Module 2 - PC/Workstation Security

This module introduces essential concepts of personal Information Security and outlines components of an introductory course dealing with the basic security concepts of information processing.

The module contains the fundamental knowledge for subsequent modules in this series and is intended to be supplemental to introductory courses in curricula for computers or information systems. Topics include ethics and professionalism, security and data control, computer room environment, PC/workstation security familiarization, and physical security.

Objectives:

The objective of this module is to introduce the fundamental concepts of personal computer security.

Learning Objectives

Upon completion of this module, the student should be able to:

  • Understand the basic concepts of ethics associated with the use of a personal computer or workstation.
  • Identify factors associated with controlling the computer room environment.
  • Identify basic requirements for providing the physical security of personal computers and workstations.
  • Identify methods and techniques for providing the security and integrity of data.
  • Identify the need for security training.

Prerequisites:

None

This material is intended to be used in conjunction with an introduction to data processing course (including lab) such as the DPMA course CIS/86-1.

Note:

The term workstation as used in this module refers only to the function of the workstation as a stand-alone device. There is no intention to include the added functions of the workstation in its specialized function to support engineering.

Topic Outline: PC/Workstation Security

  1. Ethical Use of the Computer

  2. Computer Room Environment

    1. Temperature
    2. Foreign Materials
    3. Radio Frequency Interference
    4. Power Surges or Brownouts

  3. Physical Security

    1. Location and Construction
    2. Computer Room Access
    3. Physical Control

  4. Data Security

    1. Software Control
    2. Backup Procedures
    3. Recovery Techniques
    4. Data Encryption and Access Control

  5. Security Training