# CIS105: Computer Applications & Information Systems Lect. 11 ## Chapter 11: Computer Security > Midterm reminder: March 28th - 29th > > - Exam Review after Chapter 11KC > - 40 new questions, 10 KC questions > - Same format as last time ### 11.1: System Security & Computer Privacy - An unsecured computer is extremely easy to breach by any seasoned hacker - Computer Security: Concerned with risk management, confidentiality, integrity, and the availability of the electronic info processed and stored within a computing system - Risk Management: Includes the recognition, consequences, and assessment of risk to a computer's assets, and developing strategies to manage and protect them ### 11.2: Business System Threats - Intranet: A businesses' private version of the internet - The key aspect of an intranet is privacy - Firewall: Hardware and software working together to ensure that only authorized personnel can access the business' intranet ### 11.3: Firewall - Without a firewall, an intranet is just another part of the internet - Proxy Server: A special security computer that allows communication to flow in and out of an intranet to check for external threats - Two standard security practices for firewalls: - Default-Deny - Default-Allow ### 11.4: Malware Threats - The term "virus" comes from biology - Malware Motivations: - Experimental Malware - Worms - Trojan Horses - Spyware/Keylogging - Adware - Spamming - Denial-of-Service Attach (DoS) - The deadliest - Reverse Phishing - "Spear Phishing" ### 11.5: Malware Solutions - Antivirus Software - Norton AntiVirus - McAfee's VirusScan - System patches - Data Backup - Employee training ### 11.6: Internet Fraud - Internet fraud: Any fraudulent activity in an online setting - Google AdSense, Google's advertising network; the middleman between the advertiser and the website owner - Click Fraud: a program that automatically clicks on Ads - Purchase Scam: scammer asks seller to pay for shipping via credit card, cancels credit card after order has shipped - Most uncomplicated type of internet fraud - Phishing: Uses social engineering techniques to gain private information ### 11.7: Computer Privacy - Privacy: The ability of an individual to keep their personal information out of public view - Anonymous: One's personal identity Is not be known - Tracking Cookie: A small text file that tracks your interaction on a website - History files: A list of stored or cached websites on a user's computer > 50% of the time an unsecured computer can be hacked, and a password can be guessed ### 11.8: Identity Theft - Identity theft: A crime concerning the unlawful practice of assuming another individual's identity - Ways to acquire personal information: - Shoulder Surfing - Dumpster Diving - SCAM - Stingy - Check - Ask - Maintain - ASU's Recommended Password Manager: Stache - Bitwarden, 1Password, Dashlane, Keeper, KeePass