Home > Store

Have You Locked the Castle Gate? Home and Small Business Computer Security

Register your product to gain access to bonus material or receive a coupon.

Have You Locked the Castle Gate? Home and Small Business Computer Security

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2002
  • Edition: 1st
  • Book
  • ISBN-10: 0-201-71955-X
  • ISBN-13: 978-0-201-71955-0

Is your computer safe? Could an intruder sneak in and steal your information, or plant a virus? Have you locked your castle gate?

This book outlines the fundamental concepts and techniques behind information security that every computer user needs to know.

Primarily geared toward home and small business Windows users, Have You Locked the Castle Gate? is a basic yet highly effective guide to protecting your personal files, fending off viruses and hackers, and purchasing goods and services securely online. It addresses common security issues in a clear, easy-to-understand way that nontechnical users will greatly appreciate.

You will learn about

  • Basic security concepts and practices for your computer, network, and server.
  • Authentication and encryption fundamentals. Are users who they say they are?
  • Defending against hackers, and the reasons why someone would want to hack you.
  • Viruses, worms, hoaxes, spam, and other nuisances and threats.
  • The best places to go for additional expert information about Internet security.
  • And much more.
  • Woven throughout the text is the instructive story of the Smiths, a nineteenth-century frontier family working hard to protect their home and property from various kinds of intruders. In many ways the issues that they face reflect our contemporary need to protect our computers, networks, data—and selves—on the modern frontier of the Internet.

    If you pay bills online, discuss personal matters via e-mail, use software to file your taxes, or just surf the Web, don't leave your castle gate unlocked. Have You Locked the Castle Gate? is a must read for you.



    020171955XB04092002

    Sample Content

    Downloadable Sample Chapter

    Click below for Sample Chapter(s) related to this title:
    Sample Chapter 5
    Sample Chapter 6
    Sample Chapter 9

    Table of Contents



    Introduction: Installing Locks in the Global Village.

    Introduction.

    Who Needs to Read This Book?

    Why the Homestead Example?

    Is the Example Important?

    Introduction to the Homestead.

    Is Your House Locked at Night?

    What's Important Here?

    Sidebar: Key Security Concepts.

    Starting Out.

    Important Assumptions.

    It's Your Data.

    Where to Look First.

    How Secure Is Your System Out of the Box?



    1. Assessing Risk.

    Data Classification.

    What Am I Protecting?

    Is It Worth Protecting?

    Who Am I Protecting Against?

    Sidebar: Who Are They?

    Risk Assessment Checklists.



    2. General Network Security.

    Security In-Depth, or Layered Security.

    Grant All versus Deny All.

    Encryption or Clear.

    Sidebar: Determining “Strong Enough” and Moore's Law.

    Defining Access and Rights.

    Users and Their Roles.

    Sidebar: Who Is the Boss? Granting Administrator Privileges.

    Grouping Users.

    Providing File and Directory Access.

    Granting Privileges.

    Sidebar: Domain versus Workgroup.

    Denying Access.

    Sharing Files.

    Data Backups.

    Selecting a Network Security Model Checklist.



    3. Securing Your Computer.

    Securing Your Windows System.

    Sidebar: Service Packs and Hotfixes.

    Sidebar: What Is the Registry?

    Sidebar: Security Configuration Editor.



    4. Securing Your Servers.

    Why Servers Are Different.

    Where to Start on Your Server Security.

    Sidebar: The OSI Model.

    Securing Windows NT Servers.

    Sidebar: Why Protect Your Performance Data?

    Sidebar: Resource Kit, MSDN, and TechNet.

    Securing Windows 2000 Servers.

    Server Security Checklist.



    5. Connecting to the Internet.

    Types of Connections.

    Sidebar: Why Should You Worry?

    Basic Internet Security.

    Advanced Internet Security.

    Sidebar: More About Encryption.

    Who Is Watching You?

    Privacy Issues.

    Internet Security Checklist.



    6. E-mail Security.

    Why E-mail Is Cool.

    How E-mail Works.

    Security Issues with E-mail Systems.

    Sidebar: Encryption in E-mail.

    Sidebar: What Makes It Junk Mail?

    Getting Off E-mail Lists.

    E-mail Security Checklists.



    7. Web Security.

    What Is the World Wide Web, Really?

    What They Know About You.

    Cookies and Security.

    Browser Security: Why Is It So Important?

    Sidebar: “Sandboxes”.

    Web Page Security.

    E-commerce Security Issues.

    Web Security Checklist.



    8. Defending Against Hackers.

    The Extent of the Problem.

    Sidebar: Signs of a Social Engineering Attack.

    Can Anyone Help?



    9. Viruses, Trojan Horses, Hoaxes.

    Computer Viruses and Trojan Horses.

    Sidebar: Nimda, Code Red, and I Love You.

    Why Should I Care?

    Defending Against Threats.

    Hoaxes and Why They're a Problem.

    Sidebar: Crying Wolf or Real Threat?

    Active Content on the Web.

    Virus and Trojan Horse Security Checklist.



    Appendix A. Additional Resources.

    Where Can I Learn More?

    Mailing Lists.

    Web and FTP Sites.

    Computers Incident Response Centers.

    Antivirus Software.

    Antivirus Resources.



    Appendix B. Glossary of Security Terms and Acronyms.

    Common Acronyms.

    Common Security Terms.



    Bibliography.


    Index. 020171955XT04092002

    Preface

    Installing Locks in the Global Village

    Securing Your Home or Small Business Network

    Introduction

    As I wrote this introduction, word of an e-mail virus was breaking in the news. As I sat to edit it, yet another virus had been found and was being fought. These viruses can take down major e-mail systems, disrupt communications, and destroy data. Worst of all, the viruses spread fast and easily through our networks, yet this is nothing new. Several e-mail viruses have surfaced prior to these, and many more are sure to follow. So how can they still be a threat? Why hasn't someone done something to stop them? The main reason is easy to see: most people aren't prepared to defend their computer systems from these attacks and aren't aware of the types of threats waiting for them in the electronic frontiers of the Internet. In fact, most people are so unprepared that they don't see any threat resulting from connecting their computers to the world.

    For this reason, these virus attacks are successful. Many people connected to the Internet are not protecting themselves in any way from such threats; in fact, most are not protecting themselves at all. I don't have statistics to back me up, but I'd guess that most home users and small businesses have no effective security on their Internet-exposed networks or computers. Because we all share the same network (the Internet), we each need to place some security around our part of it to provide some protection for our data. Otherwise, we are providing an opportunity for someone to come along and exploit our computers. With so many computers on the Net, you might be lucky enough to remain safe for months or even years without security because no one has looked your way yet. But this can work against you, too, by giving you a false sense of security when indeed you are compromised or under attack and you just don't know it. Don't be fooled into thinking that because you are one of many, you won't be a victim. Probably every gazelle and water buffalo in Africa thinks that, too, but the lions still eat.

    After hearing all of this, you might ask why not just move to the woods of the Rocky Mountains and hide? Or perhaps you should simply not connect to the Internet. Both of those are options, but I'm not trying to scare you away from the Internet and its great possibilities for information research, entertainment, and commerce. Rather, I mean to encourage you to use this tool wisely and securely. I hope to teach you the basics of information security so you can make decisions about the risks and benefits of doing or not doing certain things online and so you can do them as securely as possible. I don't promise to make you an expert but to show you how to get your foot in the door and where to look for expert information.

    Who Needs to Read This Book?

    This book is primarily designed for home users and focuses on security issues that face these users. Home users aren't the only ones who could benefit from this book, however. Small and medium-sized businesses with Internet connections could use this information, as well. The techniques discussed will transfer directly to such businesses, but the scale for a business is a bit larger. Additionally, anyone who wants to learn about information security and network security but doesn't have a strong computer background can use this book as an entry point into the concepts and techniques of information security.The content of the book ranges in nature from nontechnical examples through technical details that some readers might find hard or strange. That's okay&38212not every reader will understand every item in this book. Because the book can help you put some basic security in place, some parts are rather technical. If you have to skip sections or come back later, that's fine. My goal is to present the material in a technically accurate way while trying to make it understandable for nontechnical readers. That is a broad range to cover, and I'm sure some people will feel some areas are too technical or not technical enough. For readers who want more technical information, I've included links and resources that can cover nearly all topics in this book to a far greater depth. On the other hand, if you find something that is too technical for you, feel free to skip ahead a bit. As you become familiar with the topics and discussions, you can go back and read again later.

    Although users of non-Windows operating systems such as Linux, Macintosh, or BeOS will find the conceptual parts of this book useful, the main focus is on the Windows family of operating systems most often found in homes and small businesses. Additionally, users seeking advanced technical discussions of security or in-depth scripting and coding analysis of tools will not find them in this book. Those areas of discussion are outside the scope of this book. I will, however, provide links and references to those subjects as appropriate throughout the text of the book.

    Why the Homestead Example?

    Every chapter starts with an example. I chose the homestead example for a variety of reasons. First, it is an easy analogy that captures security concepts simply and in a way that most people can relate to. By introducing the concepts without their technical aspects, I hope to make them easier to understand. Then, as the chapter progresses, I introduce the technology to you slowly, carrying the concepts from a familiar example into a potentially unfamiliar one. If you find that the example is not working for you, simply skip ahead a bit in each chapter. Concepts are introduced twice in each chapter, once in the example and once more in the technical sections. I would encourage you, though, to at least read the example and be familiar with it as the book progresses, so you can refer to it as needed.

    Is the Example Important?

    So really, why should you read the example? I hope because it is a good illustration of security concepts in a nontechnical setting. Even people who know computers reasonably well are usually not familiar with security issues, let alone trained in them. The example takes away any preconceived notions about technology and computers and lets you concentrate on the concepts. Then when the technology is reintroduced, I hope you will see the application of the concepts more easily. But keep a few things in mind as you progress through the example. First, it does not include any factual information about real places or village growth. If you are an anthropology or sociology person, please be forgiving about any assumptions or errors in those fields. The homestead is merely an illustrative tool for this book. Second, I have tried to make the sections about our homestead and village enjoyable reading, but they are there just to provide examples. Don't worry if you don't see the security issues right away in the example; the text of the chapter will help bring out the points I am making.

    Introduction to the Homestead

    To help put the security discussions in a context that most users can understand, I have used an analogy of a homestead to demonstrate certain points and introduce concepts in the book. The homestead was started by the Smith family and grew into a village over time. Using this example, I introduce each chapter's security concepts in a noncomputer-related way so you can focus on the security points before grappling with the computer terms or concepts. Then I revisit each point to reinforce the learning and provide a computer-specific application to take you from concept to practice. And that brings us to the homestead itself.

    On a small hill, near a river, was a fine patch of land with plenty of room for farming on the gentle slopes of the hill. The winters were not too harsh here nor the summers too dry. It was the perfect place for small animals and a small patch of grain and vegetables. And so they came. We'll call them the Smiths: John, Katie, Jennifer, and Carl. They packed up everything they owned, spent nearly all their money on livestock and supplies, and headed out here for the chance at something better. "Owning our own home and farm has to be better than working on someone else's," they thought. They spent several days building a small log cabin&38212just enough space for the four of them&38212and a pen for the animals. The pen was as much to keep the animals in as to keep other things out, but&38212as John's father always told him&38212it never hurts to have some protection. They then began clearing a plot of land for the garden. Soon things settled into a daily routine of farming and tending the livestock.

    John Smith was no fool. He wasn't expecting trouble, but he came prepared for it. He had heard of foxes that might try for the chickens, wolves that hunted sheep, and bears that might go after a cow or even the family. He kept his shotgun handy, cleaned it nightly, and reloaded it before going to bed. Out this far, a loss of an animal could make the difference between getting through the winter or not. As John drifted to sleep each night listening to the wolves howling in the distance, he wondered how many were even closer than the ones he could hear.

    John and Katie Smith came to their new home knowing little about it. They had heard about foxes, wolves, and bears being around but had not seen any yet. The Smiths had built their new home and so far had been safe from intruding animals, but John and Katie were also cautious. Living this far from help and with winter coming on, they could not afford to lose an animal, have eggs stolen from the chickens by a weasel, or see their crops eaten by deer and elk. John built a fence around the property to help keep animals out and to show where the boundaries were. The loose-log fence was not the most effective at keeping out small animals, but it was good for the larger ones. John and his son Carl then built a stone wall around most of the close property, including the house, barn, and vegetable garden. This was a much better structure for keeping out the smaller animals. Katie and daughter Jennifer used this time to make winter clothing and blankets from the wool they sheared in the spring, and they built a small chicken coop near the house. The Smiths did have a lock on the door but not on the gates; locks weren't needed this far out. John did, however, teach everyone in the family how to use the shotgun, just in case.

    John checked the stone wall every day and rode the horse out to the wood fence at least once a week, watching for animal tracks or signs of something trying to get across the fence. Normally there was nothing, and he then went about the tasks of maintaining the crops and livestock. Some days he was even able to relax. Katie spent her days cooking and sewing the necessary items for the family to continue living out here. She tended the garden, fed the livestock, and kept the house clean. The children helped where they could. They drew water from the well and assisted their mom and dad with the other chores. They also played in the fields and woods around the house. It was a good summer.

    One day, however, John found fox tracks near the stone fence. When he looked closer, he saw that the tracks came near the chicken coop, but he couldn't see any way for the fox to get into the coop. John spent the rest of the day inspecting and repairing the chicken coop to prevent any small holes from giving the fox an entrance to it. The rest of the summer passed uneventfully, but John didn't let his guard down. Many days he found deer tracks in the crops, and once he even found bear tracks just outside the wooden fence. Certainly there were many threats out here, but so far the Smiths' preparations had paid off.

    Is Your House Locked at Night?

    Odds are you are reading this in your home or office, located in a town or village or maybe even a big city. The idea of a community isn't strange to us. Many of us know our neighbors, wave to them as they walk their dog, and feel safe in our homes at night. Even so, you probably lock your doors when you go to sleep. Why? Do you need to do that if you're safe and among friends? The truth is that most people are trustworthy and would never break into your home, but you know that not everyone is that nice. Some people, given the chance, will come in and take things from your home, or worse. You probably don't think twice about locking your doors at night or when you plan to be away from home for any length of time. You might even have a fence or wall around your yard to keep people from getting in there. Most of us like our private spaces and will take some measures to protect them.

    Why, then, do most of us connect to the Internet and not provide any protection for our computers? For a large number of us, our personal lives are becoming very closely tied to computers. By exposing your computer to the Internet, you are indeed living a life without locks or gates. On the surface, that sounds fine&38212maybe even a bit desirable. But let's take a closer look at what that means.

    How many of you have online banking or pay your bills online? How many of you use e-mail to talk about personal issues with friends and family? How many use software to file taxes or do other activities related to a home business? Leaving your computer unprotected with your personal and financial information on it is like carrying your medical records and checkbook to a park and spreading them out on the grass to review them. It might even be worse, because in the park you probably would notice if someone began to look over your shoulder. Most people, however, will never notice the person watching in the computer world. Providing security for your home computer is like locking your door at night or looking over your shoulder in the park. It isn't all you need to do, but without it, you are an easy target.

    What's Important Here?

    Before you go on, here are some suggestions for getting the most out of the chapters.

    1. The example is a good place to start in each chapter. Read the example through completely, and then read the rest of the chapter. You might even want to read the example once more after you read the chapter to see the concepts in action after getting them in the security context.
    2. This book was designed around teaching information security concepts and principles as well as applying those concepts to the Windows family of operating systems. If you use another operating system, I will assume you understand the differences well enough that you won't be confused by them.
    3. Only apply what you feel you need. Security is a strange subject, because you can always have more. Some level of security will probably meet your needs without being all you could possibly do. After you read this book, I hope you won't feel you need a full-blown firewall system and packet filtering router just to protect your kid's game machine. Please read and understand Chapter 1, Assessing Risk, before jumping into securing your home system.
    4. Don't be afraid to experiment, but make backups just in case. As with anything in computers, feel free to learn by doing. But I also encourage you to go through the steps slowly so you can assess the impacts of the changes on your system. Making regular backups of data is always highly recommended, but you should certainly make a backup before changing security settings on your system. I'll tell you how to undo certain actions where appropriate, and I'll let you know when you would not be able to undo something easily.
    5. A checklist appears at the end of most chapters. You can use these checklists to track any changes you make to your system and what the settings used to be. They also include some questions designed to help you understand the security needs of your system. I encourage you to use the checklists, but don't feel obligated to do every step. Simply use the checklists as a way to track what you did and didn't do.

    Starting Out

    Everyone who knows anything about security had to learn it somewhere. No one is born with this information. It is okay to have questions and to not understand a few things. Security is a complex field. I have tried wherever possible to make it easier for you and to provide examples to help clarify. Even so, you will probably find times through the course of this book when something will not make sense immediately. This is especially true if you are less familiar with the technology side of things.

    So what should you do when you don't understand? My first suggestion is to continue to read. Some concepts are addressed multiple times through each chapter, with some additional information each time. Also, the chapter might help clear up concepts as it progresses. Second, mark the place where you have a question and go to the Web to search for more information. The chapter on additional resources contains links and information for getting security information on the Web, and you can check there. Finally, try reading the example again if you have a conceptual question, or refer to the Windows Help system if your question is specific to the computer. By trying all these things, you should be able to get the information you need to answer your question.

    Important Assumptions

    While writing this book, I have made some assumptions that I will mention here so you can understand them. Not all of these assumptions will be true for everyone, but I want you to understand where I'm coming from.

    First, I assume that you, the reader, are an average computer user, with no special skill or knowledge of computers. I explain concepts through the course of each chapter and present information in a way that I feel can best be understood by the average person. However, I do expect you to know what tasks you do on your computer and how important each task is to you.

    Second, I assume that most home users are on a Windows platform. Although most of the concepts presented in this book apply to any platform, the details and checklists are tailored to Windows-based systems. Security is needed on any operating system, but I chose to focus on the systems most people are probably using. If you use another operating system, you can use the book for concept learning and even use the checklists and examples, but you will need to know enough to translate the Windows-based information to your operating system.

    It's Your Data

    Throughout this book you will find many suggestions for securing your computer. More than likely, you will not implement every one of them on your system. You might not need some settings; others might not even apply to your computer. If you feel uncomfortable or unsure about a setting, you might choose not to implement it. In rare cases, some settings might, in fact, cause problems on your computer. Think of your computer's security as a continuum, with usability on one end and security on the other. A completely secure computer might be unusable, and an extremely usable computer might be completely unsecured. You must feel comfortable with where your computer fits on this continuum. Investigate each setting to ensure that it does not have a negative impact on your computer. You should always maintain backups of data stored on your computer, but I strongly encourage you to back up data before making serious security changes to your system. That way you will always have a recent backup from which you can restore your system if the unpredictable happens. Chapters 3, Securing Your Computer, and 4, Securing Your Servers, offer detailed steps for securing your Windows system, and Appendix A is a large collection of links for more information about security.

    Note that although hackers and crackers can damage data, they are not a threat to your hardware. You might want to buy backup drives and other devices to be more secure, but you'll never need to replace hardware as the result of an attack.

    Where to Look First

    Where do you start? Assessing security for your computer can seem confusing at first, but a simple method will help keep things under control. Start by asking yourself the following questions:

  • What are you using your computer for? Buying things online? Electronic banking? Electronic trading? E-mail? Do you know how secure these services are? What would it mean to you if your access to these functions was compromised? Keep in mind that not all the risk is monetary. By impersonating your identity, a hacker can also damage your reputation.
  • What are you connecting your computer to? Most people connect their computers to the Internet, but some connect to private networks such as corporate remote access for their company.
  • How are you connecting? Is it a full-time connection, or do you control your computer's connection (and disconnection)? Connecting via an analog modem has been the only method available to most users, but newer technologies such as DSL and cable modem are enabling many people to connect at much higher speeds. Using these new technologies carries certain security considerations, so you need to know your connection type.
  • Who has physical access to your computer? Do you authorize these people to use your computer? Do you want to control the access these people have to your computer or local network?
  • Who do you trust? Do you open an e-mail attachment from a friend? From someone you don't know? How do you choose secure Web sites for online shopping?
  • What operating system are you using? Some operating systems are inherently more secure than others.
  • Answering these questions will move you down the path toward securing your system. Once you have an assessment of your computer, you can weigh the risks you are open to versus the usability you require. If you don't know the answers to any of these questions, don't worry. I will help you through them as you read this book.

    How Secure Is Your System Out of the Box?

    When you purchase a computer, it typically arrives with a default configuration. The company from whom you purchased the computer sets this configuration, usually by installing the operating system and choosing all the default settings the operating system offers at installation. This company is usually more focused on selling computers than on your computer security, and they make some assumptions about what the "average" user will be doing and needing from a security and usability perspective.

    You can change the default settings to harden (make more secure) or relax (make less secure) your computer's security settings. Additionally, you might want to use some third-party programs that can extend the functionality and security of your operating system. The makers of most computers leave that all up to you. They have to do that because most users prefer usability to security. Why? Because they don't know any better or don't think they are a target. The goal of this book is to show you why you need security and then to help you get the information you need to achieve that security.



    020171955XP04092002

    Index

    Click below to download the Index file related to this title:
    Index

    Updates

    Submit Errata

    More Information

    InformIT Promotional Mailings & Special Offers

    I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

    Overview


    Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

    This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

    Collection and Use of Information


    To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

    Questions and Inquiries

    For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

    Online Store

    For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

    Surveys

    Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

    Contests and Drawings

    Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

    Newsletters

    If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

    Service Announcements

    On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

    Customer Service

    We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

    Other Collection and Use of Information


    Application and System Logs

    Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

    Web Analytics

    Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

    Cookies and Related Technologies

    This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

    Do Not Track

    This site currently does not respond to Do Not Track signals.

    Security


    Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

    Children


    This site is not directed to children under the age of 13.

    Marketing


    Pearson may send or direct marketing communications to users, provided that

    • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
    • Such marketing is consistent with applicable law and Pearson's legal obligations.
    • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
    • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

    Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

    Correcting/Updating Personal Information


    If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

    Choice/Opt-out


    Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

    Sale of Personal Information


    Pearson does not rent or sell personal information in exchange for any payment of money.

    While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

    Supplemental Privacy Statement for California Residents


    California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

    Sharing and Disclosure


    Pearson may disclose personal information, as follows:

    • As required by law.
    • With the consent of the individual (or their parent, if the individual is a minor)
    • In response to a subpoena, court order or legal process, to the extent permitted or required by law
    • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
    • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
    • To investigate or address actual or suspected fraud or other illegal activities
    • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
    • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
    • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

    Links


    This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

    Requests and Contact


    Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

    Changes to this Privacy Notice


    We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

    Last Update: November 17, 2020