Business Information Management - Week 9

Questions and Answers

What is the primary purpose of computer security?

To ensure that data cannot be accessed without authorization (correct)

To maximize the connectivity of devices

To increase the speed of data retrieval

To minimize the amount of data stored

Which aspect of computer security guarantees that information is only modified by authorized individuals?

Availability

Accessibility

Integrity (correct)

Confidentiality

What term describes a weakness in a security system that could be exploited?

Threat

Compromise

Vulnerability (correct)

Attack

What is a common example of a denial-of-service attack?

Flooding a server with excessive requests

Which situation describes a threat to a computer system?

A hacker attempting to breach a system

What is meant by the term 'availability' in the context of computer security?

Ensuring that assets are accessible to authorized parties when needed

Which of the following is NOT a main aspect of security?

Analysis

What challenge often arises when trying to secure computer systems?

Balancing the goals of security, which may conflict

What is a logic bomb primarily designed to do?

Perform harmful actions when certain conditions are met

How does a Trojan horse operate?

It appears to be a useful program while causing harm in the background

What technique is commonly associated with phishing?

Sending emails that appear to come from legitimate entities

What form does pharming take in social engineering?

Redirecting a user's session to a fraudulent website

Which of the following best describes social engineering?

Manipulating individuals to obtain confidential data

What is the main goal of a logic bomb when triggered?

To delete or corrupt data

In what situation might social engineering tactics be employed?

To gain unauthorized access to computer systems

Which of the following scenarios best illustrates the concept of phishing?

An email requests a user’s bank account credentials under a false pretext

What is a critical consideration when participating in peer-to-peer payment transactions?

Always verify the identity of the recipient before transferring funds.

Which of the following is NOT a recommended approach to prevent QR code scams?

Scan any QR code that seems interesting.

What kind of scams are cybercriminals predicted to enhance using AI?

Impersonation scams through convincing texts and deepfakes.

Which statement about regular backups is accurate?

Automated and secured off-site backups can safeguard important data.

What should you do if you think you've accessed a fraudulent site and shared financial information?

Contact your bank immediately.

What is one of the components of a secure backup process?

Make sure backups are recent and tested.

What is a common tactic used in peer-to-peer payment scams?

Fake payment notifications and overpayment scams.

Which type of message should raise suspicion regarding phishing attacks?

Messages asking for personal information.

What distinguishes information security from traditional security?

Confidential information can still exist even if copied.

Which of the following is NOT considered a method of enhancing security?

Using unsecured public Wi-Fi

Which of these options best describes a worm in computer security?

A self-replicating program that spreads without human action.

Which option is an example of social engineering?

Sending phishing emails to obtain sensitive information.

What is the primary function of anti-virus software?

To detect and remove malicious software.

What is the major difference between security and safety in online contexts?

Security involves protecting systems while safety involves user behavior.

Which of the following is NOT a leading threat in information security?

Software updates

Which approach is commonly recommended for recovering from a virus attack?

Reinstall the operating system as a definitive solution.

What is the primary function of a botnet?

To send spam, viruses, or perform denial of service attacks.

Which of the following is a characteristic of a rootkit?

It provides administrator-level access and masks an attack.

Which symptom is likely to indicate a break-in or compromise?

Unexpected transactions or files appearing.

What is a common symptom of spyware?

Installations of new applications without consent.

What should be done to ensure anti-virus software remains effective?

Set it to auto-update regularly.

Which of the following is NOT a symptom of malware detection?

Increased disk storage space.

What usually happens when a computer is compromised by a rootkit?

Evidence of a break-in is eliminated.

What is one of the primary roles of anti-spyware?

To detect and remove spyware before it can cause harm.

What is the primary function of a firewall?

To act as a barrier against unauthorized access

Why is it important to regularly update your operating system?

It ensures the computer is protected against known vulnerabilities

Which of the following is essential for creating a strong password?

Including at least 8 characters and a combination of different character types

What technique is advised for creating easily remembered passwords?

Abbreviating a phrase or combining unrelated words

What is a suggested best practice for accessing email attachments?

Open attachments only if you trust the sender and expect them

Which characteristic defines a private password?

It is known and used by only one person

What should you avoid doing when dealing with pop-up windows?

Clicking anywhere in the pop-up

For optimal security, how often should passwords be changed?

Every three months

Study Notes

Business Information Management - Week 9

• Computer Security: Techniques for ensuring data stored on a computer cannot be accessed without authorization. Most measures involve data encryption and passwords. The goal is to prevent weaknesses in the system from being exploited. Three key aspects are confidentiality, integrity, and availability.

Goals of Computer Security

• Confidentiality: Ensures computer-related assets are accessed only by authorized parties. This is also known as secrecy or privacy.

• Integrity: Assets can only be modified by authorized parties or in authorized ways.

• Availability: Assets are accessible to authorized parties at the appropriate times. Loss of availability disrupts access to information.

Vulnerability, Threats & Attacks

• Vulnerability: A weakness in the system. Can appear in hardware, operating systems, or software.

• Threat: A circumstance that could cause harm or loss to a computing system. Threats can be human-initiated or computer-initiated.

• Attack: A human exploiting a vulnerability or another system attacking the system (like a denial-of-service attack).

Why We Need Security

• Good news: Employees and partners can access critical business information.

• Bad news: Employees and partners can access critical business information, and that information can be stolen or copied. Security is needed to protect the information.

Leading Threats

• Virus: Software designed to invade a computer, interfere with operations, copy, corrupt, or delete data. Spreads to other computers on the internet.

• Worm: A more sophisticated virus that replicates automatically and sends itself to other computers.

• Trojan Horse/Logic Bomb: Appears beneficial but carries harmful effects. Logic bomb triggered by a certain condition, Trojan Horse masks malicious behavior.

• Social Engineering: Manipulating people to divulge information or take actions that compromise security. Includes phone calls, in-person interactions, or emails.

• Botnets/Zombies: Networks of compromised computers used for malicious activities like spam, virus distribution, or denial of service attacks.

• Rootkit: A collection of programs used to mask intrusion and gain administrator access to a computer or network.

Malware Detection

• Spyware: Programs that track or monitor users without their knowledge. Indicators include changed homepage, unusual searches, pop-up windows.

Anti-Virus & Anti-Spyware

• Importance of Updates: Attackers constantly create new threats, so anti-virus software needs regular updates to detect and destroy malware.

Firewall

• Protection: Acts as a barrier between a computer or network and the internet to prevent unauthorized access.

Protecting the Operating System

• Regular Updates: Microsoft releases patches to resolve security issues. Automatic updates are crucial.

• Avoid Admin Logins: Avoid logging in with administrator privileges to reduce vulnerability.

Creating a Good Password

• Complex Passwords: Passwords should be at least 8 characters, combining upper and lowercase letters, numbers, and symbols. Do not use easily guessed passwords.

Password Techniques

• Privacy: Passwords should be known to only one person.
• Secret: Passwords should not be written down.
• Easily Remembered: Easy to recall but not guessable.
• Regular Changes: Passwords should be updated regularly – every three months.

Further Tips

• Email Attachments: Do not open email attachments unless expected from trusted senders.
• Email Links: Be cautious with email links, verify validity before clicking.
• Reliable Software: Download software only from trustworthy websites.

Regular Backups

• Importance: Essential for data recovery from any loss or compromise.

Privacy

• Cost of Breaches: Data breaches have significant financial and reputational consequences.
• Cybercrime: Scams are enhanced by Artificial Intelligence, making them more convincing. (QR codes, texts, and emails).

Potential Scams (2024/2025)

• AI-Enhanced Scams: AI is used to create convincing scams impersonating legitimate people.
• QR Code Scams: QR codes are targets for scams to obtain information.
• Peer-to-Peer Payment Fraud: Increasingly common using popular payment platforms.
• Phishing Attacks: Be cautious of emails and messages requesting personal information or leading to suspicious websites.

Description

Explore essential concepts in computer security including confidentiality, integrity, and availability. This week focuses on understanding vulnerabilities, threats, and the necessary safeguards to protect computer-related assets. Test your knowledge and readiness to tackle potential security challenges in modern information systems.