Unit 12: Taking Protective Measures
1. Basic Security Concepts and Needs
Security in Information Technology is about protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
- Confidentiality: Ensuring that information is accessible only to those authorized to have access.
- Integrity: Safeguarding the accuracy and completeness of information and processing methods.
- Availability: Ensuring that authorized users have access to information and associated assets when required.
2. Understanding Security Threats
Threats can target different parts of an IT ecosystem, ranging from individual users to national infrastructure.
Types of Threats:
- Threats to Users: Identity theft, phishing, and social engineering aimed at tricking individuals.
- Threats to Hardware: Physical theft, damage from power surges, or environmental factors.
- Threats to Data: Unauthorized deletion, modification, or data breaches where sensitive information is leaked.
- Cyber Terrorism: Large-scale, politically motivated attacks on information systems to cause widespread disruption or fear.
3. Taking Protective Measures
Keeping a system safe requires a proactive approach involving software tools and personal discipline.
- System Safety: Keeping software and operating systems updated to patch known vulnerabilities.
- Firewalls: Acting as a barrier between your computer and the internet to block unauthorized traffic.
- Antivirus Software: Scanning and removing malicious software like viruses, worms, and Trojans.
4. Protecting Your Privacy and Data
Digital privacy is the ability to control what information you share and who can access it.
Common Privacy Concerns:
- Cookies: Small files stored by websites to track user preferences; they can be managed or blocked to increase privacy.
- Spyware: Software that secretly monitors user activity and collects personal information.
- Bugs: Flaws in software that can be exploited to gain unauthorized access.
5. Backing Up and Safeguarding Hardware
Physical protection and data redundancy are the final lines of defense.
- Data Backup: Regularly creating copies of important files on external drives or cloud storage to prevent data loss from system failure or ransomware.
- Safeguarding Hardware: Using physical locks, surge protectors, and maintaining proper environmental conditions (temperature/humidity).
6. Exam Focus Enhancements
Exam Tips
- The "CIA" Triad: If asked about basic security concepts, remember the acronym CIA: Confidentiality, Integrity, and Availability.
- Proactive vs. Reactive: Protective measures are proactive (done before an attack), while backups are reactive (used after something goes wrong).
- Cookie Management: Know that cookies are not always "bad"—they are used for legitimate purposes like keeping you logged in, but must be managed for privacy.
Common Mistakes
- Backup vs. Sync: Thinking "Cloud Sync" (like Google Drive) is a true backup. If you delete a file locally and it syncs, it might be deleted in the cloud too. A real Backup is a separate, static copy.
- Hardware Security: Forgetting that security isn't just software. A stolen laptop means all data is at risk regardless of how many antivirus programs are installed.
Frequently Asked Questions
Q: What is the most effective way to protect against data loss?
A: Implementing a regular Data Backup routine, preferably following the 3-2-1 rule (3 copies, 2 different media, 1 offsite).
Q: How does Spyware differ from a standard Virus?
A: A virus usually aims to damage the system, while Spyware aims to remain hidden to steal information like passwords or browsing habits.