Basics of Cybersecurity: Threats & Vulnerabilities

Questions and Answers

Which type of attack is characterized by overwhelming a system with excessive traffic?

• Denial-of-Service Attack (correct)
• Man-in-the-Middle Attack
• Supply Chain Attack
• Social Engineering Attack

What is one of the main risks associated with social engineering attacks?

• Unintentional disclosure of sensitive information (correct)
• Degradation of hardware performance
• Loss of physical equipment
• Inability to detect malware

In which type of attack does malicious input potentially expose sensitive information within a web application?

• Supply Chain Attacks
• Malware Attacks
• Injection Attacks (correct)
• Man-in-the-Middle Attacks

Which of the following describes a significant vulnerability created by system misconfigurations?

Vulnerabilities due to incompatible security settings (B)

What primarily enables attackers to exploit systems effectively?

Outdated or unpatched software (A)

Which of the following best describes a supply chain attack?

Infection of legitimate applications without the vendor's knowledge (A)

What is a consequence of a successful Man-in-the-Middle Attack?

Compromising sensitive communications between parties (D)

Which of these is not categorized as a type of malware?

Phishing (A)

What is the primary purpose of a patch management strategy?

To apply recent system updates (A)

Which statement accurately defines the concept of data privacy?

Data privacy focuses on controlling who has access to specific data. (D)

What are zero-day vulnerabilities?

Weaknesses in systems identified by attackers before the user (D)

Which principle supports ensuring users can access data required for business functions?

Data Availability (A)

What challenge is associated with malicious insider threats within an organization?

They often manipulate actions to appear genuine. (D)

Data protection refers to which of the following?

The strategic steps to safeguard sensitive data (B)

How does missing or weak data encryption affect an organization?

It can lead to the exposure of misleading information. (A)

What aspect of data lifecycle management is emphasized in the protection of data?

Automating data transmission to various storage (D)

What primary function does Information Lifecycle Management serve regarding information assets?

Valuating, cataloging, and protecting information assets (A)

Which of the following laws is primarily concerned with safeguarding personal data in the Philippines?

Data Privacy Act of 2012 (RA No. 10173) (A)

What is a key ethical responsibility of cybersecurity professionals?

To follow codes of conduct to maintain integrity (B)

Which act specifically addresses incidents of online sexual abuse or exploitation of children in the Philippines?

Anti-Online Sexual Abuse or Exploitation of Children Act (RA No. 11930) (D)

What potential consequences might organizations face due to security negligence?

Penalties and legal liability (A)

What does ethical hacking require prior to conducting security tests?

Permission from the entity being tested (D)

What should organizations balance when monitoring for security purposes?

Security requirements with privacy rights (D)

What does the Cybercrime Prevention Act of 2012 primarily focus on?

Addressing cybercrime and promoting cybersecurity (C)

What distinguishes Narrow AI from General AI?

General AI can handle complex tasks beyond human capabilities. (C)

Which type of AI is characterized by the inability to store memories or use past experiences in decision-making?

Reactive Machines (A)

Which type of AI is currently not in existence but predicts the potential to understand human emotions?

Theory of Mind (C)

What is a key feature of Limited Memory AI?

It can store and utilize previous data for decision-making. (C)

IBM’s Deep Blue is an example of which type of AI?

Reactive Machines (D)

What is the primary function of Reactive Machines?

To carry out simplistic tasks in real-time (C)

Which of the following applications exemplifies the capabilities of Limited Memory AI?

A self-driving car (B)

What is a notable benefit of using cryptocurrencies over traditional banking systems?

Elimination of third parties (C)

Which of the following is NOT considered a challenge in the use of cryptocurrencies?

Improved accuracy (B)

What characteristic of Self-aware AI is unique compared to other types of AI?

It possesses a form of self-awareness. (D)

What is one of the potential negative implications of the pseudonymous nature of cryptocurrency transactions?

Facilitation of criminal activities (A)

Which financial technology application is specifically designed to help consumers manage their investments automatically?

Robinhood (C)

What characteristic of cryptocurrencies contributes to their price volatility?

High demand coupled with limited supply (B)

In the context of financial technology, which of the following applications is primarily used for peer-to-peer transactions?

Block (Square) (B)

Which of the following statements accurately describes fintech?

It encompasses digital innovations that enhance financial services. (D)

What type of applications do personal finance tools like Mint provide?

Overview of finances and budgeting capabilities (C)

What is the penalty for a person found guilty of section 4(c)(3)?

PhP50,000.00 to PhP250,000.00 (A)

Which factor does NOT contribute to the digital divide?

Cultural inclusiveness of digital platforms (D)

What primary advantage of technology in education is mentioned in the context?

Gamified learning and personalized approaches (C)

For which of the following does the penalty increase by one degree according to the regulations?

Section 4(c)(2) (C)

Which statement about the digital divide is true?

It encompasses disparities in access and digital literacy. (D)

What is a common concern raised regarding the legal framework around technology?

Privacy issues surrounding personal data can arise. (A)

What is the purpose of MOOCs like edX and Coursera?

To democratize education and make it accessible globally. (C)

Which aspect is NOT considered an advantage of cybersecurity?

Reduction of the digital divide (C)

Flashcards

Malware Attacks

Cyberattacks using malicious software like viruses, worms, trojans, spyware, and ransomware.

Social Engineering

Tricking people to give up sensitive info like passwords.

Supply Chain Attacks

Attacking legitimate software vendors to infect applications.

Man-in-the-Middle Attack

Intercepting communication between two parties.

Denial-of-Service Attack

Overloading a system with traffic to stop normal operations.

Injection Attacks

Inserting malicious input into a web application to steal data.

System Misconfigurations

Security mistakes in network settings allowing attackers to exploit the system.

Outdated/Unpatched Software

Software with known vulnerabilities that attackers can exploit.

Patch Management Strategy

A plan for applying recent system updates to ensure security.

Weak Authorization

Passwords that are easily guessed, leading to unauthorized access.

Insider Threats

Employees with access to systems who misuse or share access inappropriately.

Data Encryption

Protecting sensitive information by converting it into an unreadable format.

Zero-Day Vulnerabilities

Software flaws unknown to users, but known to attackers.

Data Privacy

Who has access to data, focused on user control.

Data Protection

Company's responsibility to keep data private and secure.

Data Availability

Ensuring users can access required data even when lost or damaged.

Information Lifecycle Management (ILM)

Planning, managing, and eventual disposal of information assets, including valuation, cataloging, and protection.

Data Privacy Laws

Regulations ensuring the protection of personal data, like GDPR, CCPA (in some areas, examples) ensuring compliance.

Intellectual Property (IP) Protection

Measures to prevent unauthorized access and ensure the rights of IP creators are respected, like patents, copyrights.

Legal Liabilities (Cybersecurity)

Potential penalties for negligence in cybersecurity practices.

Ethical Hacking

Hacking with explicit permission to assess vulnerabilities and prevent malicious attacks.

Cybercrime

Crimes committed using computer networks, including hacking and identity theft.

Cybersecurity Professional Ethics

Codes of conduct to maintain integrity, responsibility, and respect in cybersecurity practices.

Incident Reporting Obligations

Requirement to report data breaches to relevant authorities promptly.

Digital Divide

Gap in access, use, and skills related to ICT (Information and Communication Technologies).

Section 4(a)(5) Penalty

PhP500,000.00 fine for a specific offense.

Section 4(c)(1) Penalty

PhP200,000.00 - PhP1,000,000.00 fine range for a particular offense.

Section 4(c)(3) Penalty

PhP50,000.00 - PhP250,000.00 fine range for a particular offense.

Section 4(c)(2) Penalty

Penalty one degree higher than Republic Act No. 9775.

Cybersecurity Enhancement

Improving protection against cyberattacks.

Protection of Individuals

Ensuring the safety and privacy of individuals online.

Digital Literacy

Skills and knowledge to effectively use ICTs.

Narrow AI

Artificial intelligence designed for a single task.

General AI

Artificial intelligence with human-like capabilities.

Reactive Machines

AI that reacts to immediate input, with no memory.

Limited Memory AI

AI that uses past data to predict the future.

Theory of Mind AI

AI that understands and responds to human emotions.

Self-Aware AI

AI with self-awareness, a sense of self.

AI Types

Different categories of Artificial Intelligence (Narrow, General).

4 Kinds of AI

Categories of AI algorithms with various capabilities, Reactive, Limited Memory, Theory of Mind, Self-Aware.

Cryptocurrency Advantages

Cryptocurrency offers benefits like removing intermediaries, easier fund transfer, and potential returns.

Cryptocurrency Disadvantages

Cryptocurrency has issues like pseudonymous transactions, potential for criminal use, and high participation costs.

FinTech Definition

Financial Technology uses innovation to improve financial services, like mobile payments and robo-advisors.

Data Alteration Alert System

A system designed to alert participants to any attempts to modify data, revealing the perpetrator.

Data Alteration Benefits

Data modification alerts lead to increased security, accuracy, and efficiency.

Data Alteration Challenges

Data modification alerts might limit transactions, increase energy use, and have scalability issues.

Robo-advisors

Apps that automatically invest money based on user preferences.

Investment Apps

Apps facilitating the buying and selling of stocks, ETFs, and cryptocurrency.

Study Notes

Basics of Cybersecurity: Threats and Vulnerabilities

• Cyber threats originate from individuals aiming to steal data or damage systems.
• Malware attacks involve malicious software (viruses, worms, trojans, spyware, ransomware).
• Effects of malware include data collection, network manipulation, and data destruction.
• Social engineering manipulates individuals to provide access for malware.
• Phishing, baiting, pretexting, vishing, smishing, piggybacking, and tailgating are social engineering techniques.
• Supply chain attacks target legitimate applications, potentially infecting software from vendors.
• Man-in-the-Middle attacks intercept communications, eavesdropping or impersonating parties.
• Denial-of-Service attacks overwhelm a system with traffic, hindering functionality.
• HTTP flood DDoS and SYN flood DDoS are denial-of-service techniques.
• Injection attacks insert malicious input into web applications, potentially exposing sensitive information.
• Cross-Site Scripting (XSS) is an example of an injection attack.

Types of Cybersecurity Vulnerabilities

• System misconfigurations can cause security mistakes in network assets.
• Cybercriminals exploit vulnerabilities in security settings to gain access.
• Outdated or unpatched software is easily exploited by attackers.
• Patch management strategies are crucial to ensure systems are updated regularly.
• Missing or weak authorization credentials allow attackers to guess passwords and access systems.
• Malicious insider threats are posed by employees with access to critical systems.
• Missing or poor data encryption makes sensitive data vulnerable to interception.

Data Privacy and Protection

• Data privacy focuses on who can access data, often controlled by the user.
• Data protection is the company's responsibility to ensure data privacy.
• Data privacy guidelines dictate how data should be collected and handled.
• Data protection involves procedural steps to safeguard sensitive data.
• Principles of data protection include data availability, lifecycle management, and information protection.

Legal and Ethical Considerations in Cyber Security

• Compliance with laws like GDPR and CCPA is crucial to protect personal data.
• Protecting intellectual property prevents unauthorized access and ensures rights are respected.
• Legal liability exists for organizations negligent in security.
• Ethical hackers must obtain permission to perform penetration testing and security audits.
• Cybersecurity professionals must comply with codes of conduct to ensure integrity and responsibility.
• Surveillance and monitoring should balance security with privacy rights to inform individuals.

Zero-Day Vulnerabilities

• These are software flaws known to attackers but not yet identified by users.
• Attackers can exploit these vulnerabilities to infiltrate systems undetected.

Incident Reporting Obligations

• Timely reporting of data breaches is mandatory by regulations.
• Laws exist to combat hacking, identity theft, and other cybercrimes.

Cybersecurity Legislation in the Philippines

• Various acts including RA No. 11967, RA No. 8792, RA No. 11930, RA No. 8484, RA No. 9995, RA No. 11934, RA No. 11202, and RA No. 9775 address cybercrimes, and RA No. 10173 addresses data privacy.
• Specific penalties exist for violations depending on the act violated.

IT and Society: Digital Divide

• The digital divide refers to inequalities in access, use, and skills related to information and communication technologies.
• Geographical disparities, economic barriers, education and literacy limitations, and cultural and language barriers contribute to the digital divide.

IT in Education and Learning

• Technology extends beyond online classes to include gamified learning, AI-driven personalization, VR, and data analytics.

Innovations in E-learning

• Massive Open Online Courses (MOOCs) democratize access to education from top institutions.
• Virtual classrooms and collaboration tools enhance accessibility and real-time interaction.
• AI in education personalizes lessons based on individual progress (DreamBox, Khan Academy)

Opportunities

• Digital tools promote inclusivity, allowing students from diverse backgrounds to engage.
• These tools support teacher-student interaction and provide access to global experiences.

Challenges

• Concerns regarding data privacy remain important.
• Digital fatigue and inequality in access are ongoing issues, particularly for lower-income countries.

Impact of IT on Culture and Social Interactions

• Digital communication platforms have reshaped social interactions, leading to increased awareness of global issues, greater connectivity, and more opportunities for self-expression.
• Cyberbullying, misinformation, and polarization are also negative consequences of these platforms.

Emerging Technologies

• Emerging technology is a term generally used to describe a new technology, continuing development of an existing technology, or the varying interpretations of a technology based on its use case.

Artificial Intelligence (AI)

• AI involves developing computers and robots that behave in ways that mimic or surpass human capabilities.
• Narrow or Weak AI carries out specific tasks (e.g., personal assistants).
• General AI is complex and human-like in capabilities (e.g., self-driving cars).
• Reactive machines perceive the world but don't store memory or rely on past experience.
• Limited memory AI has limited memory but gathers data to make decisions.
• Theory of mind and self-aware AI are hypothetical AI types that have not been realized.

AI Benefits and Disadvantages

• AI benefits include automating tasks, solving complex problems, improving customer experiences, accelerating healthcare, and reducing human error.
• Disadvantages include job displacement, bias and discrimination, hallucinations, and privacy and ethical concerns.

AI Applications and Examples

• Applications include healthcare, retail, customer service, manufacturing, finance, and marketing.
• Examples include generative AI tools, smart assistants, self-driving cars, wearables, and visual filters.

Machine Learning (ML)

• Machine learning teaches computers to learn from data without explicit programming.
• Deep learning uses sophisticated neural networks for advanced predictive analytics.
• Categories of ML include supervised, unsupervised, reinforcement, and semi-supervised learning.

ML Benefits and Risks

• Benefits include lower operational costs, improved efficiency, and better insights.
• Risks include job displacement, bias/discrimination, and ethical concerns.

ML Applications

• Applications include speech recognition, customer service, computer vision, recommendation systems, and more.

Big Data

• Big data refers to massive and complex data sets that can't be easily managed using conventional tools.
• Characteristics are often described by the "5 Vs": volume, velocity, variety, veracity, and value.
• Big data benefits include better insights, decision-making, personalization, and efficiency improvements.
• Uses are present in retail, healthcare, financial services, manufacturing, and more.

Data Analytics

• Data analytics involves collecting, organizing, and transforming data to inform decisions.
• Types of data analytics include descriptive, diagnostic, predictive, and prescriptive analytics.

Blockchain Technology

• Blockchain is a decentralized ledger of data shared securely among participants.
• Using cloud services enables easy data integration and sharing of transactional data from multiple sources.
• Prevents alteration and data tampering because data can't be modified without consensus from participants.

Cryptocurrency

• Cryptocurrencies are digital payment systems independent of banks, enabling peer-to-peer transactions without intermediaries.
• Transactions are recorded in a public ledger called a blockchain.
• Cryptocurrency is stored in digital wallets.

Fintech

• Fintech refers to using technology to improve and automate financial services.
• Examples are robo-advisors, investment apps, payment apps, personal finance apps, P2P lending platforms, and crypto apps.
• Insurtech is an example of leveraging technology in the insurance industry.