ITI Study Guide - Exam 3: Security and Privacy

Confidentiality, Integrity, Availability

The protection of information from people who are not authorized to view it

Ensuring that information is protected from an unauthorized or unintentional alteration (information stays accurate)

Systems and data are accessible by users whenever and wherever they are needed

A method of gathering information from public or other open sources

No; instead, the right of privacy exists in the “penumbras” (zones) created by the Constitution

Court case that addressed the existence of the right to privacy through penumbras

Students have the right to have control over the disclosure of personally identifiable information from records

Information resources of any size or complexity, organized expressly for the collection, processing, use, sharing, dissemination, maintenance, or disposition of data or information

Facts, ideas, or knowledge as various forms of data that can be communicated between system entities

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

Any act that influences a person to take an action that may or may not be in his or her best interests

TV commercials

The use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change

Written by Aaron Swartz to protest limited access to archives —> suggested the idea of making copies of information and sharing them with others

Domain Name Server

Phonebook of the Internet

An identifier for a device on a network

1. When you enter a website into your browser, the computer searches its cache memory for the IP address.

2. If it can’t find it, it sends the request to the DNS, who looks for the IP address in its cache memory.

3. If the DNS can’t find it, it sends the request to the root server.

4. If the root server can’t find it, it sends the request to the TLD server.

5. If the TLD server can’t find it, it sends the request to the authoritative name server.

6. If the IP address is found, it is sent back to the DNS, which sends it to the computer.

The process of making information unreadable

The process of making information readable (usually with a key)

Information that is stored somewhere

Encrypts all the information stored on a device and protects it with a passphrase or another authentication method

Encrypts only specific, individual files on a device

Encrypts all the data on a specific storage area on a device

Information that is moving over a network from one place to another

Protects messages as they travel from your device to the app's servers and from the app's servers to the recipient's device, but the messaging service provider can see unencrypted copies of your messages

Protects messages in transit all the way from sender to receiver; the message is encrypted by the original sender and can only be decoded by its final recipient

Sending messages on messaging apps

• Message moves from your device to recipient's device

Web browsing

• Data from webpage travels to website's servers to your browser

HTTPS

• Website servers can see the data you enter while on the site

  • This information is unreadable to eavesdroppers on the network

VPN

• Traffics still travels over ISP's connection, but is encrypted between you and your VPN provider

An old (but nowadays weak) encryption method that involves the shifting of characters a certain number of times

Readable text that is not encrypted

Unreadable text that is encrypted

Uses one key for both encrypting and decrypting messages

Uses two keys: a public key for encryption and a private key for decryption

• Anyone can encrypt the message with the public key

• But only the person with the private key can decrypt messages