Concept of Information Technology

Questions and Answers

Which of the following best describes Francis Bacon's view on information processing?

• Information processing was primarily for religious purposes.
• Information processing should be limited to maintain cultural traditions.
• Information processing was key to achieving a better society through scientific and technological developments. (correct)
• Information processing was not a key component for societal advancement.

What is a potential negative consequence of increased information processing and complex technology, according to the text?

• A decrease in dependency on technology for basic functions.
• A reduction in power imbalances within society.
• Saturation and potential collapse of the market due to the need for increasingly complex tools. (correct)
• Simplification of complex societies.

In the context of computer architecture, what is the significance of representing data in binary format (0s and 1s)?

• It allows computers to understand and process information. (correct)
• It reduces the storage capacity of computer systems.
• It simplifies data processing for human users.
• It enhances the security of transmitted data.

Which of the following is a correct application of Boolean logic in computer architecture?

Translating 'flow' and 'not flow' of electricity within transistors using true and false values. (A)

What characteristic distinguishes Random Access Memory (RAM) from persistent memory (hard disk)?

RAM stores information temporarily while the computer is running, whereas the hard disk stores files for long-term storage. (D)

Why is an algorithm's independence from a specific programming language important?

It enables the algorithm to be implemented across different computer architectures using various programming languages. (A)

Which of the following statements correctly describes the relationship between an operating system and computer hardware?

The operating system serves as an interface between the hardware and software, managing applications and hardware components. (B)

What is the primary function of DNS (Domain Name System) in the context of internet communication?

To translate human-readable domain names into IP addresses. (A)

Which of the following protocols provides reliable, connection-oriented communication by breaking data into packets?

TCP (D)

What is a primary function of SQL (Structured Query Language) in the context of databases?

Managing and manipulating relational databases. (A)

Which of the following cloud deployment models involves housing services within a company's internal infrastructure?

Private cloud (A)

Which of the following best describes the CIA triad?

Core principles of information security: Confidentiality, Integrity, and Availability. (A)

What is the main purpose of 'bug bounties' in cybersecurity?

Paying researchers to identify and report vulnerabilities in order to improve system security. (D)

What is a primary goal of cybersecurity policies regarding risk management?

To determine the risk appetite and respond accordingly. (A)

In the context of cybersecurity, what is the primary difference between a passive and an active attack?

An active attack alters information, while a passive attack involves transmitting data without altering it. (C)

What is the main purpose of encryption?

To encode information so it cannot be read without a key. (D)

What is a key difference between symmetric and asymmetric key encryption?

Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a pair of keys. (C)

What is 'salting' in the context of password security?

Adding extra information to hashes passwords to mitigate cracking techniques. (D)

In the context of security architecture, what does de-perimeterization mean?

Ensuring security across the entire system and supply chain. (D)

What is the primary purpose of 'penetration testing'?

Testing a system for known vulnerabilities and reporting findings to the relevant technical officer. (C)

What is a key consideration promoted by GDPR regarding cybersecurity as a fundamental right?

Cybersecurity includes the right to confidentiality and integrity of IT systems and ensures holistic protection. (D)

How does Article 25 of the GDPR relate to security in manufacturing?

It only mandates security measures once data processing begins, making it challenging to introduce security by design at the manufacturing stage. (A)

What is the main difference between a data breach and a security breach?

Not all data breaches are security breaches; some may be due to negligence or other non-security related incidents. (D)

What is the meaning of a 'digital artifact'?

A trace or modification observable in a digital system resulting from an event. (A)

What makes digital forensics an interdisciplinary field?

It combines elements of law, computer science, and investigation due to the increasing digital elements in investigations. (D)

What is the significance of "forensic readiness" for companies?

It means allocating resources for investigating forensics in case incidents occur to investigate and prove digital readiness. (C)

What principle is reflected by the phrase 'Chain of custody' in digital forensics?

Traceability - must have a record of what has been done on the system and in which sequence so evidence validity can be guaranteed. (D)

In digital forensics, what is the purpose of creating a 'forensic copy' of data?

To create an identical copy of the original data for analysis, preserving its integrity. (A)

What is 'data carving' in the context of digital forensics?

Recovering deleted files by identifying patterns of old corrupted files in disk sectors. (D)

What is the key element that has an influence on data, according to Cognitive Bias and Digital Forensics?

It is thought that digital evidence is objective and reliable but data interpretation may be harmed by bias. (A)

What does confirmation bias refer to?

The tendency to search for information that confirms our beliefs, overlooking contradictory information. (B)

What is meant by 'maintainability' in the context of software engineering?

The ability to modify, extend, and correct errors in the software easily. (A)

How are 'non-functional requirements' related to software?

Non-functional requirements define quality attributes of the software and how its functionalities are fulfilled. (D)

Within the 'design' phase of software engineering, what is the role of the architect?

The architect assesses the lawfulness to assess the design, and select the technologies to be used (programming etc). (B)

In software development, what is the purpose of creating a 'library'?

To make easily available tested and documented functions to programmers for solving problems. (C)

What is the difference between a 'fault' and a 'failure' in software?

A fault is missing functionality, a failure is the actual manifestation of that fault. (A)

What is the specific process employed to ensure continuous validation throughout?

The V model. (C)

While using 'Artificial Intelligence', what does machine learning entail?

Learning from data directly and identifying patterns and relations without explicit instructions. (B)

What is a potential problem when using imbalanced data in machine learning?

Over and under represented issues may develop. (D)

Concerning software algorithms, what is emphasized?

Algorithms and learning algorithms differ based on their use. (D)

Flashcards

Information Technology

Branch of technology for dissemination, processing, and storage of information, especially by computers.

Bit (Binary Digit)

The most basic unit of information in computing, represented as either 0 or 1.

Byte

A unit of digital information consisting of 8 bits.

Boolean Logic

An algebra where values are either TRUE or FALSE, and operations are logical (AND, OR, NOT).

Central Processing Unit (CPU)

Executes instructions to tell the computer what to do.

Memory

Storage of information, either persistent (hard disk) or short term (RAM).

Input Devices

Hardware that sends data to a computer, like a keyboard or mouse.

Output Devices

Hardware that receives data from the computer, like printers.

Strategic Memory Placement

Strategic placement allowing simultaneous instruction and data processing.

Algorithm

A process to solve a problem through defined steps that produce a desired outcome.

Operating Systems

Connection/interference between hardware and software controlling a computer.

Database Definition

Organized structure used to store and access data electronically.

Relational Databases

Uses tables to organize data; enforces relationships for data consistency.

NoSQL Databases

DOES NOT adhere to the traditional relational model, uses other formats.

Cloud Computing

On-demand access to a shared pool of computing resources.

Public Cloud Model

External service provider houses a service model.

IaaS (Infrastructure as a Service)

Services such as virtual machines, networking, storage.

PaaS (Platform as a Service)

Provides services such as operating systems, dev platforms, and databses.

Information Security Definition

Protecting data from malicious parties.

Assets (IT Context)

Anything of value to the information system.

Threats

Any forces that potentially damage assets. Thieves, malware or vulnerabilities.

Controls

Measures taken to protect assets from threats.

CIA Triad

The three core guiding principles of information security.

Vulnerabilities

Known weaknesses that can be used by criminals.

Risks

Probability of an attack exploiting a vulnerability.

Attacks

Collect disrupt, deny degrade; destroying information system or the information itself.

Procedural Controls

Access ctrl, training, penalties, security policies.

Encryption

Guards information during storage or in transit, requires a key.

Access Control Systems

Limitations of user's abilities.

Authentication

Verify user's identity.

Passwords

Common Access Control, often can be guesed.

Network Boundary

Where trust begins for the organization.

De-perimeterization

Moving to network security over the whole system and supply chain.

Social engineering

Intentional bypass of technical safeguards by malicious actors using other sources.

Penetration testing

Test security

Digital Artefacts

Trace from event in a digital system; requires interpretation.

Digital forensics

Discipline using repeatable scientific methods to aquire data

Faraday Bag

Prevents signals from reaching a device, preventing tampering

Defence rights

Safeguard to balance weight of evidence

Study Notes

Concept of Information Technology

• The earliest form of printing used wooden blocks.
• Processing information is crucial as it changes human behaviour, enabling individual and collective decisions.
• Language, writing, and the printing press represent forms of technology development.
• The printing press enabled wider access to information.
• Society now exists in an era of telecommunications.
• Francis Bacon believed information processing was key to societal improvement through scientific and technological advancements
• Information processing shifted from religious purposes to worldly affairs due to the printing press.
• Data is captured and stored to provide insights and predictions.
• Information technology manages complexity by creating more sophisticated tools.
• The over-reliance on technology can cause negative effects.
• Social media's negative impact shows how technology changes behaviour negatively.
• An example is when composers opposed the gramophone invention because they felt it would reduce the need to experience live music.
• Society depends on technological infrastructure for basic functions like hospitals and transportation.
• Power imbalances arise from who has access to and controls technology.
• Complex societies risk collapse due to reliance on intricate tools for information processing leading to market saturation.
• Lawyers should understand technology because societies establish rules to control behaviour through regulation.
• Understanding the law is needed to adapt to behaviour.
• Law provides action boundaries, procedure, and conflict resolution while ensuring stability.
• The law is not ready to regulate fast-developing technology, emphasizing the importance of technology lawyers.

Information Technology

• Information Technology is the branch of Technology concerned with the distribution, processing and storage of information via the means of computers.
• Defining a computer requires understanding: compute, store, and communicate.

Computer Architecture

• Computers use a bit matrix of 0s and 1s to understand the world, and data is represented internally as base-2, or binary.
• A bit, or binary digit, stands as the primary information unit.
• Each digit comprises only a single bit of information, represented as either 1 or 0.
• Everything and anything can be expressed as 0s and 1s
• Digits can be systematically divided by 2, resulting in either 0 or 1 as a remainder.
• Letters are represented by numbers, which then translate into 0s and 1s.
• Pictures consist of pixels with RGB values, forming a matrix of colors expressed in numbers and subsequently in 0s and 1s.
• Sound waves get represented by numbers that translate into 0s and 1s.
• A byte comprises 8 bits, with 8 bits yielding 256 encodings.
• Storage is measured in bytes (e.g., Megabytes, Gigabytes).
• Integers get stored in 4 or 8 bytes, and a byte stores an individual character of text.
• Through the formula: the encoding by n bits allowing the creation of 2n units of information.
• Boolean logic operates with TRUE or FALSE values, performing logical operations like AND, OR, and NOT.
• Boolean logic utilizes binary notation for complex calculations and proves useful in computer circuits with NANDs as transistors.
• Logic AND operations require statements to be true for a true result.
• Logic OR operations require at least one true statement for a true result.
• The logic NOT operation involves negating a statement, inverting each component accordingly.
• Logic gates, such as NANDs, combine matrix bits with Boolean logic for functions.
• Transistors rely on boolean logic to determine electrical flow.
• Boolean logic inputs A and B have associated bits in 0s and 1s where 0 stands for false while 1 indicates true.
• Boolean logic expresses operation by Q, involving negation using a circle.
• NAND negates the answer; a basic operation for transistors.
• Transistors use boolean logic to determine their on/off state.
• Boolean logic is essential for designing transistors in small systems with NAND gates.
• Boolean logic sets wirings to control electrical flow in computer systems, translating "true" and "false" to "flow" and "not flow."

Basic Computer Architecture

• Computer architecture, including CPU and memory, is organized on a hardware level according to the Von Neumann model.
• The Central Processing Unit (CPU) executes instructions.
• The memory is the area to store the information.
• Persistent memory via the hard disk stores files and information for years.
• Random Access Memory (RAM) via software offers temporary data storage while running.
  • It is considered part of the primary memory.
• Input devices, such as keyboards and mice, send data to the computer.
• Output devices, like printers, receive data from the computer.
• Strategic memory placement enables the process of instructions and data occurs simultaneously, allowing for flexible processing operations.
• Unlike Harvard architecture, which strictly separates memory, strategic memory offers faster speed and reaction.

Processing and Programming

• Programming languages enable humans with the task to give the computer instructions, possibly compiling coding into machine code.
• Programming languages facilitate human-like expressions and portability across computer architectures in 0s and 1s.
• Python, Java, and C++ stand as examples.

Algorithms

• Algorithms denote the process of solving a problem with its definition as a set of instructions that provide data for the purposes to achieve a goal.
• Algorithms function independently from programming , it's math that enables a computer to perform the instruction to use code.
• Meeting basic requirements, algorithms must correct by executing steps by processing input to achieve an outcome.
• Steps should consist of clear execution in a time frame.
• Actions to take should be without ambiguity.
• Each action should have a defined end, to end execution.
• Terminating upon a conclusion to the input.

CPU and Operating Systems

• The CPU relies on the computer to interpret instructions, particularly through operating systems that connect hardware and software.
• Operating systems offer a platform for running software by the use of their compatibility .
• The Operating System (OS) manages the computer’s hardware and apps.
• Windows, macOS, and Android are a few key examples.
• A file system, also an integral part of the OS that enables all files created for future use to be stored on its database.
• All information storage can be registered , allowing modification of the file system.
• Allowing operation requires systems to access all stored information.
• This emphasizes the focus on the disk storage.

Computer Architecture, Layers, Connection

• User Mode connects to Libraries
• Libraries intrude on the Operating System
• Execution is translated from User Mode, to CPU.

Networking and Internet

• In regards to internet, networking involves the use of devices like computers to offer data and support sharing.
• The Internet has multiple topologies that use point to point networks, connected using buses, rings and hybrids.
• Internet offers layers to transfer data.
• For example, in transit, the data has to go through all layers.
• Each layer has particular devices and protocols.
• Application layers use HTTP, FTP, DNS.
• Presentation layers use SSL, SSH, FTP,
• Session layers use API's and Sockets
• Transport layers use TCP and UDP.
• Network layers use IP, ICMP and routers
• Data links use ethernet and PPP.
• Physical layers use Coax, Fiber and Wireless.
• TCP/IP suite relies and operates on standardized protocols.
• Standard communication from OSI and TCP organize functions into layers.
• DNS translates domain names into IP, enabling the task task to access websites through means to avoid numeric names.
• The Domain Name System is often referred to as the internet''s phone book due to how it accesses browsers and data.
• Unique IP help machines to find devices.
• DNS eliminates the need to memorize IP addresses.
• Hostnames turn into IP, allowing user interaction.
• Servers translate websites into addresses.
• Encryption (SSL/TLS), firewalls, and VPNs safeguard integrity.

Internet Protocol

• TCP/IP protocol organizes various processes.
• TCP is reliable for packets
• But UDP is faster and less reliable.
• IP is relevant for directing traffic
• HTTP transfers hypertext
• HTTPS uses SSL/TLS for encryption.
• FTP file sharing
• FTPS and SFTP are secure alternatives.

Databases

• Databases are an organized collection of data that store and access electronically.
• There are different kinds of databases such as relational data that uses a tables, SQL, to organize and and manage the storage and consistency of info.
• The SQL language can offer ways to use commands to manage and manipulate them including SELECT, INSERT, UPDATE, DELETE.
• SQL Injections use malicious language to input website parameters with SQL and can be averted via statement, validation, principles and firewalls.
• An SQL injection can manipulate databases by exploiting vulnerabilities.
• There are also NoSQL non relational databases such as storing data with documents.

Cloud Computing

• Cloud provides users with demand and easy access to on-demand computing.
• Clients lack bandwith.
• Cloud offers models such as public for external service, and a private to manage internal entities.
• Community serves as a hybrid model to serve communities with missions.
• Cloud offers services to operate platforms with services to machines and storage.
• Infrastructure as a service.
• Platforms and service for databases.
• Platform as a service.
• Software as a service provide things like applications or data.
• Easy scalability, organizations can handle data because providers offer robust security and compliance with industry regulations.
• Dependency can result in increased security and impact for incidents.

Information Security

• The growth of digital information that needs to be secured leads to increase in demand for security.
• Information security means to protect from malicious threats.
• Defence with assets refers to the data that is to be protected, things like a system, databases, code, software, and hardware.
• To protect the system, there needs to be controls, otherwise there can be threats like vulnerabilities.

CIA: Confidentiality, Integrity, and Availability

• The foundation of security rests on the triad called CIA.
• Confidentiality meaning limiting access to specific users.
• Integrity in that all data has to accurate and maintained from damage to information data.
• Access to that data.
• Important to match attack and assets to threats along the concept in CIA.

Vulnerabilities, Risks and Controls

• Digital forensics covers vulnerability, threats and assets.
• Known software is a start as a weakness used by vulnerabilities like CVE.
• Although unknown software, threats can happen with zero days, but by bug bounties threats exist with ethical means.
• Legal regulation and ethical security must be put on ethical activities.

Risk Consideration

• A probability as effective, sector and impacts of something like the space shuttle disaster, along the $10 o ring.
• Must focus on risks by knowing identification and registration as strategy.
• Select assets and threats and model strategy by assessing and collecting this data to monitor Effectiveness, which requires:
• Accept
• Transfer
• Mitigate
• Avoid
• Threats cause detriments, requiring the analysis and models on threat to limit such attacks:
• Active and Passive

Information Security, Attacks

• Requires using safeguards and thinking .
• Active involves an alteration of information by GDPR.
• Passive does not cause data damage from inside and even outside.
• DDOS: Service gets flooded/
• MITM Attacker relaying communication
• SQL Input
• BO Data overflows
• Malware Payload
• Phising

Control

• Information requires the use of control; being technical in some capacities to allow means of access.
• Encryption is part of this too.
• Procedural to use security policies and improve access .
• Digital has a key.
• Encryption is not always the ideal method.

Access Information and Access Control

• Limiting factors help access boundaries
• Access to unauthorized materials like unauthorized modification requires authorized disclosure by people
• This can also add physical boundaries; set by polices like Role Based Authorization.
• Access is granted to people who also authorize individual's data.
• Password protection, hacking , and mitigation by salting with hashing to generate safe passwords/
• Hashing is also used for database protection with black/white listing.
• These techniques do generate some drawbacks with documents, requiring additional security via tokens, biometrics and remote user methods.

Security Architecture

• The architecture is the aspect to build a system and address the risks, balancing CIA.
• Also consider the safety perimeter, like a supply chain
• But even if it is not in place there is not continuous of people, social engineering, and safety to avoid failure.
• The architecture must be usable and reasonable.
• Be bounded and rational.
• Be known, tested by paid pentesters.
• Use red to try and breach, blue to mitigate.
• There are heavily regulated requirements at place.
• That must respect society and integrity.

Security Relationship, Protections

• The self determination has to respect the individual's right to seek privacy.
• Values based on free form development allow security.
• Cybersecurity helps create fundamental environments to avoid all technical issues.
• To guarantee security production, Article 25 of GDPR is a requirement that can create more privacy that leads to new acts .
• Data breaches are less of a threat with new protocols, but with new problems, the encryption debate argues the legality of it.