Protect your computer with a firewall.
Exercise extra caution opening e-mail attachments.
Treat instant messages suspiciously just as you would e-mail.
Make sure you use secure websites "https://" for online transactions and shopping.
Select a hard-to-guess password and keep it to yourself.
Use a password-protected screen saver (prevent unauthorized access.)
Lock up your computer when not in use (maintain your confidentiality.)
Shred documents containing personal information before discarding them to trash.
On a public or corporate network - access only information you need to do your job.
(This, too, falls into the category of confidentiality.)
Security concerns arise when old computer equipment is retired...
...There are professional media destruction methods to destroy the old hard drives!
Potential breach of confidentiality when a computer is given to another person...
...each user must have their own account!
Corporate users:
Everyone who has access to computers with sensitive information must understand
their security role and responsibilities.
If there is a company-wide Security Policy, users must read, understand, agree, and sign the document.
Personal computer users:
Protect your personal data when using the Internet, e-mail, and IM.
Ethics deals with what is right and wrong...
...so we can have peace of mind and be able to sleep at night.
At work, ethics needs to be focused on providing best products and services to clients and customers...
...and our computing practices need to ensure that computer operatins support such mission.
Computer practices should not do anything that could introduce problems to the computer network or tarnish your own reputation.
If you made a mistake...
...it is ethical to bring it to the supervisor's attention as soon as possible and prevent the issue from causing additional harm.
Some organizations consider it to be a privilege if some "limited personal use" takes place of certain resources, such as computers, email, Internet access, phone, and fax.
Restrictions for personal use of resources can vary...
...read and understand the company's policy.
Make sure that what you do on a computer is legal and ethical.
Many activities are illegal, inappropriate, or offensive to fellow employees or the public.
These include hate speech or material that ridicules others because of their race, religion, color, sex, disability, national origin, or sexual orientation.
Some personal use (downloading large files) may slow down, delay, or disrupt computer systems.
If you believe someone is breaking a computer crime law, you should:
Not do anything about it
Inform your supervisor
Contact the news media
All of the above
Which of the following is considered inappropriate use of computer resources?
Running a side business
Applying for another job during your lunch time
Gambling
Visiting a news web site during a break
Case Project 1-1 (textbook page 27):
Start MS Word.
If using version 2003, click Tools -> Options...
If using 2007, click Office Button -> Prepare -> Encrypt Document...
Enter password and click OK.
Type some text and save file.
Re-open the file. What happens?
Continue with the rest of the project steps.
See also: additional info regarding privacy issues with MS Office.
Your assignment is to do the work required by Case Project 1-4 (textbook page 41.)
In addition, add a paragraph about new things that you have learned while working on this project.
Make sure to include the links to the material that you find online.
Submit your document via e-mail attachment sent to:
Igor Kholodov
, Igor.Kholodov@bristolcc.edu