However, with the development of high technology high-tech crime emerged. ... According to Kaspersky Lab (Kaspersky Security Bulletin 2012. ... No European country was included in the group of countries in which the percentage of ... etc;; Methods and tools for information security;; Legal support of information security in ...
ASPECTS OF APPLICATION OF DISTANCE LEARNING TECHNOLOGIES WHILE STUDYING THE INFORMATION SECURITY FRAMEWORK
LUDMILA SHIPULINA Minsk, Higher Educational Establishment of the Federation of Trade Unions of Belarus "International University "MITSO"
At the present stage of development of civilization the information and communication technologies are actively working on all areas of human activity and society in general. The invention of the mobile and Internet communications, as well as everything that ensures their work inevitably filled up lists of science and technology. However, with the development of high technology high-tech crime emerged. An urgent need to protect data from unauthorized access appeared. Modern means and methods of data theft are now very refined. These are computer viruses, worms, software vulnerabilities, social engineering methods, skimmers, models, carding, phishing, etc. At this stage of its development, the Internet offers many services: shopping, getting news, participating in a variety of markets, making new friends, chatting with old friends, sharing different information, etc. At the same time, the Internet is a dangerous place for the average user, who without knowing it may lose his personal data and may not notice how the theft happened. Cyber crime in today's criminal world for a plays a significant role in it, and this cannot be disputed. Every day a lot of personal data of users is stolen through the Internet. According to Kaspersky Lab (Kaspersky Security Bulletin 2012. General statistics for 2012) in spite of progress in the fight against cybercrime, in 2012 the percentage of people attacked in the Internet has continued to grow and reached 34%. No European country was included in the group of countries in which the percentage of users attacked while surfing the Web is less than 20%. For Belarusian users per year the level of risk while surfing the web was 51.8% (the percentage of unique users, who met with Web attacks from all individual users of Kaspersky Lab products in the country.) Another fairly common type of fraud - the monetization using paid SMS: scammers offer the user to pay for goods / services via SMS, but the buyer doesn’t receive the promised goods/services . Thanks to the Internet, cybercriminals have wide opportunities to collect the data they are interested in. Social networks, chat rooms and forums, profiles of various online services, auction sites, and other such places can become a place where hacker can get personal data. Experts in information security from PandaLabs submitted their forecasts for 2013 (portal about information security http://www.securitylab.ru/). According to forecasts of the CEO of PandaLabs, hackers will focus their efforts on finding vulnerabilities and creating schemes of social engineering. According to the report of the technical director of anti-virus company PandaLabs Luis Corrons (Luis Corrons), in 2013 in the world of cybercrime such tendencies as the search for vulnerabilities in the software and the application of social engineering methods in social networks will prevail. «Software vulnerabilities will be the main target of cyber-criminals next year. It is undoubtedly the preferred method of infection for compromising systems transparently, - Corrons says. – The second most widely used technique is social engineering. Tricking users into collaborating to infect their computers and steal their data is an easy task, as there are no security applications to protect users from themselves». Among other information security threats, which will increase their popularity with the intruders in 2013, the head of PandaLabs sees malicious programs for mobile devices, conducting cyber-warfare and an increase in cyber-espionage. Attackers largely make use of computer ignorance of users, their lack of knowledge of modern technologies, and the main mechanisms of their work. That is why "advanced geek" cannot be outwitted on conventional tricks of attackers.  Social Engineering is the psychological skill of attacker to force the user to do the actions that an attacker wants. Using social engineering the user can be forced to be a puppet in the hands of an attacker. The user will not suspect anything . The method of social engineering: password guessing, user gullibility, the desire for the benefit of the user, the user fear, the user’s desire to help, negative proof, mixed methods. Each of us at any time can become the victim of hackers who specialize in high technology. The curriculum course "Computer Information Technologies" includes the theme "Ensuring security of corporate information systems." This topic discusses the following issues: • the concept of information security of CIS. Safety classes. Security policy; • information security threats and their classification. Computer crime; • problems of information security: unauthorized access to data, the impact of destructive programs, crime in business Internet- technologies, etc; • Methods and tools for information security; • Legal support of information security in the Republic of Belarus.
The course "Fundamentals of Information Security when working on the computer" allows to expand the horizons of the student in the field of information security, as well as to gain knowledge in the field of personal data protection. The course contents includes: • terms in the sphere of protection of personal data, means and methods of protection of personal data, and also introduces a variety of risks that could threaten the personal data of the user; • the main symptoms of infection from malware, the methods of infection, and the methods that help to identify that your computer is infected; • information of the reliability and the mechanisms of modern anti- virus programs; • key aspects of firewall; • the concept of social engineering and its methods; • methods of protection against attackers using banking (plastic) cards; • general terms of ensurance of your own safety on the Internet.
This course is studied in the framework of self-managed work of student remotely on the educational site INTUIT.ru (http://www.intuit.ru/). Internet University of Information Technology - the educational project, the main aims of which are the free flow of knowledge on the World Wide Web and the provision of distance learning. Self-managed work of the student is planned curriculum, learning and research work of the students performed at out of the classroom (classroom) time as a task and with guidance of the teacher, but without his direct involvement. Такой вид учебного занятия способствует развитию у студентов самостоятельности, ответственности и организованности, активизирует творческий подход к решению проблем учебного и профессионального уровня. This kind of lesson helps students develop independence, responsibility and organization, stimulates creative approach to problem solving of academic and professional level Distance learning is made under the control of the teacher, who is given the opportunity to create a group of students (Figure 1) for training. The student gets the algorithm of registration to a group, and after registration on the site, he is successfully enrolls in a course in his group.
[pic] Figure 1. Online classes on http://www.intuit.ru/
Using distance learning as a form of self-managed work of the student, the teacher has the ability to monitor the performance of independent work on a specific topic on the statement with the detailed results (Figure 2). Cumulative assessment on certain topics, rating, examination score for the passed distance courses are motivating factors of knowledge and can cause the students desire for competition, which is a strong motivating factor for self-improvement of the student.
Figure 3. Certificate - document confirming passing the exam on the course
Thanks to the course, the student gains knowledge in the field of protection of personal data, as well as he gets acquainted with the technical and psychological methods of protection. And after passing the course and the exam, the student will receive a certificate - document confirming passing the exam on the course. Thus, the use of distance learning as a form of self-managed work of the student, allows to enhance the quality of the educational process and the competence of future specialists.
1. Kaspersky Security Bulletin 2012. Summary statistics for the year 2012. // SECURELIST (official site) [electronic resource]. – 1997. – Access mode: http://www.securelist.com/ru/analysis/208050778/rss/analysis. Date of access: 25.01.2013. 2. Corrons, L. Security Trends in 2013/ L. Corrons // PANDALABS blog [electronic resource]. — 2012. — Access mode: http://pandalabs.pandasecurity.com/security-trends-in-2013/. – Date of access: 04.02.2013 3. Faronov, A. Fundamentals of information security when using your computer / A . Faronov // INTUIT.ru (official site) [electronic resource]. – 2003. - Access mode: http://www.intuit.ru/department/security/secpdata/class/free/1/. – Date of access: 27.01.2013
----------------------- Figure 2. Detailed statement of the results