Business Information Management - Week 9

Questions and Answers

What is the primary purpose of computer security?

• To ensure that data cannot be accessed without authorization (correct)
• To maximize the connectivity of devices
• To increase the speed of data retrieval
• To minimize the amount of data stored

Which aspect of computer security guarantees that information is only modified by authorized individuals?

• Availability
• Accessibility
• Integrity (correct)
• Confidentiality

What term describes a weakness in a security system that could be exploited?

• Threat
• Compromise
• Vulnerability (correct)
• Attack

What is a common example of a denial-of-service attack?

Flooding a server with excessive requests (D)

Which situation describes a threat to a computer system?

A hacker attempting to breach a system (D)

What is meant by the term 'availability' in the context of computer security?

Ensuring that assets are accessible to authorized parties when needed (D)

Which of the following is NOT a main aspect of security?

Analysis (A)

What challenge often arises when trying to secure computer systems?

Balancing the goals of security, which may conflict (B)

What is a logic bomb primarily designed to do?

Perform harmful actions when certain conditions are met (C)

How does a Trojan horse operate?

It appears to be a useful program while causing harm in the background (B)

What technique is commonly associated with phishing?

Sending emails that appear to come from legitimate entities (D)

What form does pharming take in social engineering?

Redirecting a user's session to a fraudulent website (B)

Which of the following best describes social engineering?

Manipulating individuals to obtain confidential data (A)

What is the main goal of a logic bomb when triggered?

To delete or corrupt data (D)

In what situation might social engineering tactics be employed?

To gain unauthorized access to computer systems (C)

Which of the following scenarios best illustrates the concept of phishing?

An email requests a user’s bank account credentials under a false pretext (C)

What is a critical consideration when participating in peer-to-peer payment transactions?

Always verify the identity of the recipient before transferring funds. (D)

Which of the following is NOT a recommended approach to prevent QR code scams?

Scan any QR code that seems interesting. (A)

What kind of scams are cybercriminals predicted to enhance using AI?

Impersonation scams through convincing texts and deepfakes. (C)

Which statement about regular backups is accurate?

Automated and secured off-site backups can safeguard important data. (D)

What should you do if you think you've accessed a fraudulent site and shared financial information?

Contact your bank immediately. (C)

What is one of the components of a secure backup process?

Make sure backups are recent and tested. (B)

What is a common tactic used in peer-to-peer payment scams?

Fake payment notifications and overpayment scams. (C)

Which type of message should raise suspicion regarding phishing attacks?

Messages asking for personal information. (D)

What distinguishes information security from traditional security?

Confidential information can still exist even if copied. (B)

Which of the following is NOT considered a method of enhancing security?

Using unsecured public Wi-Fi (A)

Which of these options best describes a worm in computer security?

A self-replicating program that spreads without human action. (A)

Which option is an example of social engineering?

Sending phishing emails to obtain sensitive information. (D)

What is the primary function of anti-virus software?

To detect and remove malicious software. (B)

What is the major difference between security and safety in online contexts?

Security involves protecting systems while safety involves user behavior. (A)

Which of the following is NOT a leading threat in information security?

Software updates (D)

Which approach is commonly recommended for recovering from a virus attack?

Reinstall the operating system as a definitive solution. (D)

What is the primary function of a botnet?

To send spam, viruses, or perform denial of service attacks. (B)

Which of the following is a characteristic of a rootkit?

It provides administrator-level access and masks an attack. (B)

Which symptom is likely to indicate a break-in or compromise?

Unexpected transactions or files appearing. (A)

What is a common symptom of spyware?

Installations of new applications without consent. (A)

What should be done to ensure anti-virus software remains effective?

Set it to auto-update regularly. (A)

Which of the following is NOT a symptom of malware detection?

Increased disk storage space. (D)

What usually happens when a computer is compromised by a rootkit?

Evidence of a break-in is eliminated. (B)

What is one of the primary roles of anti-spyware?

To detect and remove spyware before it can cause harm. (A)

What is the primary function of a firewall?

To act as a barrier against unauthorized access (B)

Why is it important to regularly update your operating system?

It ensures the computer is protected against known vulnerabilities (A)

Which of the following is essential for creating a strong password?

Including at least 8 characters and a combination of different character types (A)

What technique is advised for creating easily remembered passwords?

Abbreviating a phrase or combining unrelated words (D)

What is a suggested best practice for accessing email attachments?

Open attachments only if you trust the sender and expect them (B)

Which characteristic defines a private password?

It is known and used by only one person (C)

What should you avoid doing when dealing with pop-up windows?

Clicking anywhere in the pop-up (A)

For optimal security, how often should passwords be changed?

Every three months (C)

Flashcards

What is computer security?

The practice of protecting data stored in a computer from unauthorized access or modification. Often involves using data encryption and passwords.

Confidentiality

Ensuring that only authorized individuals can access computer-related assets, similar to keeping secrets or ensuring privacy.

Integrity

Guaranteeing that only authorized parties can modify computer assets and that changes are made in authorized ways.

Availability

Making sure authorized users can access computer assets at appropriate times. Loss of availability means information becomes inaccessible.

Vulnerability

A weakness in a system's security that can be exploited by attackers, such as flaws in hardware, operating systems, or software.

Threat

A set of circumstances that could potentially cause harm or loss to a computer system. Threats can be initiated by humans or other systems.

Attack

An attempt to exploit a vulnerability in a system, often by a human attacker. Attacks can also be launched automatically by other systems.

Security

The practice of protecting valuable assets, typically involving prevention, detection, and reaction to potential security threats.

Information Security Theft

Data can be copied or stolen without your knowledge, making it harder to detect.

Safety

How we behave online to protect ourselves from risks, like safe email practices and downloading software.

Computer Virus

Malicious software programs designed to damage or disrupt computer systems.

Worm

A virus that replicates automatically and spreads to other computers, often using email.

Social Engineering

Techniques used to gain unauthorized access to systems by deceiving users, often through social manipulation.

Botnet

A network of hijacked computers controlled by a single entity for malicious purposes.

Rootkit

A type of malware that hides its presence and activities, making it difficult to detect.

What is a logic bomb?

A malicious program designed to damage a system when a specific condition is met. It's like a time bomb waiting to explode!

What is a Trojan Horse?

A program that disguises itself as useful software while secretly causing harm. Like a wolf in sheep's clothing!

What is Social Engineering?

It manipulates people into giving away sensitive information by building trust and exploiting vulnerabilities.

What is Phishing?

When someone pretends to be a trusted entity, like your bank, and requests sensitive information through an email.

What is Pharming?

Manipulates users into visiting fake websites that mimic legitimate ones.

What is a security vulnerability?

A security vulnerability that makes a system susceptible to attack.

What is a security attack?

The set of actions taken to break into a system.

Phishing website

A fake website designed to trick users into providing login credentials or other sensitive information.

Spyware

A software program designed to track and steal personal information from users' computers.

Virus

A type of malware that replicates itself and spreads to other computers.

Anti-virus software

Software designed to detect and remove malware from a computer system.

Denial of service (DoS) attack

A type of attack that overwhelms a server with traffic, making it unavailable to legitimate users.

Spoofing

A technique used to mimic a legitimate website to steal user credentials.

What is a firewall?

A program that acts as a barrier between your computer and the internet, blocking unauthorized connections from hackers.

Why are operating system updates important?

Regular software updates from Microsoft address security vulnerabilities, making your computer less susceptible to hackers.

What makes a good password?

A combination of at least 3 different character types (uppercase, lowercase, numbers, symbols) for better security.

What are the characteristics of a strong password?

A strong password should be unique, at least 8 characters long, and use a mix of uppercase, lowercase, numbers, and symbols.

Why should passwords be kept private?

Passwords should be kept secret and not written down, as they can be easily compromised.

How can you stay safe from malicious emails?

Be cautious about opening email attachments or clicking on links from unknown senders, as they could contain malicious software.

What are pop-up blockers?

Pop-up blockers prevent unwanted advertisements that can sometimes be malicious.

How should you close pop-up windows?

Close pop-up windows using the 'X' button in the corner to avoid accidentally clicking on malicious links.

Regular Backups

A security practice that involves regularly creating copies of important data to prevent data loss in case of a disaster or system failure.

Peer-to-Peer Payment Fraud

A type of fraud that targets users of peer-to-peer (P2P) payment platforms like Venmo or Zelle. Scammers use tactics like overpayment scams, fake payment notifications, and two-step authentication scams to trick users into sending money or revealing sensitive information.

Phishing Attack

An email or message designed to trick users into revealing sensitive information, such as login credentials or credit card details. Often leads to identity theft or financial loss.

AI-Enhanced Scams

A fraudulent strategy using AI to create realistic and convincing messages, emails, or images to trick users into releasing personal information or money.

QR Code Scams

A security risk associated with QR codes. Scammers can create fake QR codes that lead to malicious websites or steal your credentials.

Verifying QR Code Source

Double-checking the source and content of a QR code before scanning it to reduce the risk of being a victim of scams.

Avoiding Random QR Code Scans

Avoiding scanning random QR codes to prevent potential security risks. Only scan a QR code if you are positive about its legitimacy.

Contacting Bank After A Fraudulent Site Access

contacting your bank immediately if you believe you have accessed a fraudulent website and compromised your financial information.

Study Notes

Business Information Management - Week 9

• Computer Security: Techniques for ensuring data stored on a computer cannot be accessed without authorization. Most measures involve data encryption and passwords. The goal is to prevent weaknesses in the system from being exploited. Three key aspects are confidentiality, integrity, and availability.

Goals of Computer Security

• Confidentiality: Ensures computer-related assets are accessed only by authorized parties. This is also known as secrecy or privacy.

• Integrity: Assets can only be modified by authorized parties or in authorized ways.

• Availability: Assets are accessible to authorized parties at the appropriate times. Loss of availability disrupts access to information.

Vulnerability, Threats & Attacks

• Vulnerability: A weakness in the system. Can appear in hardware, operating systems, or software.

• Threat: A circumstance that could cause harm or loss to a computing system. Threats can be human-initiated or computer-initiated.

• Attack: A human exploiting a vulnerability or another system attacking the system (like a denial-of-service attack).

Why We Need Security

• Good news: Employees and partners can access critical business information.

• Bad news: Employees and partners can access critical business information, and that information can be stolen or copied. Security is needed to protect the information.

Leading Threats

• Virus: Software designed to invade a computer, interfere with operations, copy, corrupt, or delete data. Spreads to other computers on the internet.

• Worm: A more sophisticated virus that replicates automatically and sends itself to other computers.

• Trojan Horse/Logic Bomb: Appears beneficial but carries harmful effects. Logic bomb triggered by a certain condition, Trojan Horse masks malicious behavior.

• Social Engineering: Manipulating people to divulge information or take actions that compromise security. Includes phone calls, in-person interactions, or emails.

• Botnets/Zombies: Networks of compromised computers used for malicious activities like spam, virus distribution, or denial of service attacks.

• Rootkit: A collection of programs used to mask intrusion and gain administrator access to a computer or network.

Malware Detection

• Spyware: Programs that track or monitor users without their knowledge. Indicators include changed homepage, unusual searches, pop-up windows.

Anti-Virus & Anti-Spyware

• Importance of Updates: Attackers constantly create new threats, so anti-virus software needs regular updates to detect and destroy malware.

Firewall

• Protection: Acts as a barrier between a computer or network and the internet to prevent unauthorized access.

Protecting the Operating System

• Regular Updates: Microsoft releases patches to resolve security issues. Automatic updates are crucial.

• Avoid Admin Logins: Avoid logging in with administrator privileges to reduce vulnerability.

Creating a Good Password

• Complex Passwords: Passwords should be at least 8 characters, combining upper and lowercase letters, numbers, and symbols. Do not use easily guessed passwords.

Password Techniques

• Privacy: Passwords should be known to only one person.
• Secret: Passwords should not be written down.
• Easily Remembered: Easy to recall but not guessable.
• Regular Changes: Passwords should be updated regularly – every three months.

Further Tips

• Email Attachments: Do not open email attachments unless expected from trusted senders.
• Email Links: Be cautious with email links, verify validity before clicking.
• Reliable Software: Download software only from trustworthy websites.

Regular Backups

• Importance: Essential for data recovery from any loss or compromise.

Privacy

• Cost of Breaches: Data breaches have significant financial and reputational consequences.
• Cybercrime: Scams are enhanced by Artificial Intelligence, making them more convincing. (QR codes, texts, and emails).

Potential Scams (2024/2025)

• AI-Enhanced Scams: AI is used to create convincing scams impersonating legitimate people.
• QR Code Scams: QR codes are targets for scams to obtain information.
• Peer-to-Peer Payment Fraud: Increasingly common using popular payment platforms.
• Phishing Attacks: Be cautious of emails and messages requesting personal information or leading to suspicious websites.

Description

Explore essential concepts in computer security including confidentiality, integrity, and availability. This week focuses on understanding vulnerabilities, threats, and the necessary safeguards to protect computer-related assets. Test your knowledge and readiness to tackle potential security challenges in modern information systems.