Safe Computing

Learning Objective:

Describe the risks to privacy from collecting and storing personal data on a computer system. 

Personally identifiable information (PII) is

information about an individual that identifies,

links, relates, or describes them. Examples of

PII include:

• Social Security number

• age

• race

• phone number(s)

• medical information

• financial information

IOC-2.A.2

Search engines can record and maintain a

history of searches made by users.

IOC-2.A.3

Websites can record and maintain a history of

individuals who have viewed their pages.

IOC-2.A.4

Devices, websites, and networks can collect

information about a user’s location.

IOC-2.A.5

Technology enables the collection, use, and

exploitation of information about, by, and for

individuals, groups, and institutions.

Search engines can use search history to

suggest websites or for targeted marketing.

IOC-2.A.7

Disparate personal data, such as geolocation,

cookies, and browsing history, can be

aggregated to create knowledge about an

individual.

IOC-2.A.8

Learning Objective: Explain how unauthorized access to computing

resources is gained.

IOC-2.C.1

Phishing is a technique that attempts to trick

a user into providing personal information.

That personal information can then be used

to access sensitive online resources, such as

bank accounts and emails.

IOC-2.C.2

Keylogging is the use of a program to record

every keystroke made by a computer user in

order to gain fraudulent access to passwords

and other confidential information.

IOC-2.C.3

Data sent over public networks can be

intercepted, analyzed, and modified. One way

that this can happen is through a rogue access

point.

IOC-2.C.4

A rogue access point is a wireless access

point that gives unauthorized access to secure

networks.

A malicious link can be disguised on a web

page or in an email message.

IOC-2.C.6

Unsolicited emails, attachments, links, and

forms in emails can be used to compromise

the security of a computing system. These

can come from unknown senders or from

known senders whose security has been

compromised.

IOC-2.C.7

Untrustworthy (often free) downloads from

freeware or shareware sites can contain

malware

PII and other information placed online can be

used to enhance a user’s online experiences.

IOC-2.A.9

PII stored online can be used to simplify making

online purchases.

IOC-2.A.10

Commercial and governmental curation of

information may be exploited if privacy and

other protections are ignored.

IOC-2.A.11

Information placed online can be used in ways

that were not intended and that may have a

harmful impact. For example, an email message

may be forwarded, tweets can be retweeted,

and social media posts can be viewed by

potential employers.

IOC-2.A.12

PII can be used to stalk or steal the identity

of a person or to aid in the planning of other

criminal acts.

IOC-2.A.13

Once information is placed online, it is difficult

to delete.

IOC-2.A.14

Programs can collect your location and record

where you have been, how you got there, and

how long you were at a given location.

IOC-2.A.15

Information posted to social media services

can be used by others. Combining information

posted on social media and other sources

can be used to deduce private information

about you.

Learning Objective: Explain how computing resources can be protected

and can be misused. 

IOC-2.B.1

Authentication measures protect devices

and information from unauthorized access.

Examples of authentication measures

include strong passwords and multifactor

authentication.

IOC-2.B.2

A strong password is something that is easy for

a user to remember but would be difficult for

someone else to guess based on knowledge of

that user.

IOC-2.B.3

Multifactor authentication is a method of

computer access control in which a user is only

granted access after successfully presenting

several separate pieces of evidence to an

authentication mechanism, typically in at least

two of the following categories: knowledge

(something they know), possession (something

they have), and inherence (something they are).

IOC-2.B.4

Multifactor authentication requires at least two

steps to unlock protected information; each

step adds a new layer of security that must be

broken to gain unauthorized access.

IOC-2.B.5

Encryption is the process of encoding data to

prevent unauthorized access. Decryption is the

process of decoding the data. Two common

encryption approaches are:

• Symmetric key encryption involves one key

for both encryption and decryption.

• Public key encryption pairs a public key for

encryption and a private key for decryption.

The sender does not need the receiver’s

private key to encrypt a message, but the

receiver’s private key is required to decrypt

the message.

X EXCLUSIONSTATEMENT(EKIOC-2.B.5):

Specific mathematical procedures for encryption

and decryption are beyond the scope of this course

and the AP Exam.

IOC-2.B.6

Certificate authorities issue digital certificates

that validate the ownership of encryption keys

used in secure communications and are based

on a trust model.