This presentation includes 60+ slides that mainly deals with three Computer Security aspects i.e
1. Security Attacks and Threats
2. Security Services
3. Security Mechanisms
Along with that we've also includes Security Awareness and Security Policies
3. Introduction to Computer Security
• Computer security basically is the protection of
computer systems and information from harm,
theft, and unauthorized use.
• It is the process of preventing and detecting
unauthorized use of your computer system.
• Computer Security mainly focuses on three
I. Security Attacks
II. Security Services
III. Security Mechanisms
4. Why is Computer
• Cyber Crime is on the rise
• Damage is Significant
• Cyber Security builds trust
• Our identities protect our data
• Every organization has
5. QUICK FACTS
● 95% of Computer Security breaches
are due to human error.
● There is a hacker attack every 39
● Share prices fall 7.27% on average
after a breach
● Approximately $6 trillion is expected
to be spent globally on cybersecurity
● Unfilled cybersecurity jobs worldwide
is already over 4 million
6. Security threat and security attack
• Threat is a possible danger that might exploit
vulnerability. The actions that cause it to occur
are the security attacks.
• A security attack may be a passive attack or an
The aim of a passive attack is to get
information from the system but it does not
affect the system resources. Passive attacks
are difficult to detect but can be prevented.
An active attack tries to alter the system
resources or affect its operations. Active attack
may modify the data or create a false data.
Active attacks are difficult to prevent.
7. Security Attacks on Users, Computer hardware and
• Attacks on users could be to the identity user and to the privacy of user. Identity attacks
result in someone else acting on your behalf by using personal information like
password, PIN number in an ATM, credit card number, social security number etc. Attacks
on the privacy of user involve tracking of users habits and actions—the website user
visits, the buying habit of the user etc. Cookies and spam mails are used for attacking the
privacy of users.
• Attacks on computer hardware could be due to a natural calamity like floods or
earthquakes; due to power related problems like power fluctuations, etc or by
destructive actions of a burglar.
• Software attacks harm the data stored in the computer. Software attacks may be due to
malicious software, or, due to hacking. Malicious software or malware is a software code
included into the system with a purpose to harm the system. Hacking is intruding into
another computer or network to perform an illegal act.
This chapter will discuss the malicious software and hacking in detail.
8. Malicious Software
Malware is any software intentionally designed to
cause damage to a computer, server, client, or
Malware is typically delivered in the form of a link or
file over email and requires the user to click on the
link or open the file to execute the malware.
Malware has actually been a threat to individuals and
organizations since the early 1970s when the
Creeper virus first appeared
A wide variety of malware types exist:-
1. Computer Viruses
3. Trojan Horses
4. Ransom ware
5. Java scripts and Java applets
6. Spyware, etc.
• A computer virus is a computer program that, when
executed, replicates itself by modifying other computer
• It can attach itself to other healthy programs.
• It is difficult to trace a virus after it has spread across a
• Viruses can be spread through email and text message
attachments, Internet file downloads, and social media
• Computer viruses cause billions of dollars' worth of
economic damage each year.
• If a virus has entered in the system then there might be
frequent pop-up windows, Frequent crashes, Unusually
slow computer performance, Unknown programs that
start up when you turn on your computer, Unusual
activities like password changes.
• Examples of virus:- Melissa, I Love You.
• A computer worm is a type of malware that spreads
copies of itself from computer to computer without
any human interaction.
• Computer worms could arrive as attachments in
spam emails or instant messages (IMs).
• When computer is infected with worms then it
starts to take up free space of your hard drive,
programs might crash, your files may be replaced
• A worm is however different from a virus. A worm
does not modify a program like a virus.
• Examples of worms:- Code Red, Nimda
11. Trojan Horse
• A Trojan horse or Trojan is a type of malware that is
often disguised as legitimate software.
• The term “Trojan” derives from the ancient Greek
story about the deceptive Trojan horse which led
to the fall of the city of Troy.
• A Trojan must be executed by its victim to do its
• Trojan horses contain programs that corrupt the data
or damage the files, corrupt software applications.
• Trojan horse does not replicate themselves like
• If your computer is breached by Trojan malware
then, computer will start frequent crashing,
redirected to unfamiliar websites when browsing
online, increase in pop-ups.
12. Java Scripts, Java applets and ActiveX Controls
language, most commonly used as a part of web
pages, whose implementations allow client-side script
to interact with the user and make dynamic pages.
Explorer, and other web browsers.
code they want when a user visits their website.
• Cyber criminals frequently manipulate the code on
countless websites to make it perform malicious
functions. If we’re browsing a malfunctioned website,
the attackers can easily get access to our device.
13. Java Applets and ActiveX Controls
• Applets (Java programs), and ActiveX controls are
used with Microsoft technology, generally used to
provide added functionality such as sound and
animation which are inserted in Web page.
• Anyone who uses the Internet will eventually access
websites that contain mobile code.
• If these programs are designed with a malicious
intention, then it can be disastrous for the client
• Java’s design and security measures are better
designed and inherently safer than ActiveX, which
provides very few restrictions on the developer.
• Hacking is the activity of identifying weaknesses in a
computer system or a network to exploit the security to
gain access to personal data or business data.
• Hackers are the one who are responsible for hacking and
are increasingly growing in sophistication, using stealthy
attack methods designed to go completely unnoticed by
cyber security software and IT teams.
• Hacking is not always done for malicious purposes,
nowadays most references to hacking as unlawful
activity by cybercriminals motivated by financial gain,
protest, spying, and even just for the “fun” of the
• Nowadays, hacking has become a multibillion-dollar
industry with extremely sophisticated and successful
• There are various ways hackers invade our privacy by
packet sniffing, email hacking, password cracking.
15. Packet Sniffing
• The act of capturing data packet across the computer
network is called packet sniffing.
• It is mostly used by crackers and hackers to collect
information illegally about network. It is also used by ISPs,
advertisers and governments.
• Packet sniffing attacks normally go undetected.
• Ethereal and Zx Sniffer are some freeware packet sniffers.
• Telnet, FTP, SMTP are some services that are commonly
16. Password Cracking
• Password cracking is the process of guessing the
correct password to an account in an unauthorized
• Password cracking can be done for several reasons,
but the most malicious reason is in order to gain
unauthorized access to a computer without the
computer owner’s awareness.
• One of the most common types of password attacks is
a dictionary attack.
• The password is generally stored in the system in an
encrypted form. Password cracker is an application
that tries to obtain a password
17. Email Hacking
• Email hacking is the unauthorized access to, or
manipulation of an account or email correspondence.
• Fraudster get our email by tricking us into clicking on
a link in an SMS or email.
• Once they access your account, they read all your
correspondence, have access to all your contacts and
send emails from your account.
• Hackers use packet replay to retransmit message
packets over a network. Packet replay may cause
serious security threats to programs that require
18. SECURITY SERVICES
• The security services provide specific
kind of protection to system
• Security services ensure
Authentication, and Non-
Repudiation of data or message
stored on the computer, or when
transmitted over the network.
• Additionally, it provides assurance
for access control and availability of
resources to its authorized users.
19. THE CIA TRIAD
Computer security is mainly concerned with these three
1. Confidentiality is ensuring that information is available
only to the intended audience
2.Integrity is protecting information from being modified
by unauthorized parties
3.Availability is making data and resources requested by
authorized users available to them when requested.
Typically, this involves ensuring that only those who are
authorized have access to specific assets and that those
who are unauthorized are actively prevented from
Confidentiality can be violated in many ways, for
example, through direct attacks designed to gain
unauthorized access to systems, applications, and
databases in order to steal or tamper with data.
A failure to maintain confidentiality means that someone
who shouldn’t have access has managed to get access to
Some information security basics to
keep your data confidential are:
Integrity is about ensuring that data has not been tampered
with and, therefore, can be trusted. It is correct, authentic, and
Ecommerce customers, for example, expect product and
pricing information to be accurate, and that quantity, pricing,
availability, and other information will not be altered after they
place an order.
Ensuring integrity involves protecting data in use, in transit
(such as when sending an email or uploading or downloading a
file), and when it is stored, whether on a laptop, a portable
storage device, in the data center, or in the cloud.
Integrity goes hand in hand with the concept of non-
repudiation: the inability to deny something. Non-repudiation
assists in ensuring integrity.
Some security controls designed to maintain the
User access controls
Backup and recovery
Error detection software
Simply, availability means that networks, systems, and
applications are up and running. It ensures that authorized
users have timely, reliable access to resources when they are
Many things can jeopardize availability, including hardware or
software failure, power failure, natural disasters, and human
error. Perhaps the most well-known attack that threatens
availability is the Denial-of-service attack
In Denial of service attack the performance of a system,
website, web-based application, or web-based service is
intentionally and maliciously degraded, or the system becomes
To prevent data loss from such occurrences, a backup copy
may be stored in a geographically isolated location, perhaps
even in a fireproof, waterproof safe.
23. OTHER SECURITY SERVICES
It is the process of ensuring and confirming
the identity of the user before revealing any
information to the user. Authentication is
facilitated by the use of username and
password, smart cards, biometric methods like
retina scanning and fingerprints.
Basically, to repudiate means to deny.
Nonrepudiation is the assurance that
someone cannot deny something.
Typically, nonrepudiation refers to the ability
to ensure that a party to a contract or a
communication cannot deny the authenticity
of their signature on a document or the
sending of a message that they originated.
24. SECURITY MECHANISMS
Security mechanisms are technical tools
and techniques that are used to implement
A mechanism might operate by itself, or
with others, to provide a particular service.
Security mechanisms deal with prevention,
detection, and recovery from a security
26. ● The prefix “crypt” means “hidden” and suffix
“graphy” means “writing”. So Cryptography is
the science of writing information in
“hidden” or “secret” form.
● Cryptography is necessary when
communicating data over any network,
particularly the Internet.
● It protects the data in transit and also the
data stored on the disk.
27. COMMON TERMS USED IN
Cipher and Code
Cipher Text It is the coded message or the encrypted data.
Cipher is an algorithm for performing encryption or decryption. A cipher
converts the original message, called plaintext, into cipher text using a key.
Plaintext is ordinary readable text i.e. unencrypted data
Encryption is the process of converting normal message (plaintext) into
meaningless message (Cipher text).
Decryption is the process of converting meaningless message (Cipher
text) into its original form (Plaintext).
Plain Text Encryption Cipher Text Decryption Plain Text
Non- encrypted data
Non- encrypted data
Non- Readable format
28. CRYPTOGRAPHIC KEY
● A cryptographic key is a string of bits used by a cryptographic
algorithm to transform plain text into cipher text or vice versa.
● Like a physical key, it locks (encrypts) data so that only
someone with the right key can unlock (decrypt) it.
● The size of key is also important. The larger the key, the harder
it is to crack a block of encrypted data.
● The three cryptographic schemes are as follows:
○ Secret Key Cryptography (SKC)
○ Public Key Cryptography (PKC)
○ Hash Functions
Shift by 3
29. SECRET KEY CRYPTOGRAPHY
• Secret-key cryptography is also called symmetric
cryptography because the same key is used to both
encrypt and decrypt the data.
• In this type of cryptography the same key is used by
• The sender uses this key and an encryption algorithm
to encrypt data; the receiver uses the same key and
the corresponding decryption algorithm to decrypt
• One of the big issues with secret key cryptography is
the logistical dilemma of how to get the key from
one party to the other without giving access to the
• Secret key cryptography scheme are generally
• Stream Ciphers
• Block Ciphers.
30. STREAM CIPHER AND BLOCK CIPHER
• Stream ciphers convert one symbol of
plaintext directly into a symbol of cipher text.
• It converts one byte of plain text at a time.
• Uses 8 bits at a time.
• It is easier to reverse the encrypted text to
• Stream cipher is fast in comparison to block
• Block Cipher encrypt a group of plaintext
symbols as one block.
• It converts plaintext block wise at a time.
• Uses 64 bits or more at a time.
• It is difficult to reverse the encrypted text to
• Block cipher is slow as compared to stream
31. PUBLIC KEY CRYPTOGRAPHY
• In public-key cryptography, there are two keys: a
private key and a public key.
• The public key can be shared freely and may be known
• The private key is never revealed to anyone and is kept
• The two keys are mathematically related although
knowledge of one key does not allow someone to
easily determine the other key.
• Because a pair of keys is required for encryption and
decryption; public-key cryptography is also called
33. HASH FUNCTIONS
• Hash functions are one-way encryption
algorithms that, in some sense, use no key.
• The meaning of the verb “to hash” – to chop
or scramble something , that means hash
functions “scramble” data and convert it
into a numerical value.
• No matter how long the input is, the output
value is always of the same length.
• Hash functions are generally used to ensure
that the file has not been altered by an
intruder or virus.
35. DIGITAL SIGNATURE
Bring the attention of your audience over a key
concept using icons or illustrations
In the physical world, it is common to use handwritten
signatures on handwritten or typed messages. They are used
to bind signatory to the message.
Similarly, a digital signature is a technique that binds a
person/entity to the digital data. This binding can be
independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated
from the data and a secret key known only by the signer.
Digital signatures are easy for a user to produce, but difficult
for anyone else to forge. Digital signature scheme is a type of
asymmetric cryptography. Digital signatures use the public-
key cryptography, which employs two keys—private key and
How do Digital Signatures Work?
• Each person adopting this scheme has a public-private key pair.
• Generally, the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the signature key and the
public key as the verification key.
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm which produces
the digital signature on given hash. Signature is appended to the data and then both are
sent to the verifier.
• Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
• Verifier also runs same hash function on received data to generate hash value.
• For verification, this hash value and output of verification algorithm are compared.
Based on the comparison result, verifier decides whether the digital signature is valid.
• Since digital signature is created by ‘private’ key of signer and no one else can have this
key; the signer cannot repudiate signing the data in future.
Importance of Digital Signature
Out of all cryptographic primitives, the digital signature using public key cryptography is
considered as very important and useful tool to achieve information security. Some
importance of Digital Security can be listed as follows:
Message authentication − When the verifier validates the digital signature using public key
of a sender, he is assured that signature has been created only by sender who possess the
corresponding secret private key and no one else.
Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny the
message assuming that data integrity has been breached.
Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in
40. A firewall is a network security mechanism
that monitors incoming and outgoing network
traffic and permits or blocks
data packets based on a set of security rules.
Its purpose is to establish a barrier between
your internal network and incoming traffic
from external sources (such as the internet) in
order to block malicious traffic like viruses and
A firewall can be a hardware component, a
software component, or a combination of
41. Functions of Firewall
• As a Network Security Post. All traffic that enters or exits the
network must go through a firewall as a security post that
will conduct an inspection.
• It prevents valuable information from being leaked without
knowing. In this case, a firewall is useful to prevent users on
the network from sending valuable confidential files to other
• Firewalls can be used for hiding the structure and contents of
a local network from external users.
• It prevents modification of other Party Data. For example in
business matters for financial statement information,
product specifications, and others that are company secrets
and will have a negative impact if known to other parties.
Firewall prevents modification of these data so that they
42. How Firewall Works
Firewall match the network traffic against the rule set defined
in its table. Once the rule is matched, associate action is
applied to the network traffic.
From the perspective of a server, network traffic can be either
outgoing or incoming. Firewall maintains a distinct set of rules
for both the cases. Mostly the outgoing traffic, originated
from the server itself, allowed to pass.
Incoming traffic is treated differently. Most traffic which
reaches on the firewall is one of these three major Transport
Layer protocols- TCP(Transmission Control Protocol) UDP(User
Datagram Protocol) or ICMP(Internet Control Message
All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP
uses type code instead of port number which identifies
purpose of that packet.
44. Packet Filter Firewall
Packet filtering firewall is used to control network access by
monitoring outgoing and incoming packet and allowing them
to pass or stop based on source and destination IP address,
protocols and ports.
The IP packet header is checked for the source and the
destination IP addresses and the port combinations.
Packet firewalls treat each packet in isolation. They have no
ability to tell whether a packet is part of an existing stream of
traffic. Only It can allow or deny the packets based on unique
Packet filtering is fast, easy to use, simple and cost effective. A
majority of routers in the market provide packet filtering
capability. It is used in small and medium businesses.
45. Packet Filter Firewall
Packet filtering firewall maintains a filtering table which decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be Filtered
according to following rules:
Incoming packets from network 192.168.21.0 are blocked.
Incoming packets destined for internal TELNET server (port 23) are blocked.
Incoming packets destined for host 192.168.21.3 are blocked.
All well-known services to the network 192.168.21.0 are allowed.
46. Circuit Filter Firewall
Where packet filter firewall examines the packet
headers, circuit filter firewalls examine a variety of
elements of each data packet and compare them to a
database of trusted information.
So the filtering decisions would not only be based on
defined rules, but also on packet’s history in the state
These elements include source and destination IP
addresses, ports, and applications. Incoming data
packets are required to sufficiently match the trusted
information in order to be allowed through the firewall.
Since this firewall does a lot of inspection it is also
known as a “stateful inspection” firewall.
TCP Request TCP Request
TCP Response TCP Response
47. Application- Level Gateway
Application- Level Gateway is also called Proxy
A proxy server is a type of gateway that hides
the true network address of the computer(s)
connecting through it.
A proxy server creates a virtual connection
between the source and the destination
The client must send a request to the firewall,
where it is then evaluated against a set of
security rules and then permitted or blocked.
Most notably, proxy firewalls monitor traffic
for layer 7 protocols such as HTTP and FTP,
and use both stateful and deep packet
inspection to detect malicious traffic.
Application level gateways or proxy server
48. BASIC SLIDES
Users Identification and Authentication
Identification is the ability to identify uniquely a user of a system or an
application that is running in the system.
Authentication is the ability to prove that a user or application is genuinely
who that person or what that application claims to be.
For example, consider a user who logs on to a system by entering a user ID
and password. The system uses the user ID to identify the user. The system
authenticates the user at the time of logon by checking that the supplied
password is correct.
We will briefly discuss the following 3 authentication mechanisms:
i. User name and password
ii. Smart Card
iii. Biometrics—Fingerprints, Iris/retina scan
49. PICTURES PLACEHOLDERS
Username and Passwords
• The combination of username and password is the most
common method of user identification and
• The systems that use password authentication first
require the user to have a username and a password.
• Next time, when the user uses the system, user enters
their username and password.
• The system checks the username and password by
comparing it to the stored password for that username.
• If it matches, the user is authenticated and is granted
access to the system
50. CLOSURE SLIDES
Ways to Make Passwords Safe
The problem with password is that, for them to be
effective, they need to be an uncommon word, of eight
letters or more and not used anywhere else.
According to Microsoft’s TechNet, for a password to be
effective, it needs to meet the following criteria:
• Changed every 60 days
• At least eight characters long
• Use both upper and lower case characters
• Contain a combination of alphanumeric characters and
• Unique (only used for this particular profile/website)
• Stored using a reversible encryption.
According to CERT, approximately
80% of all network security issues are
caused by bad passwords.
Any invalid user if gets to know of a
valid password can get access to the
system and a simple password can be
51. A smart card is a physical card that has
an embedded integrated chip that acts as a security
Smart cards are typically the same size as a driver's
license or credit card and can be made out of metal
Smart cards are used for a variety of applications,
though most commonly are used for credit cards and
other payment cards.
Smart cards are used in secure identity applications
like employee-ID badges, citizen-ID documents,
electronic passports, driver license and online
52. • Smart card microprocessors or memory chips exchange data with card readers and other
systems over a serial interface. The smart card itself is powered by an external source, usually
the smart card reader.
• A smart card communicates with readers either via direct physical contact or using a short-
range wireless connectivity standard such as RFID or NFC.
• The card reader then passes data from the smart card to its intended destination, usually a
payment or authentication system connected to the smart card reader over a network
How Smart Cards Work?
53. Biometrics is the science and technology of measuring and
statistically analyzing biological data.
Biometric devices are for “authentication and verification” of an
individual with the help of the unique, measurable and biological
trait of that individual.
• Three Types of Biometrics Security
We can mostly label biometrics into three groups:
i. Biological biometrics (use traits at a genetic and molecular
level which may include features like DNA or your blood)
ii. Morphological biometrics ( involve the structure of your
body. More physical traits like your eye, fingerprint, or the
shape of your face)
iii. Behavioral biometrics (based on patterns unique to each
person. How you walk, speak, or even type on a keyboard )
55. Intrusion Detection System
Intrusion basically refers to any unauthorized activity.
An Intrusion Detection System (IDS) is a system that
monitors network traffic for suspicious activity and issues alerts
when such activity is discovered.
It is a software application that scans a network or a system for
harmful activity or policy breaching.
Any malicious activity or violation is typically reported or
collected centrally using a security information and event
56. Detection Method of IDS
Signature-based IDS detects the attacks on the basis of the specific
patterns such as number of bytes or number of 1’s or number of 0’s in the
It also detects on the basis of the already known malicious instruction
sequence that is used by the malware.
The detected patterns in the IDS are known as signatures. Signature-
based IDS can easily detect the attacks whose pattern (signature) already
exists in system but it is quite difficult to detect the new malware attacks
as their pattern (signature) is not known.
57. Detection Method of IDS
2. Anomaly-based Method:
Anomaly-based IDS was introduced to detect the unknown
malware attacks as new malware are developed rapidly.
In anomaly-based IDS there is use of machine learning to
create a trustful activity model and anything coming is
compared with that model and it is declared suspicious if it is
not found in model.
Machine learning based method has a better generalized
property in comparison to signature-based IDS as these
models can be trained according to the applications and
58. The aim of security awareness is to enhance
security of the organization’s resources by
improving the awareness of the need to secure
Security awareness teaches users to spot
phishing, avoid risks online, and use good cyber-
hygiene practices at work and at home.
In order to make the users and people in an
organization aware of the security practices to be
followed, frequent training programs should be
conducted in organizations.
59. Security Policies
• A security policy is a written document in an organization
outlining how to protect the organization from threats,
including computer security threats, and how to handle
situations when they do occur.
• To be practical and implementable, policies must be
defined by standards, guidelines, and procedures.
• The security policy states what is, and what is not allowed.
A security policy must be comprehensive, up-to-date,
complete, delivered effectively, and available to all staff.
• Generally, security policies are included within a security
plan. A security plan details how the rules put forward by
the security policy will be implemented
• The security policy also includes physical security of the
60. Formulation of Security Policies
Security policies are defined based on an
organization’s needs. A security policy includes
approaches and techniques that an organization is
going to apply or include in order to secure its
resources. The steps followed while formulating the
security policy are:
• Analyzing Current Security Policies:
The vulnerabilities and the current security policies
must be analyzed by the security administrators before
defining an effective security policy. The security
administrator is required to study the existing
documents containing details of the physical security
policies, network security policies, data security
policies, disaster recovery plans, and contingency
61. • Identifying IT Assets that Need to be Secure
The security administrator must identify the IT resources of an organization
that need to be secure. It may include the following:
oPhysical resources like computers, servers like database servers and web
servers, local networks that are used to share the local computer with the
remote computer, private networks shared by two or more organizations,
corporate network permanently connected to the Internet, laptop, manuals,
backup media, communication equipment, network cables, and CDs.
oInformation resources like password, data, or applications. The data of an
organization can be classified for security purposes based upon the
sensitivity and the integrity of data. For example, public information, internal
information, confidential information, and secret information.
62. • Identifying Security Threats and Likely Security Attacks
After identifying the IT assets and classifying them, a security administrator
must identify the various security threats to the assets.
For example, in a bank the security threat to the database storing the
account details of the customers may be:
1. Unauthorized access to information
2. Attacks of viruses
3. Worms and Trojan horses
4. Natural disasters like earthquake, fire etc.
63. • Defining the Proactive and Reactive Security Strategies
A proactive strategy is a pre-attack strategy. It involves identifying possible
damage from each type of attack, determining the vulnerabilities that each
type of attack can exploit, minimizing those vulnerabilities and making a
A contingency plan specifies the actions to be taken in case an attack
penetrates into a system and damages the IT assets of the organization. A
contingency plan aims at keeping the computer functional and ensuring the
availability, integrity, and confidentiality of data. However, it is not possible
for the security administrator to prepare a computer against all attacks. A
reactive strategy is implemented on the failure of the proactive strategy. It
defines the steps to be taken after the attack. It aims at identifying the cause
of attack, vulnerabilities used to attack the system, damage caused by the
attack, and repairing of the damage caused by the attack.
64. • Computer Fundamentals, Anita Goel, Pearson Education India
• Introduction to Computers, Peter Norton,
• Confidentiality, Integrity, & Availability: Basics of Information Security | Smart Eye Technology
• What Is The CIA Triad? (f5.com)
• Cryptography Digital signatures - Tutorialspoint
When conducting research, it is easy to go to one source: Wikipedia. However, you need to include a variety of sources in your research. Consider the following sources:
Who can I interview to get more information on the topic?
Is the topic current and will it be relevant to my audience?
What articles, blogs, and magazines may have something related to my topic?
Is there a YouTube video on the topic? If so, what is it about?
What images can I find related to the topic?
After consulting a variety of sources, you will need to narrow your topic. For example, the topic of internet safety is huge, but you could narrow that topic to include internet safety in regards to social media apps that teenagers are using heavily. A topic like that is more specific and will be relevant to your peers. Some questions to think about to help you narrow your topic:
What topics of the research interest me the most?
What topics of the research will interest my audience the most?
What topics will the audience find more engaging? Shocking? Inspiring?
Now, that you have narrowed your topic, you will want to organize your research in a structure that works. There are some common organizational patterns based on the kind of research you are doing.
Cause and Effect- this kind of structure is great for explaining the causes and effects of a topic
Compare and Contrast- in this pattern you highlight the similarities and differences of the topic
Explain process- this structure is great for outlining a series of steps to follow;
Definition- if you want to make sure your audience understands what something is using illustrations, meanings, clarifying misconceptions, you may want to use this structure
Classification- a common organizational structure is grouping like topics or facts from the research together. For instance, in the internet safety about social media apps, you may organize the research where you look at each social media app one at a time
After you’ve done your research, it’s time to put your presentation together. The first step in the process is to introduce the topic. This is a great time to connect your topic to something that your audience can relate. In other words, why should they listen to all the information you will be sharing in your research presentation? What is in it for them? You may also want to include a graphic or image to grab their attention.
Feel free to duplicate this slide by right-clicking on this slide in the slides pane to the left and select Duplicate Slide.
The next step in your presentation is to state your claim or topic clearly. Your teacher may even call this your thesis. As you state your thesis, you may find that this layout is not the best layout for your claim or topic. You can change the layout by clicking the drop-down menu next to the Layout in the Slides menu section. You can choose Two Content, Comparison, or Picture with Caption. Note: A different layout might change the look of the icons on this page.
You will also want to state your facts. You have done the research now share some of the interesting facts with your audience. Facts do not have to be boring; you can communicate facts in a variety of ways by going to the Insert Tab. In the Insert tab you can:
Insert pictures from your computer or online.
Add a chart
Create some SmartArt
Insert a variety of icons to help your facts come to life. Note: You can change the color of the icons by selecting the icon and then click on the Format tab and then Graphics Fill. From there, you will choose a color from the list or choose More Fill Colors to give you more options.
Since this research presentation is a result of your hard work and searching, you want to make sure you support the claims or points in your presentation with facts from your research findings. Make sure you give the author proper credit for helping you share your ideas. If one of your sources has a video that is relevant to your topic, you can add the video as added support. Keep in mind the length of the video and the amount of time you have for your presentation. For a 5 minute speech, the video should be no longer than 30 seconds.
Questions to consider:
How will you state the author of the source?
Will you need to cite the source on the slide?
What are some ways you can engage your audience so they feel like they are a part of the presentation? Some ideas to consider is by taking a quick poll like: by a show of hands, how many of you think school uniforms are a way to cut down on bullying? Another suggestion is to have them hold up a certain number of fingers to see if they agree or disagree. Finally, you can share a story that the audience can relate to that makes them laugh.
After all the applause, your audience may have some questions. Be prepared to answer some of their questions by making a list of questions you think they might ask. You may also want to share the presentation with them by providing the link to your presentation, if they want more information.