LEGAL AND SECURITY ISSUES IN ICT - PowerPoint PPT Presentation

About This Presentation
Title:

LEGAL AND SECURITY ISSUES IN ICT

Description:

LEGAL AND SECURITY – PowerPoint PPT presentation

Number of Views:4
Slides: 65
Provided by: adiasanirobert2
Category:
Tags:

less

Transcript and Presenter's Notes

Title: LEGAL AND SECURITY ISSUES IN ICT


1
LEGAL AND SECURITY ISSUES IN ICT
2
LEGAL AND SECURITY ISSUES IN ICT
  • This course provides understanding of the
    fundamentals of information security.
  • This will be accomplished by defining key terms,
    explaining essential concepts, and providing the
    knowledge and understanding of information
    security.
  • The course will also discuss access control
    devices commonly deployed by modern operating
    systems, and new technologies that can provide
    strong authentication to existing
    implementations.
  • (National Teachers Standard 2c, 2e, 3a, 3e, 3h,
    3i, 3k, 3p/ NTECF Pillar 1, 2 3, crosscutting
    issues Core skills, Assessment.

3
LEGAL AND SECURITY ISSUES IN ICT
  • This course provides understanding of the
    fundamentals of information security.
  • This will be accomplished by defining key terms,
    explaining essential concepts, and providing the
    knowledge and understanding of information
    security.
  • The course will also discuss access control
    devices commonly deployed by modern operating
    systems, and new technologies that can provide
    strong authentication to existing
    implementations.
  • (National Teachers Standard 2c, 2e, 3a, 3e, 3h,
    3i, 3k, 3p/ NTECF Pillar 1, 2 3, crosscutting
    issues Core skills, Assessment.

4
LEGAL AND SECURITY ISSUES IN ICT
  • Goal for the Subject or Learning Area

5
Goal for the Subject or Learning Area
  • This course provides understanding of the
    fundamentals of information security.
  • This will be accomplished by defining key terms,
    explaining essential concepts, and providing the
    knowledge and understanding of information
    security.
  • The course will also discuss access control
    devices commonly deployed by modern operating
    systems, and new technologies that can provide
    strong authentication to existing
    implementations. (National Teachers Standard
    2c, 2e, 3a, 3e, 3h, 3i, 3k, 3p/ NTECF Pillar 1,
    2 3, crosscutting issues Core skills,
    Assessment.

6
LEGAL AND SECURITY ISSUES IN ICT
  • 2. Key contextual factors

7
2. Key contextual factors
  • There is a high mobile communication device
    ownership in the Ghanaian society.
  • Most students and teachers have interest and
    experience in using these devices for social and
    personal interactions.
  • However, the integration of ICT into teaching and
    learning is low in Ghanaian schools.
  • Ghanaian schools can be categorised as low
    technology-rich learning environment particularly
    in the public schools.

8
2. Key contextual factors
  • The following affect effective teaching and
    account for this low integration of ICT in
    teaching and learning
  • There is an intra-national digital divide
    (Rich/Poor, Male/Female, Urban/Rural,
    SEN/Typical)
  • Generally, there is low internet connectivity
    especially in the rural communities.
  • Most schools lack computing facilities.
  • Some schools do not have electricity supply
  • Existing facilities do not favour people with
    disability

9
LEGAL AND SECURITY ISSUES IN ICT
  • 3. Course Description

10
3. Course Description
  • This course examines the various definitions and
    categorizations of firewall technologies and the
    architectures under which firewalls may be
    deployed.
  • The course also discusses security technologies
    by examining the concept of the intrusion, and
    the technologies necessary to prevent, detect,
    react, and recover from intrusions.
  • Specific types of intrusion detection and
    prevention systems (IDPSs)the host IDPS, network
    IDPS, and application IDPS.

11
3. Course Description
  • This course explores national laws that guide the
    field and use of ICT, and presents a detailed
    examination of the computer ethics that the users
    and those who implement information security must
    adhere to. (National Teachers Standard 1a, 1b,
    3b, 3c, 3e, 3d, 3n/NTECF Pillar crosscutting
    issues Core skills, Professional values and
    attitudes).
  • This course will be taught through interactive
    discussions, seminars and presentation of the
    various concepts to student-teachers.
  • The course will be assessed through assignments,
    quizzes and classroom exercises to evaluate
    student-teachers understanding and knowledge of
    Information security concepts.

12
LEGAL AND SECURITY ISSUES IN ICT
  • 4. Core and transferable skills and cross cutting
    issues, including equity and inclusion

13
4. Core and transferable skills and cross cutting
issues, including equity and inclusion
  • Digital literacy of student teachers will be
    enhanced by giving them opportunities to surf and
    present information across units using various
    digital tools
  • Critical thinking is developed in student
    teachers when they collect data, analyse and
    reflect on interventions. Collaboration is
    fostered through assigning group projects and
    presentation of various topics across units and
    encouraging a healthy school-community
    relationship
  • Communicative skills of student teacher would be
    enhanced through the examination, interrogation
    and presentation of their misconceptions and
    philosophies

14
4. Core and transferable skills and cross cutting
issues, including equity and inclusion
  • Personal development Enquiry skills in action
    research would be fostered acquiring skills for
    collecting data, analysing and initiating
    interventions for individual children and small
    groups.
  • Respect for diversity and Individual differences
    would be engendered in student teachers by
    applying appropriate interventions, examining and
    reflecting their usefulness
  • Honesty and Accountability would be fostered by
    stating the regulations regarding fair use as
    well as, presentation of a project report on
    compliance with acceptable use policies and other
    guidelines.

15
Instructional Resources
16
Instructional Resources
  • Smartphones
  • Laptops
  • Desktop computers
  • Tablets
  • TV and Radio
  • Open Educational Resources (Including YouTube,
    MOOCS-Udemy/coursera, khan academy, TESSA)
  • The iBox (CENDLOS)
  • Productivity tools
  • Subject based application software

17
MODE OF ASSESSMENT
  • Attendance Online Quizzes Class exercises
  • Individual and group Presentation Midterm
    examination
  • End of Semester Examination

18
MODE OF DELIVERY
  • Lectures face-to-face, online, e-learning
    Group Discussions
  • Case studies and analysis Illustrative
    presentations Independent studies

19
MODE OF ASSESSMENT
  • Attendance Online Quizzes
  • Subject Project
  • Class exercises
  • Individual and group Presentation
  • Midsemester examination
  • End of Semester Examination

20
Security fundamental I
  • UNIT 1

21
KEY TERMS
  • Asset
  • An organisational resource that is being
    protected Logical - website, software
    information, data Physical - person, computer
    system, hardware
  • Information asset
  • The focus of information security information
    that has value to the organisation, and the
    systems that store, process and transmit the
    information
  • Information Security (InfoSec)
  • Protection of the confidentiality, integrity, and
    availability of information assets, whether in
    storage, processing, or transmission, via the
    application of policy, education, training and
    awareness technology
  • Security
  • A state of being secure and free from danger or
    harm.

22
KEY TERMS
  • Asset
  • An organisational resource that is being
    protected Logical - website, software
    information, data Physical - person, computer
    system, hardware
  • Information asset
  • The focus of information security information
    that has value to the organisation, and the
    systems that store, process and transmit the
    information
  • Information Security (InfoSec)
  • Protection of the confidentiality, integrity, and
    availability of information assets, whether in
    storage, processing, or transmission, via the
    application of policy, education, training and
    awareness technology
  • Security
  • A state of being secure and free from danger or
    harm.

23
  • INTRO UCTION TO SECURITY

24
Security fundamental I
  • Information Security Principles
  • Confidentiality
  • Integrity
  • Availability
  • (CIA)

25
INTRODUCTION TO SECURITY
  • Security, in general, is to be free of danger.
  • Protection from the risk of loss, damage,
    unwanted modification, and other hazards.
  • Its e?ectiveness depends on the implementation of
    a multi-layered system Specialised areas include
  • Physical security - protection of physical items
  • Operations security - protection of details of an
    organisations operations and activities
  • Communications security - protection of all
    communications media, technology and content
  • Cyber (or computer) security - protection of
    computerised information processing systems and
    the data they contain and process
  • Network security - protecting voice and data
    networking components, connections and content.

26
INTRODUCTION TO SECURITY
  • Information Security - protection of information
    and the characteristics that give it value -
    confidentiality, integrity and availability.
  • Includes technology that houses and transfers
    that information through a variety of protective
    mechanisms such as policy, technology, and
    training and awareness programs

27
INTRODUCTION TO SECURITY
28
AT THE EN? OF THIS LECTURE
  • UNIT 1

29
AT THE EN? OF THIS LECTURE
  • You should be able to
  • List and discuss the key characteristics of
    Information Security
  • List and describe the dominant categories of
    threats to information security
  • Discuss the key characteristics of leadership and
    management Describe the importance of the
    managers role in securing an organisations
    assets

30
DISCUSSION
  • What can be classified as assets in the education
    setting?
  • What types of information can be classified as
    information assets in the education setting, and
    why?
  • Does infosec exist in current education
    institutions? If yes, give examples. If not, why
    not?
  • Do you think there is adequate security in the
    current education sector? Explain your answer

31
DISCUSSION FEED BACK
  • Buildings, computers, furniture - no
    burglar-proof, lack of security personnel, CCTV,
  • Examination - questions, scores, marking scheme -
    encryption, passworded computers, access
    features
  • Admission details -
  • Certificates
  • personnel - giving them name tags to prevent
    intruders, dresscode, securing sta? bungalows
    with security personnel, CCTV, protecting
    personal information, general security controls
    at the entry points of the organisation, Health
    and safety mechanisms

32
  • THE VALUE OF INFORMATION (KEY CHARACTERISTICS)
    AN? THE C.I.A. TRIA

33
THE VALUE OF INFORMATION (KEY CHARACTERISTICS)
AN? THE C.I.A. TRIA
  • Confidentiality - limiting access to information
    to those who need it and preventing access by
    those who do not. (Closely related to privacy)
  • Measures to be taken include Information
    classification
  • Secure document (and data) storage Application
    of general security policies
  • Education of information custodians and end-users
    Cryptography (encryption)
  • Especially important for personal information
    about employees, customers, etc
  • Avoid deliberate or mistaken disclosure as much
    as possible -
  • wrong emails, leakage of usernames and passwords,
    etc

34
THE VALUE OF INFORMATION (KEY CHARACTERISTICS)
AN? THE C.I.A. TRIA
  • Integrity (or completeness) - threatened when
    exposed to corruption, damage, destruction or
    any other disruption of its original state,
    which occurs during entry, storage or
    transmission.
  • Causes of corruption include viruses and worms,
    faulty. Programming, noise in transmission
    channels, deliberate attacks
  • A variety of error-control techniques can
    preserve integrity use of redundancy and check
    bits, error-correcting codes, hash values and
    algorithms, retransmission, etc

35
THE VALUE OF INFORMATION (KEY CHARACTERISTICS)
AN? THE C.I.A. TRIA
  • Availability - authorised users having access to
    information in a usable format.
  • e.g., library patrons presenting required
    identification before accessing a collection of
    research material, access cards used to access
    restricted areas
  • Privacy - information being used only in ways
    approved by the persons that provided it.
  • Information aggregation (Ghana card-NHIS-SSNIT
    info- Driving License apps on phones, SIM
    registration-GRA-Tax) allow data to be used in
    ways that the original data owner may not know
    or agree to.

36
THE VALUE OF INFORMATION (KEY CHARACTERISTICS)
AN? THE C.I.A. TRIA
  • Identification - The ability to recognise
    individual users.
  • The first step to gaining access to secured
    material
  • Authentication - The process by which a control
    establishes whether a user (or system) is the
    entity it claims to be
  • PIN, password, passphrases, fingerprints, eye
    scans, secure socket layer (SSL)

37
THE VALUE OF INFORMATION (KEY CHARACTERISTICS)
AN? THE C.I.A. TRIA
  • Authorisation - defines what the user (person or
    system) has been specifically and explicitly
    allowed by the proper authority to do - access,
    modify, delete, update
  • Accountability - occurs when a control assures
    that every activity undertaken can be attributed
    to a named person or automated process.
  • For example, audit logs track user activity on an
    information system.

38
KEY CONCEPTS OF INFORMATION SECURITY
  • Threats and Attacks

39
KEY TERMS
  • Attack (or threat event) - an intentional or
    unintentional act that can damage or otherwise
    compromise information and the systems that
    support it
  • Exploit - a technique used to compromise a system
  • Loss - a single instance of an information asset
    su?ering damage or destruction, unintended or
    unauthorised modification or disclosure, or
    denial of use
  • Threat (or threat source) - any event or
    circumstance that has the potential to a?ect
    operations and assets adversely
  • Threat agent - the specific instance or a
    component of a threat Vulnerability - a
    potential weakness in an asset or its defence
    control system(s)

40
IN THE ART OF WAR
  • According to Chinese General, Sun Tzu Wu (circa
    500BC)
  • One who knows the enemy and knows himself will
    not be in danger in a hundred battles
  • One who does not know the enemy but knows
    himself will sometimes win, sometimes lose
  • one who does not know the enemy and does not
    know himself will be in danger in every battle

41
IN THE ART OF WAR
  • To protect your organisations information, you
    must
  • Know yourself and be familiar with the
    information assets to be protected
  • their inherent flaws and vulnerabilities,
  • the sytems, mechanisms and methods used to store,
    transport, process, and protect them
  • Know the threats you face
  • Management must be informed about the various
    threats to an organisations people,
    applications, data and information systems

42
THE 12 CATEGORIES OF THREAT
43
THE 12 CATEGORIES OF THREAT
Category of Threat Attack Examples
Compromises to intellectual property Piracy, copyright infringement
Deviations in quality of service ISP, power or WAN service problems
Espionage or trespass Unauthorized access and/or data collection
Forces of nature Fire, floods, earthquakes, lightning
Human error or failure Accidents, employee mistakes
Information extortion Blackmail, information disclosure
Sabotage or vandalism Destruction of systems or information
Software attacks Viruses, worms, macros, denial of service
Technical hardware failures or errors Equipment failure
Technical software failures or errors Bugs, code problems, unknown loopholes
Technological obsolescence Antiquated or outdated technologies
Theft Illegal confiscation of equipment or information
44
Required Text (core)
  • Whitman, Michael E., and Herbert J. Mattord.
    Principles of information security (4th ed.).
    Cengage Learning, 2011.
  • Parliament of Ghana (2012). Data Protection Act,
    2012 (Act 843), Retrieve from Ghana Data
    Protection Commission website https//www.datapro
    tection.org.gh/data-protection-act
  • Parliament of Ghana (2008). Electronic
    communications act 2008 (775), Retrieve from
    website https//www.moc.gov.gh/ ,
    https//nca.org.gh/
  • Parliament of Ghana. Law of Contract (act 25,
    1960), Retrieve from http//laws.ghanalegal.com/ac
    ts/id/18/contracts-act

45
Additional Reading List
  • Anderson, Ross J. Security engineering a guide
    to building dependable distributed systems. John
    Wiley Sons, 2010.
  • Selected articles and online resources
    (youtube.com, MOOCs Khan Academy, TESSA, Udemy
    etc)

46
DISCUSSION
47
ASSESSEMENT
  • Project-/problem-/inquiry-based assessment
    Identify, investigate and develop various
    management documents like ICT policies, security
    plans, review of ICT related law etc

48
Component 3 End of Semester Examination 40
overall
  • Summary of Assessment Method
  • A written assessment to assess student teachers
    basics of information security and IT related
    legal issues knowledge and understanding the
    various concepts of technology leadership and
    management
  • Weighting 40

49
Security fundamental II
  • Security Concepts

50
Lesson description
  • In this lesson, Student teachers will examine the
    various security concepts in Information
    Technology.
  • Assess the risks and identify vulnerabilities of
    information assets and Recommend appropriate
    protection for information assets

51
Security Concepts
  • Security Concepts
  • 1. Vulnerabilities
  • 2. Threats
  • 3. Threat Actors
  • 4. Exploits
  • 5. Risk

52
vulnerability
  • A vulnerability, in information technology (IT),
    is a flaw in code or design that creates a
    potential point of security compromise for an
    endpoint or network.
  • Vulnerabilities create possible attack vectors,
    through which an intruder could run code or
    access a target system's memory.

53
vulnerability
  • A vulnerability is a weakness that can be
    exploited by cybercriminals to gain unauthorized
    access to a computer system.
  • After exploiting a vulnerability, a cyberattack
    can run malicious code, install malware, and even
    steal sensitive data.

54
Vulnerability Examples
  • There are several different types of
    vulnerabilities, determined by which
    infrastructure theyre found on.
  • Vulnerabilities can be classified into six broad
    categories
  • 1. Hardware
  • 2. Software
  • 3. Network
  • 4. Personnel
  • 5. Physical site
  • 6. Organizational

55
THREAT
  • A threat is a statement of an intention to
    inflict pain, injury, damage, or other hostile
    action on someone in retribution for something
    done or not done.

56
THREAT
  • A threat is a statement of an intention to
    inflict pain, injury, damage, or other hostile
    action on someone in retribution for something
    done or not done.
  • an expression of intention to inflict evil,
    injury, or damage

57
Threat actor
  • Threat actor
  • A threat actor or malicious actor is either a
    person or a group of people that take part in an
    action that is intended to cause harm to the
    cyber realm including computers, devices,
    systems, or networks
  • A threat actor is any inside or external attacker
    that could affect data security.
  • Anyone can be a threat actor from direct data
    theft, phishing

58
EXPLOIT
  • a software tool designed to take advantage of a
    flaw in a computer system, typically for
    malicious purposes such as installing malware

59
Vulnerability Examples
  • Vulnerabilities can be classified into six broad
    categories
  • 1. Hardware
  • Any susceptibility to humidity, dust, soiling,
    natural disaster, poor encryption, or firmware
    vulnerability.

60
Vulnerability Examples
  • Vulnerabilities can be classified into six broad
    categories
  • 2. Software
  • ?Insufficient testing, lack of audit trail,
    design flaws, memory safety violations (buffer
    overflows, over-reads, dangling pointers), input
    validation errors (code injection, cross-site
    scripting (XSS), directory traversal, email
    injection, format string attacks, HTTP header
    injection, HTTP response splitting, SQL
    injection), privilege-confusion bugs
    (clickjacking, cross-site request forgery, FTP
    bounce attack), race conditions (symlink races,
    time-of-check-to-time-of-use bugs), side channel
    attacks, timing attacks and user interface
    failures (blaming the victim, race conditions,
    warning fatigue)

61
Vulnerability Examples
  • Vulnerabilities can be classified into six broad
    categories
  • 3. Network
  • Unprotected communication lines,
    man-in-the-middle attacks, insecure network
    architecture, lack of authentication, default
    authentication, or other poor network security.

62
Vulnerability Examples
  • Vulnerabilities can be classified into six broad
    categories
  • 3. Network
  • Unprotected communication lines,
    man-in-the-middle attacks, insecure network
    architecture, lack of authentication, default
    authentication, or other poor network security.
  • 4. Personnel
  • Poor recruiting policy, lack of security
    awareness and training, poor adherence to
    security training, poor password management, or
    downloading malware via email attachments.

63
Vulnerability Examples
  • Vulnerabilities can be classified into six broad
    categories
  • 5. Physical site
  • ?Area subject to natural disaster, unreliable
    power source, or no keycard access.
  • 6. Organizational
  • I?mproper internal controls, lack of audit,
    continuity plan, security, or incident response
    plan.

64
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com