icdl it security

Sales Training

ICDL PROFILE

Presented by : Shajid C1

IT SecurityMODULE - 12Security Concepts

International Computer Driving License Module 12 ExecuTrain of Qatar

Data ThreatsDistinguish between data and information.Understand the term cybercrime.Understand the difference between hacking, cracking and ethical hacking.Recognise threats to data from force majeure like: fire, floods, war, earthquake.Recognise threats to data from: employees, service providers and external individuals.


Distinguish between data and informationData is raw, unorganized facts that need to be processed. Data can be something simple and seemingly random and useless until it is organized.When data is processed, organized, structured or presented in a given context so as to make it useful, it is called information.International Computer Driving License Module 5 ExecuTrain of Qatar

CybercrimeIdentity TheftPhishingHackingDownloading illegal music or videos.Electronic Vandalism, terrorism and extortion.Illegal interception of communications.Inappropriate and other offensive materialElectronic money laundering.


Hacking / Cracking/ Ethical Hacking


Threats to data from force majeureForce Majeure relates to unforeseen events beyond the control of the company.FireFloodsWarEarthquake.


Other threats to dataEmployeesService providersExternal individualsInternational Computer Driving License Module 12 ExecuTrain of Qatar

Value of InformationReasons for protecting personal information like: Avoiding identity theftName, Credit Card Number, Address, DOB, etc.FraudBorrow moneyObtain Services


Value of Informationcont..Reasons for protecting commercially sensitive information like:Preventing theft or misuse of :Client detailsFinancial information


Value of Informationcont..Identify measures for preventing unauthorised access to data like: EncryptionDigital ID (Private Key)Certificate (Public Key)PasswordsInternational Computer Driving License Module 12 ExecuTrain of Qatar

Value of Informationcont..Basic characteristics of information security like: Confidentiality Integrity Availability


Value of Informationcont..Identify the main data/privacy protection, retention and control requirements in your country.Data Protection Act.1995 European Data Protection DirectiveTo Protect the rights of the Data SubjectTo set out the responsibilities of the data controller


Value of Informationcont..Rights of the Data Subject:Fairly and lawfully processedProcessed for limited purposesAdequate, relevant and not excessiveAccurateNot kept longer than necessaryProcessed in accordance with the data subject rightsSecureNot transferred to countries without adequate data protection


Value of Informationcont..Importance of creating and adhering to guidelines and policies for ICT use.FirewallAutomatic UpdatesAnti virusAnti-spywarePasswordsInternet SecurityInstall and Uninstall Devices or Software's.


Personal SecuritySocial engineering Information gathering.Fraud.Computer system access.


Methods Of Social EngineeringPhone CallsPhishingShoulder Surfing


Identity theft and its implicationsPersonalFinancialBusinessLegal


Methods of identity theftInformation DivingSkimmingPretexting


File SecurityUnderstand the effect of enabling/ disabling macro security settings.Set a password for files like:DocumentsCompressed filesSpreadsheets


EncryptionAdvantages Of EncryptionLimitations Of Encryption


Malware


MalwareTrojansRootkitsBackdoors

International Computer Driving LicenseInfectious MalwareVirusesWorms


MalwaresTypes of data theft, profit generating/extortion malwares : AdwareSpyware BotnetsKeystroke LoggingDiallers


Anti-virus softwareAnti-VirusLimitations of Anti-VirusVirus Scan Specific drivesFoldersFiles usingSchedule scans


Anti-virus softwareQuarantine : Effect of quarantining infected/suspicious files.


Anti-virus software - InstallationImportance of :Downloading and installing software updatesAnti-virus definition files


Network Security


NetworksNetwork types:Local area network (LAN)Wide area network (WAN)Virtual private network (VPN)

International Computer Driving LicenseRole of the network administratorManaging the:AuthenticationAuthorisationAccounting


FirewallFunctionsLimitationsInternational Computer Driving License Module 12 ExecuTrain of Qatar

Network ConnectionsCablesWirelessInternational Computer Driving License Module 12 ExecuTrain of Qatar

Network Security ImplicationsMalwareUnauthorised data accessMaintaining PrivacyInternational Computer Driving License Module 12 ExecuTrain of Qatar

Wireless SecurityPassword for Wireless network.Wired Equivalent Privacy (WEP)Encryption using Network Security key. Wi-Fi Protected Access (WPA)Media Access Control (MAC)International Computer Driving License Module 12 ExecuTrain of Qatar

Unprotected Network - Security issuesVisibility to other users


Connect to a Wi-Fi network


Access ControlNetwork AccountLoginUsername and PasswordPassword PoliciesEasy to remember difficult to guessMinimum Eight CharactersMix of Numbers letters symbolsCase sensitiveInternational Computer Driving License Module 12 ExecuTrain of Qatar

Biometric SecurityFingerprint ScanningFacial RecognitionVoice RecognitionEye ScanningInternational Computer Driving License Module 12 ExecuTrain of Qatar

Secure Web Use


Web BrowsingBe aware that certain online activity (purchasing, financial transactions) should only be undertaken on secure web pages.Identify a secure website like:httpslock symbol


PharmingPharming is a cyber attack intended to redirect a website's traffic to another, fake site.Pharmingcan be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server softwareInternational Computer Driving License Module 12 ExecuTrain of Qatar

Digital CertificateIn cryptography, a public keycertificate(also known as adigital certificateor identity certificate) is an electronic document used to prove ownership of a public key.Secure Socket Layer (SSL)Transport Layer Security (TSL)


SSL


One Time Password - OTPA one-time password is a password that is valid for only one login session or transaction, on a computer system or other digital device.International Computer Driving License Module 12 ExecuTrain of Qatar

Browser SettingsAutocompleteCookieDelete Private DataInternational Computer Driving License Module 12 ExecuTrain of Qatar

Content ControlInternet filtering software,Parental control software.


Social NetworkingUnderstand the importance of not disclosing confidential information on social networking sites


Social Networking Cont..Be aware of the need to apply appropriate social networking account privacy settings.Understand potential dangers when using social networking sites like: Cyber BullyingGroomingMisleading/Dangerous InformationFalse IdentitiesFraudulent Links Or Messages.


Communications


Encrypting, Decrypting An EmailUnderstand the purpose of encrypting, decrypting an email.Understand the term digital signature.Create and add a digital signature.


eMail SecurityBe aware of the possibility of receiving fraudulent and unsolicited e-mailUnderstand the term phishing. Identify common characteristics of phishing like: using names oflegitimate companies, people, false web links.Be aware of the danger of infecting the computer with malware by opening an e-mail attachment that contains a macro or an executable file.


Instant MessagingUnderstand the term instant messaging (IM) and its usesUnderstand the security vulnerabilities of IM like:malware, backdoor access, access to files.Recognise methods of ensuring confidentiality while using IM like: encryption, non-disclosureof important information, restricting file sharing


Secure Data ManagementInternational Computer Driving License Module 12 ExecuTrain of Qatar

Securing and Backing Up DataRecognise ways of ensuring physical security of devices like: log equipment location and details, use cable locks, accesscontrol.


Securing and Backing Up DataRecognise the importance ofhaving a back-up procedure in case of loss of data, financial records, web bookmarks/history.


Securing and Backing Up DataIdentify the features of a backup procedure like:regularity/frequency, schedule, storage location.


Back up and Restore dataBack up data.Restore and validate backed up data.


Secure DestructionUnderstand the reason for permanently deleting data from drives or devices.Distinguish between deleting and permanently destroying data


Secure DestructionIdentify common methods of permanently destroying data like: shreddingdrive/media destruction degaussingUsing data destruction utilities.


International Computer Driving License

icdl it security

Documents

license module

executrain of qatar

data subjectto

data protection act

adequate data protection

data subject rightssecurenot

personal information

sensitive information