Common Security Threats to E-Business

Questions and Answers

Which type of hacker is primarily motivated by causing damage or disruption, rather than financial gain?

Black-hat hacker

Cracker

Cyberterrorist (correct)

White-hat hacker

What type of malware is designed to allow advertisers to display ads without the user's consent?

Malware

Virus

Adware (correct)

Worm

Which type of hacker is hired by a system owner to find and fix vulnerabilities in their system?

Cyberterrorist

White-hat hacker (correct)

Cracker

Black-hat hacker

Which type of malware is capable of spreading itself from file to file, and from computer to computer?

Worm

What is the primary goal of a cyberterrorist when attacking a computer system?

Disrupt or destroy critical systems or information

Which of the following is the MOST effective way for an organization to protect its intellectual assets?

Enforce a comprehensive information security program

Which of the following is the BIGGEST risk to an organization that fails to monitor its employees' activities?

Employees will engage in unauthorized access or data breaches

Which of the following is the MOST effective way to prevent employees from denying their online actions?

Require employees to agree to a nonrepudiation clause

Which of the following is the BIGGEST threat to an organization's intellectual assets?

Ransomware attacks

Which of the following is the MOST effective way to protect against hoaxes and misinformation on social media?

Educate employees on identifying and reporting suspicious online content

What type of malware infects a computer and demands money from the user?

Ransomware

Which security threat grants unauthorized rights and can be a danger to eBusiness?

Elevation of privilege

What does a sniffer do in relation to network data?

Monitors data traveling over a network

In the context of email security, what does spoofing involve?

Forging the return address to appear different from the actual sender

Which kind of malware tracks online movements and mines information on a computer without permission?

Spyware

What type of privilege escalation attack occurs when an attacker assumes the identity of another user with the same access level?

Horizontal privilege escalation

Which of the following technologies is used to scramble information into an alternative form that requires a key or password to decrypt?

Encryption

Which type of attack allows an attacker to gain a higher access level, such as administrator privileges?

Vertical privilege escalation

Which technology uses full-time monitoring tools that search for patterns in network traffic to identify intruders?

Intrusion detection software

Which type of attack involves an attacker sending false or misleading information to trick users into revealing sensitive information or performing actions that compromise security?

Hoax attack

What is a common technique used by spammers to confirm if an email address is active?

Including fake 'remove' instructions in spam messages

What is a recommended strategy to prevent email addresses from being harvested by spammers' robots?

Using a web-based mail form instead of displaying email addresses on website pages

What is the purpose of obscuring an email address when posting on web forums or newsgroups?

To prevent spammers from detecting the email address and adding it to their mailing lists

What kind of attack is often associated with fake 'remove' instructions in spam messages?

Hoax attack

Which technique is commonly used by spammers to impersonate legitimate senders?

Spoofing

Which of the following is a form of malicious software that blocks access to data or systems until a ransom is paid?

Ransomware

What is the process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected?

Elevation of privilege

Which of the following is a deliberate attempt to deceive or mislead users into believing something false or non-existent?

Hoax

What is the practice of masquerading as another entity to gain unauthorized access or information?

Spoofing

Which of the following is a type of malware that covertly monitors and collects information about a user's activities and data?

Spyware

Which of the following is NOT a key aspect of information ethics according to the text?

Business strategy

What is the primary purpose of an Ethical Computer Use Policy according to the text?

To ensure users are informed and consent to the rules of computer use

Which of the following is NOT mentioned in the text as a tool to prevent information misuse?

Ransomware

Which of the following is NOT identified in the text as a business issue related to information ethics?

Elevation of privilege

Which of the following is NOT a key aspect of privacy?

The right to have your information shared with others without your knowledge

Which of the following is NOT a key ethical issue related to information technology according to the text?

Data encryption

What is the primary purpose of confidentiality in the context of information ethics?

To ensure information is only available to those authorized to view it

Which of the following is NOT mentioned in the text as a tool to prevent information misuse?

Biometric authentication

What is the key difference between information ethics and business issues related to information ethics?

Information ethics is concerned with the development and use of information technologies, while business issues are concerned with the creation and distribution of information

Which of the following is NOT identified in the text as a key aspect of information ethics?

The legal and regulatory frameworks governing the use of information

Phishing is a technique used to gain personal information for the purpose of fraud.

True

Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.

False

Tokens are small electronic devices that cannot change user passwords automatically.

False

Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.

False

Data prevention and resistance is one of the three areas of information security according to the text.

False

The email privacy policy details the extent to which social media accounts may be monitored by the organization.

False

An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.

True

Nonrepudiation is a contractual stipulation that ensures ebusiness participants cannot deny their online actions.

True

The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved.

False

Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the organization.

True

Scareware is a type of malware designed to trick victims into giving up personal information to purchase legitimate and beneficial software.

False

The primary goal of the first line of defense in an organization is to enable employees, customers, and partners to access information electronically.

True

The biggest issue surrounding information security is primarily a technical challenge rather than a people issue.

False

Developing information security policies is the first step an organization should follow to combat insider threats effectively.

True

A sniffer is a program that alters the return address on an email to make it appear to come from the actual sender.

False

Content filtering is a technology mainly used to encrypt data for secure transmission.

False

Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.

True

Detection and response technologies come into play after prevention and resistance strategies have successfully prevented a security breach.

False

Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify intruders.

True

Privilege escalation involves attackers granting themselves lower access levels than they already have, such as basic user permissions.

False

An Ethical Computer Use Policy contains specific guidelines to prevent all possible computer security breaches.

False

Privacy refers to the right to control your personal possessions and to be observed without consent.

False

Information Ethics mainly governs the ethical and moral issues arising from the creation and distribution of information.

True

Protecting Intellectual Assets is not a major concern for organizations striving to build an ethical corporate culture.

False

Financial Performance is a primary focus of an Ethical Computer Use Policy.

False

A Black-hat hacker is someone who works at the request of a system owner to find system vulnerabilities and fix them.

False

A worm is a type of virus that is designed to spread from file to file, but not from computer to computer.

False

Malware is software intended to enhance the performance of computers and computer systems.

False

Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.

False

A Cyberterrorist aims to protect critical systems or information from destruction.

False

Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.

True

An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.

True

The email privacy policy details the extent to which social media accounts may be monitored by the organization.

False

Data prevention and resistance is one of the three areas of information security according to the text.

False

Nonrepudiation is a contractual stipulation that ensures e-business participants cannot deny their online actions.

True

The primary purpose of an Ethical Computer Use Policy is to protect intellectual assets.

False

Hoaxes and misinformation on social media can be effectively prevented by training employees on media literacy.

True

An organization can effectively protect its intellectual assets by solely relying on legal agreements.

False

The biggest risk to an organization that fails to monitor its employees' activities is financial loss due to data breaches.

True

In the context of cybersecurity, a sniffer is used to corrupt network data and disrupt communications.

False

Astroturfing is the practice of using a fake identity to artificially stimulate demand for a product.

False

Financial Performance is a primary concern for organizations striving to build an ethical corporate culture.

True

A Working Monitoring Policy focuses on monitoring employees' activities to maintain information security.

True

Protecting Intellectual Assets is not a major concern for organizations.

False

Data prevention and resistance is not one of the three areas of information security according to the text.

False

The Working Monitoring Policy states that it is universally agreed that monitoring employees is ethical in the workplace.

False

Financial Performance is a key focus area outlined in the Social Media Policy within organizations.

False

According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by others.

False

Protecting Intellectual Assets primarily involves safeguarding information from accidental misuse by individuals outside the organization.

False

In the context of security, Nonrepudiation ensures that e-business participants have the right to deny their online actions if needed.

False

Scareware is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software.

True

The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as 'elevation of privilege'.

True

A sniffer is a program or device that can monitor data traveling over a network.

True

A worm is a type of virus designed to spread from file to file but not from computer to computer.

False

Spyware is always clearly visible in the free downloadable software in which it comes hidden.

False

Content filtering is a technology used to encrypt data for secure transmission.

False

Phishing is a technique used to gain personal information for the purpose of fraud.

True

Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.

False

Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.

False

Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.

False

A black-hat hacker steals, destroys, and does nothing with criminal intent.

False

A worm is a type of virus that spreads from computer to computer.

True

An Ethical Computer Use Policy primarily focuses on Financial Performance.

False

The Working Monitoring Policy mainly involves monitoring customers and financial markets.

False

The primary focus of an Ethical Computer Use Policy is to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.

True

Security threats caused by hackers and viruses do not pose a risk to intellectual assets.

False

Social Media Policy is primarily concerned with protecting intellectual property and financial performance within the organization.

False

A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.

True

Protecting intellectual assets mainly involves safeguarding information related to digital rights management and digital privacy.

False

Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and availability.

True

It is recommended to reply to spam messages, even if it is to request to be removed from the mailing list.

False

A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by spammers' robots.

True

Astroturfing involves using artificial identities to stimulate demand for a product.

True

Financial performance is not a primary concern for organizations striving to build an ethical corporate culture.

False

An Ethical Computer Use Policy typically contains guidelines that cover all possible computer security breaches.

False

Protecting intellectual assets is not a major concern for organizations.

False

Content filtering is primarily used for secure data transmission through encryption.

False

An Acceptable Use Policy (AUP) outlines guidelines for proper internet usage within an organization.

True

Nonrepudiation ensures that e-business participants can deny their online actions.

False

'Hoaxes and misinformation on social media can be prevented effectively by training employees on media literacy' - this statement is true.

True

A key aspect of a ___________ Policy is protecting intellectual property and financial performance within the organization.

Social Media

Organizations strive to build an ethical corporate culture by safeguarding their ___________ and ensuring data integrity and availability.

Financial Performance

A ___________ Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.

Working Monitoring

Protecting ___________ involves safeguarding information related to digital rights management and digital privacy.

Intellectual Assets

Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and ___________.

Availability

A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by ______' robots.

spammers'

Protecting intellectual assets mainly involves safeguarding information related to digital rights management and ______ privacy.

digital

Content filtering is a technology mainly used to encrypt data for secure ______.

transmission

Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.

culture

A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be ______.

monitored

______ filtering is the use of software that filters content to prevent the transmission of unauthorized information.

Content

_________ is a type of malware that allows internet advertisers to display ads with the consent of computer users.

Adware

The Working Monitoring Policy focuses on monitoring employees' activities to maintain information ________.

security

Protecting ________ assets is a major concern for organizations to safeguard digital rights management and digital privacy.

intellectual

_______ Performance is a primary focus area outlined in the Social Media Policy within organizations.

Financial

The Email Privacy Policy details the extent to which email messages may be read by others

organization

The dilemma surrounding employee monitoring in the workplace is that an organization places itself at risk if it fails to monitor its employees. However, some people feel that monitoring employees is ________.

unethical

Organizational information is intellectual capital - it must be ________.

protected

Information security involves the protection of information from accidental or intentional misuse by persons inside or outside the ________.

organization

Financial Performance is a primary concern for organizations striving to build an ethical corporate ________.

culture

Astroturfing is the practice of using a fake identity to artificially stimulate demand for a ______.

product

Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.

culture

The Working Monitoring Policy mainly involves monitoring customers and financial ______.

markets

A key aspect of a _______ Policy is protecting intellectual property and financial performance within the organization.

Social Media

Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify ______.

intruders

_______ is a key focus area outlined in the Social Media Policy within organizations.

Financial Performance

According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by ______.

others

Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the ______.

organization

The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved in maintaining employee ______.

privacy

Security threats caused by hackers and viruses pose a risk to ______ assets.

intellectual

The primary goal of a cyberterrorist when attacking a computer system is to ______

cause harm

Content filtering is a technology mainly used to ______ data for secure transmission.

encrypt

Astroturfing is the practice of using a ______ identity to artificially stimulate demand for a product.

fake

Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.

culture

Tokens are small electronic devices that can change user passwords ______.

automatically

It is recommended to reply to spam messages, even if it is to request to be ______ from the mailing list.

removed

The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as '______ of privilege'.

elevation

Malware is software intended to ______ the performance of computers and computer systems.

enhance

Which type of hacker is primarily motivated by causing damage or disruption, rather than financial ______?

gain

Biometrics, such as fingerprints or voice, fall under the category of 'Something the user ______' in authentication techniques.

knows

Study Notes

Financial Impacts of Downtime

• The cost of downtime includes revenue recognition, cash flow, payment guarantees, credit rating, and stock price
• Revenue loss includes direct loss, compensatory payments, lost future revenue, billing losses, investment losses, and lost productivity
• Damaged reputation affects customers, suppliers, financial markets, banks, and business partners
• Other expenses include temporary employees, equipment details, overtime costs, extra shipping charges, travel expenses, and legal obligations

Security Threats Caused by Hackers and Viruses

• Hacker: experts in technology who use their knowledge to break into computers and computer networks
  • Types of hackers:
    • Black-hat hacker: steals, destroys, or does nothing
    • Cracker: with criminal intent
    • Cyberterrorist: destroys critical systems or information
    • White-hat hacker: works at the request of system owner to find system vulnerabilities and fix them
• Virus: software written with malicious intent to cause annoyance or damage
  • Types of viruses:
    • Worm: spreads itself from file to file and computer to computer
    • Malware: intended to damage or disable computers and computer systems
    • Adware: allows internet advertisers to display advertisements without consent

Information Privacy Policy

• Contains general principles regarding information privacy
• Acceptable Use Policy (AUP): requires user to agree to follow to access corporate email, information systems, and the internet
• Nonrepudiation: ensures ebusiness participants do not deny their online actions
• Internet Use Policy: guides proper use of the internet
• Email Privacy Policy: details extent of email message reading by others
• Social Media Policy: outlines corporate guidelines for employee online communications
• Working Monitoring Policy: explicitly states how, when, and where the company monitors its employees

Information Ethics

• Ethics: principles and standards guiding behavior toward others
• Information Ethics: governs ethical and moral issues arising from development and use of information technologies
• Business issues related to information ethics:
  • Intellectual property
  • Copyright
  • Pirated software
  • Counterfeit software
  • Digital rights management
• Privacy: right to be left alone, control personal possessions, and not be observed without consent
• Confidentiality: assurance that messages and information are available only to authorized viewers

Protection of Intellectual Assets

• Organizational information is intellectual capital that must be protected

• Information security: protection of information from accidental or intentional misuse

• Downtime: period of time when a system is unavailable

• Security threats to ebusiness include:

  • Elevation of privilege
  • Hoaxes
  • Sniffer
  • Spoofing
  • Spyware
  • Ransomware
  • Scareware

• First line of defense: people

• Information security policies and plan: essential to combat insider issues### Information Security

• Prevention and resistance technologies stop intruders from accessing and reading data.

• Privilege escalation is a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.

  • Vertical privilege escalation: attackers grant themselves a higher access level, such as administrator.
  • Horizontal privilege escalation: attackers grant themselves the same levels that they already have but assume the identity of another user.

Technologies for Prevention and Resistance

• Content filtering: use of software that filters content to prevent the transmission of unauthorized information.
• Encryption: scrambles information into an alternative form that requires a key or password to decrypt.
• Firewalls: hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings.

Detection and Response

• Intrusion detection software: features full-time monitoring tools that search for patterns in network traffic to identify intruders.

Three Areas of Information Security

• People: authentication and authorization
• Data: prevention and resistance
• Attacks: detection and response

Authentication and Authorization

• Identity theft: the forging of someone’s identity for the purpose of fraud.
  • Phishing: technique to gain personal information for the purpose of identity theft.
  • Pharming: reroutes requests for legitimate websites to false websites.
  • Sock puppet marketing: the use of a false identity to artificially stimulate demand for a product, brand, or service.
  • Astroturfing: the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand.
• Authentication: a method for confirming users’ identities.
• Authorization: the process of giving someone permission to do or have something.
  • Three categories of authentication techniques:
    • Something the user knows (e.g. user ID and password)
    • Something the user has (e.g. smart card or token)
    • Something that is part of the user (e.g. fingerprints or voice - biometrics)

Policies

• Information Privacy Policy: contains general principles regarding information privacy.
• Acceptable Use Policy (AUP): requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet.
• Nonrepudiation: a contractual stipulation to ensure that ebusiness participants do not deny their online actions.
• Internet Use Policy: contains general principles to guide the proper use of the internet.
• Email Privacy Policy: details the extent to which email messages may be read by others.
• Social Media Policy: outlines the corporate guidelines or principles governing employee online communications.
• Working Monitoring Policy: explicitly states how, when, and where the company monitors its employees.

Protecting Intellectual Assets

• Organizational information is intellectual capital - it must be protected.
• Information security: the protection of information from accidental or intentional misuse by persons inside or outside the organization.
• Downtime: a period of time when a system is unavailable.
• Cost of downtime:
  • Financial performance
  • Revenue
  • Damaged reputation
  • Other expenses

Ethics

• Ethics: the principles and standards that guide our behavior toward other people.
• Information Ethics: govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.
• Business issues related to information ethics:
  • Intellectual property
  • Copyright
  • Pirated software
  • Counterfeit software
  • Digital rights management
• Privacy: the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
• Confidentiality: the assurance that messages and information are available only to those who are authorized to view them.

Security Threats

• Hacker: experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.
  • Black-hat hacker: steal, destroy or do nothing.
  • Cracker: with criminal intent.
  • Cyberterrorist: destroy critical systems or information.
  • White-hat hacker: work at the request of system owner to find system vulnerabilities and fix them.
• Virus: software written with malicious intent to cause annoyance or damage.
  • Worm: a type of virus that spreads itself from file to file, but also from computer to computer.
  • Malware: software that is intended to damage or disable computers and computer systems.
  • Adware: allows the internet advertisers to display advertisements without the consent of the computer users.

Spam Management

• Tips from Information Week:
  • Obscure your email address by inserting something obvious into it.
  • Don't reply to spam messages.
  • Remove your email address from your Website's pages and offer a Web-based mail form instead.

Description

Learn about common security threats to e-business such as spyware, ransomware, scareware, elevation of privilege, and hoaxes. Understand how these threats can impact businesses and how to protect against them.