UC Santa CruzInformation Technology Services
  Home About ITS Services ITS News Policies Governance ITS Staff Site Jobs Find An Answer Feedback

Computer Security Tutorial Module 1 (Text-Only Version)

Home > IT Security Awareness > Computer Security Tutorial Module 1 (Text-Only Version)

Computer Security Tutorial (Text-Only Version)
Module 1: Introduction to Computer Security


What is Computer Security?

Computer Security is the protection of computing systems and the data that they store or access.

Why is Computer Security Important?

Computer Security allows the University to carry out its mission by:

  • Enabling people to carry out their jobs, education, and research
  • Supporting critical business process
  • Protecting personal and sensitive information

Quiz: What could happen if my computer gets hacked? (select all that apply)

  1. It could be used to hide programs that launch attacks on other computers.
  2. It could be generating large volumes of unwanted traffic, slowing down the entire system.
  3. Someone could be distributing illegal software from my computer, without my realizing it.
  4. Someone could access restricted or personal information on my computer (e.g. identity theft).
  5. Someone could record all of my keystrokes and get my passwords.

Of course, the answer is "All of the above." A compromised computer can be used for all kinds of surprising things.

Why do I need to learn about Computer Security? Isn't this just an I.T. problem?

Good Security Standards follow the "90 / 10" Rule:

  • 10% of security safeguards are technical.
  • 90% of security safeguards rely on the computer user ("YOU") to adhere to good computing practices

Example: The lock on the door is the 10%. You remembering to lock the lock, checking to see if the door is closed, ensuring others do not prop the door open, keeping control of the keys, etc. is the 90%. You need both parts for effective security.

What Does This Mean for Me?

  • This means that everyone who uses a computer needs to understand how to keep their computer and data secure.
    • Information Technology Security is everyone's responsibility
  • Members of the UCSC community are also responsible for familiarizing themselves and complying with all University policies, procedures and standards relating to information security.

Many cyber security threats are largely avoidable. Some key steps that everyone can take include:

  • Use good, cryptic passwords that can't be easily guessed - and keep your passwords secret
  • Make sure your computers operating system are protected with all necessary security "patches" and updates
  • Make sure your computer is protected with up-to-date antivirus software
  • Don't click on unknown or unsolicited links or attachments, and don't download unknown files or programs onto your computer
  • Remember that information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept
    • To help reduce the risk, make sure web pages have https, (not http,) in the web address (URL) before you enter any sensitive information or a password.
    • Also avoid standard, unencrypted e-mail and unencrypted Instant Messaging (IM) if you’re concerned about privacy

 

Security Objectives

  • Learn "good computing security practices."
  • Incorporate these practices into your everyday routine. Encourage others to do so as well.
  • Report anything unusual - Notify the appropriate contacts if you become aware of a suspected security incident

What are the consequences for security violations?

  • Risk to security and integrity of personal or confidential information
    • e.g. identity theft, data corruption or destruction, unavailability of critical information in an emergency, etc.
  • Loss of valuable business information
  • Loss of employee and public trust, embarrassment, bad publicity, media coverage, news reports
  • Costly reporting requirements in the case of a compromise of certain types of personal, financial and health information
  • Internal disciplinary action(s) up to and including termination of employment, as well as possible penalties, prosecution and the potential for sanctions / lawsuits

The different modules of this tutorial will

  • Discuss the risks to your computer and the data it contains
  • Provide some guidelines for avoiding risks
  • Suggest some practical and easy solutions

 

Introduction to Computer Security Completion Cerificate

Other Training Modules:

Social Engineering
Internet Privacy and Security
Practice "Safe Emailing"
Password Strength and Security
Ten Other Essential Security Measures
Protecting PII and Other Restricted Data
Reporting I.T. Security Incidents
Additional Information & Resources
Security Self-Test: Questions & Scenarios

Rev. January 2009