Unit 7 – IT System Security and Encryption
Understand current IT security threats, information security and the legal requirements affecting the security of IT systems
Threat types
Social engineering and software-driven threats
Computer network-based threats
Cloud computing security risks
Information security
Unauthorised access or modification of information
Deliberate or accidental loss of information
Intellectual property protection
Legal Requirements
Copyright, designs and patents legislation
Legal liability and contractual obligations
Impact of Security Breaches
Forensics research requirements
Cryptographic techniques and processes for data protection
Cryptographic principles
Principles and uses of encryption
Computational hardness assumption
Cryptography methods
Ciphers, one-time pads, hash functions
Applications of cryptography
Generic Routing Encapsulation (GRE) tunnels
Encryption of data on WiFi networks
Techniques used to protect IT system from security threats
Physical security
Software-based protection
Software and hardware firewalls
Strategies to protect an IT system from security threats
Group policies
Tools for managing a set of IT Systems
Anti-malware
Installation and configuration of
Firewall configuration
Wireless security
Access control
White-listing approved binaries
Testing and reviewing protection
Judging effectiveness and making recommendations for improvement