Information Technology Fundamentals - Behavioral Security Concepts
Behavioral Security Concepts
There are many behavioral security concepts. Some of it are discussed below:
The Internet
To those who utilize or have information stored on its vast network of computers and other devices, the internet presents the greatest privacy risk. Some websites still pose privacy problems due to tracking cookies, even though more and more sites are offering HTTPS connections instead of the insecure HTTP standard. When you do a search for products or services using a popular browser or search engine, they may save a "tracking cookie" on your computer. Malware can exploit these tracking cookies to steal information about your online activities, including what news and information sites you visit.
The two main components of an email's privacy guarantee are its routing information and its content. It is not safe to assume that the to, from, and other information needed to route a message are secret, just as it is not safe to assume that a phone number or mailing address is. In spite of this, the general consensus holds that an email's contents will remain private until it reaches its intended recipient. Protect the privacy of your email communications by using a secure protocol like SSL/TLS (Secure Sockets Layer/Transport Layer Security). Users' reasonable expectation of privacy in email content is seriously violated when a corporate, educational, or business network or email system informs them upon logon that their use of the network or email system is monitored.
Social Networking Sites
Users of social networking services like Facebook and Twitter should not expect that only their friends and followers will see the content they publish on these platforms. You may still benefit from social media without exposing too much of yourself by, for example, not disclosing too much about your professional life, updating your privacy settings, only connecting with people you know you can trust, and keeping an eye out for imposters.
Corporate Network
All too often, companies keep tabs on workers by spying on their emails, phone calls, and mobile device usage over the company's own network. Employees shouldn't expect their electronic communications (email, IM, etc.) to remain secret unless the company has a legally binding policy on the subject.
File Sharing
Every single means of file sharing has potential privacy issues. SaaS programs like Dropbox and OneDrive manage the underlying infrastructure for cloud file sharing, but the company is still accountable for managing the security of its employees and customer data. A number of people-related issues, such as insider threats, phishing efforts, and what happens if an authorized user's credentials are lost or hacked, might occur while using cloud-based file sharing. Data-related challenges include malware that can spread to all users of an organization's shared cloud storage, how to classify data, file permissions, and encryption. To aid businesses in safeguarding their investments in cloud file sharing, some vendors provide cloud security services that mimic the behavior of on-premises or network-based security software.
Mobile Application
Some licenses for mobile apps require money, however the great majority are completely free. In exchange for free or cheap use, mobile apps demand access to a wide range of your device's features. There is a risk to your privacy from some of the permissions demanded by mobile apps.
Mobile device management (MDM) software allows IT departments to keep tabs on mobile devices, exercise command, and safeguard sensitive data. Multi-Device Management works with many different networks and mobile platforms. In addition to managing and activating apps on company-owned and employee-owned mobile devices, IT departments can do so with mobile application management (MAM).
Instant Messaging
Because instant messages persist after they are read, they can compromise users' privacy. Messages are retained by both the sending and receiving devices, and may be kept for a time by the messaging service. More people than just the intended sender and recipient may be privy to the contents of an instant message, which could compromise the privacy of the information it contains. Users of IM apps should exercise the same caution when sending content and selecting recipients as they would with email or any other form of electronic communication. Just like with email, spam can appear in your instant message inbox.
It's possible to send malware, pornographic links, and other unwanted content via SPIM (spam instant messaging). Accepting messages only from those on your contact list, installing spam blockers on company networks, and reporting spam text messages are all good ways to fight SPIM. Self-destructing messages, screenshot warnings, and blocks are just a few examples of the privacy and security features available in some instant messaging apps. There are many instant messaging (IM) apps to pick from, including Pryvate, Wire, Wickr, Telegram, Signal, and Confide. After being opened and read, a self-destructing message automatically deletes itself. A timer that starts when the message is opened or when it is sent could be used to determine when the message is deleted.
Business Software
When it comes to business applications, one of the biggest privacy concerns is the metadata storage of sensitive information. Personal identifying information (PII) includes things like a person's name, address, phone number, email address, membership in an organization, and so on. Information about data is called metadata. Metadata can be anything about a file, such as the name of the app or device used to create it, the time and date it was created, modified, or viewed, its keywords, author, word count, print dimensions, and even any hidden text it may contain.