Impact of Computing and Data Security Practices

Crowdsourcing

Obtaining services from a wide internet audience.

Citizen science

Public involvement in scientific research using their own computing devices.

Creative Commons

Public licenses for free distribution of copyrighted work.

Open Source

Freely available software for use and modification.

Open Access

Research available free of access and use restrictions.

Personally Identifiable Information (PII)

Data that identifies an individual.

Symmetric Key Encryption

Same key for encryption and decryption.

Public Key Encryption

Uses two keys (public and private) for secure communication.

Malware

Software intended to damage systems.

Viruses

Malicious programs that copy themselves and perform harmful activities.

Phishing

Gaining personal data through deception.

Keylogging

Recording keystrokes to obtain confidential information.

Rogue Access Points

Unauthorized access points to secure networks.

Digital Divide

The disparities in access to digital technologies, particularly computers and the internet.

Factors Contributing to the Digital Divide

Infrastructure, Education, Indifference, Cost.

Computing Innovations

Technological advancements that incorporate software or programs to enhance functionality.

Dual Nature of Innovations

Beneficial Effects and Harmful Effects.

Netflix Prize

An example of crowdsourcing for algorithm improvement.

Lego Ideas

An example of crowdsourcing for new product suggestions.

Folding@Home

A citizen science project that allows individuals to contribute data using their computing devices.

Galaxy Zoo

A citizen science project that enables individuals worldwide to contribute to complex research tasks.

Visibility and Usability of Research

Enhanced by open access, accelerating scientific discovery and innovation.

Open Source

Software like the Firefox browser and OpenOffice, which are made freely available and can be modified and redistributed by anyone.

Open Access

Scholarly articles and databases that are accessible online without financial, legal, or technical barriers.

Security

Protecting the confidentiality, integrity, and availability of information is paramount in safeguarding data against cyber threats and unauthorized access.

Privacy

Privacy concerns the right of individuals to control their data and restrict its dissemination to third parties.

PII Examples

Names, social security numbers, biometric records, and any other data that can uniquely identify an individual.

Personal Identifiable Information (PII)

PII is a valuable asset that can be analyzed, processed, and often sold by businesses to advertisers, forming a core part of many companies' business models.

PII Management - Privacy Concerns

The handling and sharing of PII by companies have led to significant privacy concerns, particularly regarding how securely and transparently this information is managed.

Metadata

Includes information like geolocation, time stamps, and device identifiers, while not directly identifying an individual.

Geolocation

Records the location where a digital photo was taken or where a phone call was made.

Time Stamps

Indicate when a file was created, modified, accessed, or when an email was sent.

Device Identifiers

Include information about the device used to take a photo or send a message, such as the make and model of a smartphone or camera.

File Metadata

For documents, this can include the author's name, the organization, document length, and sometimes the network name or machine ID from which it was created or modified.

Impact of Metadata

This data can be used to track user behavior and preferences, often without the user's explicit consent or awareness, leading to potential misuse beyond the intended use envisioned by developers.

Authentication Measures

Authentication measures are crucial for protecting devices and digital assets from unauthorized access, ensuring that only verified users can access sensitive information.

Goal of Authentication

Authentication measures are crucial for protecting devices and digital assets from unauthorized access.

Implementation of Authentication

Effective authentication methods help safeguard against unauthorized data breaches and cyber attacks.

Passwords

A strong password is crucial for basic security hygiene. It should be memorable for the user but complex enough to resist guessing or automated attacks.

Password Strength

Use a mix of upper and lower case letters, numbers, and special characters to increase password strength.

Multi Factor Authentication (MFA)

MFA enhances security by requiring multiple forms of verification before granting access.

Knowledge (MFA)

Something the user knows (e.g., password, PIN).

Possession (MFA)

Something the user has (e.g., a mobile device, security token).

Inherence (MFA)

Something the user is (e.g., biometric data like fingerprints or facial recognition).

User Education

Educating users on the importance of strong passwords and the benefits of multifactor authentication can significantly reduce security risks.

Data Minimization

Companies should collect only the data necessary for the specified purpose, reducing the risk associated with data breaches.

Transparency and Consent

Clear policies on data use, along with explicit user consent for the collection and use of data, are vital for maintaining trust and compliance with privacy laws.

Digital Certificates

Digital certificates are used to validate the ownership of encrypted keys that enable secure communications between parties.

Certificate Authorities (CAs)

CAs are trusted entities that issue digital certificates, confirming the identity of the certificate holder and associating that identity with a public key.

Encryption

Encryption is the process of converting data into a format that can't be read by unauthorized users.

Decryption

Decryption is the reverse process, where ciphertext is turned back into readable data using a key.

Symmetric Key Encryption

Uses the same key for both encrypting and decrypting data; the key must remain secret and is shared between the communicating parties.

AES

AES (Advanced Encryption Standard) is widely used for secure data transmission that requires symmetric keys.

Public Key Encryption (Asymmetric Encryption)

Involves two keys: a public key, which anyone can use to encrypt data, and a private key, which is kept secret by the owner and is used to decrypt data.

RSA

RSA (Rivest-Shamir-Adleman) is a common asymmetric encryption algorithm used for secure data transmissions.

Malware

Malware, or malicious software, is any software intentionally designed to cause damage to a computer, server, client, or computer network.

How Malware Spreads

Malware can be spread through various means, including email attachments, executable files, instant messaging, social media, and even legitimate-looking freeware or shareware.

Computer Viruses

A subset of malware, computer viruses are programs that can replicate themselves and spread to other devices.

Digital Certificates

Implementing digital certificates ensures that communications are secure and that the entities involved are authenticated, minimizing the risk of interception by malicious actors.

Robust Encryption Methods

Utilizing both symmetric and asymmetric encryption can help secure data transmissions against eavesdropping and other forms of cyber attacks.

Regular Updates and Malware Scans

Keeping software up-to-date and performing regular malware scans can protect against known vulnerabilities and malware infections.

Educate Users

Educating users about the risks of suspicious files and links can reduce the chances of malware infection.

Unauthorized Access

Unauthorized access to computers and networks poses a significant risk, potentially leading to data breaches, financial loss, and compromised personal information.

Phishing

Phishing involves tricking users into providing sensitive information by masquerading as a trustworthy entity in electronic communications.

Phishing Method

Typically executed through emails that appear to be from legitimate sources, such as banks or popular websites, but can also occur via fake websites that ask users to input personal details.

Phishing Prevention Tips

Always check the sender's email address and the URL of any links included in the message to ensure they are legitimate.

Do Not Click on Suspicious Links

Avoid clicking on links in unsolicited emails or messages.

Use Anti-Phishing Tools

Employ email filters and browser security tools that help detect and block phishing attempts.

Keylogging

Keylogging involves the use of a program or a device to record the keystrokes made on a computer without the user's knowledge.

Keylogging Purpose

It's primarily used to capture sensitive information like passwords, credit card numbers, and other personal data.

Keylogging Prevention Tips

Install comprehensive antivirus and anti-malware software that can detect and block keylogging software.

Update Regularly

Keep all software updated to protect against vulnerabilities that could be exploited by malware.

Employ Virtual Keyboards

For entering sensitive information, use virtual keyboards to circumvent keyloggers.

Rogue Access Points

A rogue access point is a wireless access point installed on a secure network without the network administrator's consent.

Rogue Access Points Risk

These devices can capture unencrypted data sent between computers and the network, allowing attackers to eavesdrop and potentially alter the data being communicated.

Monitor Network Hardware

Regularly check for unauthorized devices connected to your network.

Secure Wireless Networks

Use strong encryption (WPA3, if available) for Wi-Fi networks to protect against unauthorized access.

Educate Employees

In a corporate environment, educate employees about the importance of securing their devices and the dangers of connecting to untrusted networks.