Cyber Ethics Overview and Key Topics

Questions and Answers

What is the primary function of cryptors in ransomware?

• To delete data permanently
• To monitor the victim’s activities
• To encrypt data and demand ransom (correct)
• To prevent access to data

Which principle is often in conflict with security in cybersecurity ethics?

• Efficiency
• Innovation
• Profitability
• Autonomy (correct)

What is the role of ethical hackers?

• To perform unauthorized security assessments
• To assess and improve IT security for clients (correct)
• To exploit vulnerabilities for personal gain
• To create malware to test the system

Which value cluster includes 'responsibility' as a key element?

Accountability (D)

Blockers in ransomware primarily serve what purpose?

To prevent access to data without deletion (D)

What is the main purpose of ethical frameworks in cybersecurity?

To address and evaluate ethical issues. (A)

Which elements are included in the CIA Triangle?

Confidentiality, Integrity, Availability (C)

Which control is considered a preventive security measure?

Firewalls (C)

What defines a vulnerability in cybersecurity?

A weakness in a system or product. (A)

What is the objective of a Denial of Service (DoS) attack?

To occupy resources and deny them to legitimate users. (D)

Which approach is NOT part of a security strategy?

Network Topology Design (B)

Which of the following is a characteristic of Distributed Denial of Service (DDoS)?

It utilizes multiple compromised hosts to launch an attack. (D)

How can strict firewall rules help in cybersecurity?

By preventing unauthorized access and services enumeration. (D)

Which of the following represents a common responsibility of cybersecurity professionals regarding customer data?

Handling personal data in accordance with GDPR (A)

What is a potential drawback of using Intrusion Detection Systems (IDS) in encrypted communications?

They have a high rate of false positives and false alarms (C)

Which ethical framework is specifically mentioned in relation to data protection in cybersecurity?

General Data Protection Regulation (GDPR) (A)

In the context of profiling in cybersecurity, which of the following reflects a widespread concern?

It may lead to discrimination against certain groups (D)

What is a key factor that can lead to negligence in cybersecurity practices?

Lack of updates and wrong configurations (A)

What is a primary purpose of penetration testing?

To simulate a real attack scenario (C)

Which tool is commonly associated with network traffic analysis?

Wireshark (D)

What is an ethical issue related to penetration testing?

Sharing exploit code for awareness (D)

What does fuzzing aim to achieve during application testing?

To test application's unintended behavior (C)

What can complicate external code audits?

Lack of vendor cooperation (D)

What should vendors provide on their website to handle vulnerabilities effectively?

Information security contact details (B)

What does the term 'Zero day vulnerability' refer to?

A security loophole that has not yet been disclosed (B)

Which service can attackers utilize during reconnaissance to gather information about domain owners?

Whois Service (B)

Study Notes

Cyber Ethics Overview

• Cybersecurity ethics investigates the ethical and social aspects of cybersecurity practices.
• It explores ethical frameworks applicable to cybersecurity.
• It analyzes the ethical roles and responsibilities of cybersecurity professionals.

Key Topics in Cybersecurity

• Confidentiality, Integrity, Availability (CIA): Core principles of information security, ensuring information remains private, accurate, and accessible to authorized users.
• Privacy: Protecting personal information from unauthorized access and use.
• Authenticity: Ensuring the validity and genuineness of information and sources.
• Non-repudiation: Preventing denials of involvement in actions or transactions.
• Vulnerability: A weakness in a system, product, or organization that can be exploited by attackers.
• Threat: A potential danger to a system or its assets, often exploiting vulnerabilities for malicious purposes.
• Risk Management: The process of identifying, assessing, and mitigating security risks to minimize potential harm.
• Security Strategy: A high-level plan to secure organizational assets, outlining security goals, policies, and procedures.
• Security Controls: Measures to prevent, deter, detect, mitigate, or recover from security incidents.
• Ethical Hacking: Using hacking techniques for authorized purposes like testing and security assessments.
• Incident Response: The process of handling security incidents, including detection, containment, investigation, and recovery.
• Penetration Testing: Simulating real-world attacks to identify vulnerabilities and assess security effectiveness.

Common Cyber Threats and Ethical Issues

• Denial of Service (DoS) Attack: Overloading a target system with requests, making it unavailable to legitimate users.
• Distributed Denial of Service (DDoS) Attack: Using multiple compromised systems (bots) to overwhelm a target.
• Port Scanning: Identifying open ports and services on a network, which can be used for further exploitation.
• Ransomware: Encrypting data and demanding payment for decryption, harming confidentiality and availability.

Key Ethical Values in Cybersecurity

• Security: Protecting individuals, national interests, and information systems.
• Privacy: Ensuring individual autonomy, dignity, identity, liberty, and confidentiality.
• Fairness: Promoting justice, equality, accessibility, non-discrimination, and democratic principles.
• Accountability: Encouraging transparency, openness, explainability, and responsibility for actions.

Conflicts Between Ethical Principles

• Privacy vs Security: Balancing individual privacy with security measures that might intrude.
• Privacy vs Fairness: Ensuring fairness while respecting individual privacy.
• Privacy vs Accountability: Reconciling transparency and accountability with privacy concerns.
• Security vs Accountability: Ensuring accountability without compromising security.
• Security vs Fairness: Balancing security with fairness and preventing discrimination.

Ethical Issues in Cybersecurity Practices

• Ethical Hacking: Balancing legitimate testing with potential harm and ethical guidelines.
• Penetration Testing: Ensuring ethical practices, transparency, and informed consent when conducting security testing.
• Source Code Analysis: Respecting intellectual property rights and obtaining consent for code audits.
• Disclosing Vulnerability Test Results: Balancing responsible disclosure with vendor rights, security, and public safety.
• Reconnaissance: Using tools like Whois and DNS lookups ethically and considering potential privacy impacts.
• Cybersecurity Professionals Faulty Tasks: Avoiding negligence, ensuring proper configuration and updates, and adhering to ethical principles.
• Using AI in Cybersecurity: Evaluating the ethical implications of AI tools for security monitoring.
• Surveillance and Profiling: Balancing security needs with privacy, accountability, and non-discrimination.
• Digital Forensic Investigators: Ensuring ethical handling of evidence, respecting privacy, and avoiding bias.

Ethical Frameworks in Cybersecurity

• Human Rights: Drawing upon human rights principles to guide cybersecurity practices.
• General Data Protection Regulation (GDPR): Establishing regulations for data protection and privacy.
• Ethical Codes of Conduct: Providing guidelines for ethical behavior for cybersecurity professionals.
• Best Ethical Practices: Establishing standards for responsible cybersecurity practices across various areas, such as data handling, breach disclosure, threat intelligence, and penetration testing.

Description

This quiz covers the essential principles of cyber ethics and key topics in cybersecurity such as confidentiality, integrity, availability, and risk management. It explores the ethical frameworks that guide cybersecurity professionals and the roles they play in safeguarding information. Test your understanding of these crucial topics in today's digital landscape.