Cyber Security in Canada

Questions and Answers

What is the average amount spent by Canadian organizations to resolve damage done by cyber attacks?

$10 million

$15 million

$5 million

$9.25 million (correct)

What percentage of Canadian businesses reported being impacted by a cyber security incident in 2019?

21% (correct)

15%

30%

25%

What percentage of businesses impacted by incidents reported them to the police?

6%

10%

12% (correct)

15%

What type of businesses are most likely to face cyber threat activity?

Small and medium enterprises (SME)

What is the primary motivation for cybercrimes experienced by Canadian businesses?

Stealing money or selling personal information

What is required by Canada’s Personal Information Protection of Electronic Documents Act (PIPEDA)?

Private businesses are required to safeguard personal information and report breaches to the privacy commissioner and individuals impacted

What is an example of technology being the target of a crime?

All of the above

What is ransomware?

Malware that infects a computer and encrypts the data, requiring payment to access it again

What is the purpose of a denial-of-service (DoS) attack?

To prevent a web server from servicing authorized users

What is spyware?

Software that gathers data, usually personal, about a user without their knowledge

Which of these is NOT a type of cybercrime mentioned in the text?

Data Encryption

What is the main reason online gambling operations are attractive targets for denial of service attacks?

They are often illegal and cannot rely on law enforcement for help.

Which of the following is NOT a common tactic used in phishing attacks?

Requiring users to download malicious software

What is the main purpose of spoofing in cybercrime?

To disguise the attacker's identity and location.

What is the estimated annual loss in revenue due to online piracy worldwide?

Between $30 and $71 billion

Which of the following is a key component of the Information Security Triad?

Data Integrity

What is the primary aim of a Denial of Service (DoS) attack?

To disrupt the normal functioning of a website or server.

Which of the following is NOT an example of a cybercrime that uses technology?

Physical Robbery

What is the term for a criminal who lures individuals into providing confidential information?

Social Engineer

What is the main focus of the Information Security Triad?

Protecting company assets from unauthorized access

Which of the following is NOT a factor used in authentication?

Something they think

What is the primary concern addressed by confidentiality in the CIA Triad?

Protecting data from unauthorized access.

Which authentication method is considered the most secure?

Biometrics

What is an example of an unintentional threat to information integrity?

Both b and c

Which of the following is a common example of a tool used for authentication?

Password

What does 'Need to Know' (NTK) refer to in the context of confidentiality?

The principle of only granting access to information that is necessary for a person's job.

Which of the following is NOT a category of tools used to ensure information security?

Authorization

What is the main purpose of information availability within the CIA Triad?

Making sure data can be accessed and modified by authorized users when needed.

Which of the following is an example of information that requires immediate availability?

Stock market data

What is a key difference between passwords and biometrics in terms of authentication?

Biometrics is harder to compromise than passwords.

What is the primary focus of Chapter 8?

Cybersecurity and its implications

What does the information security triad refer to?

Confidentiality, Integrity, and Availability

Which of the following would NOT be considered cybercrime?

Creating a secure online banking system

Which measure is least effective in securing personal computing environments?

Sharing passwords with friends for convenience

What is a key impact of cybercrime on organizations?

Financial loss and damage to reputation

What aspect of cybersecurity primarily deals with identifying security breaches?

Detection

Which of the following is NOT a component of information security tools?

Instant messaging applications

What is one of the main purposes of cybersecurity measures?

To ensure devices are not compromised

What is the primary reason hackers attempt to crack passwords?

Because they can be easily guessed

What is the recommended frequency for changing passwords?

Every 60 to 90 days

What is pretexting in the context of password security?

A method used by attackers to trick users into revealing their passwords

What is the CIA triangle composed of?

Confidentiality, Integrity, and Availability

What is the purpose of authentication in information security?

To identify and verify users

What is a good password policy?

Requiring passwords to be a minimum of eight characters, with at least one upper-case letter, one special character, and one digit

What is the purpose of access controls in information security?

To prevent unauthorized access

What is the main focus of the Information Security Triad?

Confidentiality, Integrity, and Availability

What is the purpose of encryption in information security?

To protect data in transit

Why is it important to consider the CIA triangle when developing security policies?

Because it provides a framework for security policy development

What is the primary goal of access control in information security?

To ensure users can only access authorized information resources

What is the term for a set of rules applied by network owners to restrict usage?

Acceptable Use Policies (AUP)

What is the purpose of backup procedures in information security?

To make extra copies of data in case of loss or damage

What is biometric authentication an example of?

Something you are

What is the goal of confidentiality in the CIA Triad?

To restrict access to authorized users only

What is an example of a cybercrime that uses technology?

Hacking

What is the purpose of environmental monitoring in information security?

To monitor temperature, humidity, and airflow in server rooms

What is the primary aim of a firewall in information security?

To block unwanted messages or data

What is the purpose of employee training in information security?

To secure equipment when traveling

What is the primary concern addressed by availability in the CIA Triad?

Ensuring information can be accessed and modified in a timely manner

What is the primary benefit of multi-factor authentication?

It combines multiple verification methods to enhance security.

What does access control primarily determine?

Which users can access specific information resources.

What is a major drawback of the Access Control List (ACL) model?

It becomes complex as the number of resources increases.

How does Role-Based Access Control (RBAC) simplify user management?

By consolidating permissions in roles rather than users.

What is the function of encryption in data security?

To scramble data, making it unreadable without a decryption key.

What type of encryption involves sharing an encryption key between two parties?

Symmetric key encryption.

Which of the following is NOT a method to prevent unauthorized data access?

Open-source coding.

What is a limitation of using ACLs in large organizations?

Managing permissions for a large number of resources becomes difficult.

Which of the following describes multi-factor authentication best?

Requiring multiple credentials for login verification.

What advantage does RBAC provide over ACL?

It allows easier updates to user access permissions.

What is a critical consideration when planning data backups to avoid total data loss during a disaster?

Storing backups in an offsite location

What is the purpose of testing data restoration as part of a backup plan?

To ensure the backup process is functional

How can an Uninterruptible Power Supply (UPS) assist in preventing data loss?

By providing battery backup to keep systems online

What defines an 'alternate' or 'hot' site in disaster recovery planning?

An exact replica of data kept updated and ready to use

What is one of the recommended actions to enhance cyber security for businesses?

Develop an incident response plan

What is the primary function of an Intrusion Detection System (IDS)?

To identify and alert about network attacks

Which of the following best describes the role of two-factor authentication?

It adds an extra layer of security during login.

Which of the following is an essential component of physical security?

Locked doors to prevent unauthorized access

Why is it advised to keep operating systems and applications up to date?

To fix known security flaws.

Why is environmental monitoring important in a physical security plan?

To detect environmental threats to hardware

What should individuals do to protect their data from external risks when using public Wi-Fi?

Be cautious and avoid sensitive transactions.

Which of the following describes a common misconception about Intrusion Detection Systems (IDS)?

They provide additional security beyond monitoring.

What is a crucial characteristic of strong passwords?

At least 12 random characters long.

What should organizations assess when considering the impact of downtime?

The effect of unavailability on business operations

What is one of the baseline controls businesses should implement regarding employee training?

Conduct regular employee awareness training.

Which of the following is NOT a recommended practice for data backup?

Backup data once and customize settings rarely.

What is a primary method to protect hardware resources from physical theft?

Implementing device security measures like lockdowns

Why is relying solely on a simple user ID and password considered inadequate for security?

They are easy to compromise.

What should individuals use to secure their online accounts effectively?

Long, unique passwords for each account.

What is a significant risk associated with using unfamiliar USB flash drives?

They can contain malware.

What is a necessary measure to prevent server failures in an organization?

Monitor temperature, humidity, and airflow.

What should employees be trained to do with their laptops while traveling?

Secure them whenever they are away from the office.

What is one key aspect of an effective information security policy?

It should outline guidelines for employee use of information resources.

What does an Acceptable Use Policy (AUP) typically address?

Guidelines for personal use of company resources.

What is a common consequence of violating an Acceptable Use Policy in an organization?

Loss of access to the resource.

How can organizations balance security with usability?

By ensuring security measures do not hinder effective access.

What is a potential downside of overly complex password policies?

Users may write passwords down insecurely.

What is a critical first step in developing an organization's security strategy?

Creating a detailed information security policy.

What should organizations consider when designing security measures?

Prioritizing ease of use for users alongside security.

What is one aspect not typically included in an Acceptable Use Policy?

Information on personal device usage.

What is identity theft?

The act of obtaining someone else's personal information for unauthorized use.

Which statement best describes multifactor authentication?

It requires more than one method of authentication from independent categories.

What is the primary function of an Intrusion Detection System (IDS)?

To identify if the network is being attacked.

What does physical security primarily focus on?

Protecting hardware and networking components storing information.

What technique is used in phishing attacks?

Manipulating the source address to appear legitimate.

Which of the following best defines RBAC?

A method of granting access based on user roles instead of individuals.

How does public key encryption work?

It employs two keys: a public key and a private key.

What is a common method used in social engineering attacks?

Sending emails that appear to be from trusted sources.

What is the purpose of a Universal Power Supply (UPS)?

To provide battery backup and prevent data loss during power failures.

Which of the following statements about spoofing is correct?

Spoofing involves altering the origin address of a message.

What is the primary purpose of a firewall in a network?

To prevent unauthorized access to the network.

In public key encryption, how does a recipient decrypt a message?

Using their private key.

What is the primary difference between a hardware firewall and a software firewall?

A hardware firewall is a physical device, while a software firewall is a program that runs on a computer.

What is a VPN (Virtual Private Network) used for in a corporate network?

To create a secure connection between a remote user and the network.

Why are backups an essential part of a comprehensive information security plan?

To protect against data loss due to hardware failures or cyberattacks.

What is a key difference between public key encryption and symmetric key encryption?

Public key encryption uses two keys, while symmetric key encryption uses a single key.

Which of the following is NOT a common component of a good backup plan?

Implementation of a strong password policy for all users.

What is the primary goal of an anti-virus program?

To detect and remove known malicious programs.

What is the main benefit of using a DMZ (Demilitarized Zone) in a network?

It provides a buffer between the internal network and the internet.

What is the purpose of a router in a network?

To connect different networks together.

Study Notes

Chapter Overview

• Focuses on the importance of cybersecurity in business and personal computing.
• Addresses the increasing target nature of digital devices due to their integration in daily activities.
• Highlights security threats, preventive measures, and tools used for information systems security.

Cybercrime

• Cybercrime involves illegal activities conducted using or targeting computers.
• In Canada, organizations reportedly spent an average of $9.25 million to resolve damages from cyber attacks (2019).
• 21% of Canadian businesses faced cybersecurity incidents, with only 12% reporting these to authorities.
• Small and medium enterprises are particularly vulnerable to immediate financial and privacy risks from cyber threats.
• Cybercriminals target organizations for sensitive customer data, financial information, and proprietary knowledge.
• Consequences of cybercrime include reputational harm, productivity losses, intellectual property theft, and recovery costs.

Personal Information Protection

• PIPEDA mandates private businesses in Canada to safeguard personal data and report any breaches to the privacy commissioner.
• Organizations must understand legal requirements related to personal data handling to minimize impacts of cyber incidents.

Types of Cybercrime

• Targeted Technology Crimes: Examples include malware (viruses, spyware, ransomware) and DoS/DDoS attacks.
• Technology-Facilitated Crimes: Include identity theft, social engineering, hacking, phishing, spoofing, and software piracy.
• Malware encompasses programs designed to disrupt or steal data; ransomware encrypts data, demanding payment for access.
• DDoS attacks involve multiple computers flooding a target to disrupt authorized access.

The Information Security Triad (CIA Triad)

• Confidentiality: Ensures that only authorized users can access certain information.
• Integrity: Guarantees that data remains unchanged and accurately reflects its intended meaning, protecting against unauthorized alterations.
• Availability: Information should be accessible for authorized users within appropriate timeframes, depending on the context.

Tools for Security

• Organizations utilize various tools categorized into authentication, prevention, and detection tools to ensure information security.

Authentication

• Authentication verifies user identity through:
  • Passwords: Most common but may be easily compromised.
  • Out-of-Wallet Questions: Security questions known only to the user.
  • Tokens: Physical items (like keys/cards) for identification, which can be lost.
  • Biometrics: Uses unique physical traits for identification (e.g., fingerprints).
  • Multi-factor Authentication: Combines multiple identification factors for enhanced security.

Prevention Measures

• Access control, encryption, firewalls, antivirus programs, and backups help prevent unauthorized access and data loss.

• Access Control: Regulates who can access and interact with information.

  • Access Control List (ACL) assigns specific actions to users but can be challenging to manage with increasing users and resources.
  • Role-Based Access Control (RBAC) assigns permissions based on user roles, allowing simplified management.

• Encryption: Scrambles data to make it unreadable without a decryption key, enhancing data security during transmission.

  • Symmetric key encryption shares one key between sender and receiver, while public key encryption involves a pair of keys.

• Firewalls: Filter incoming and outgoing network traffic based on established security rules, available as both hardware and software options.### VPNs and Access Security

• VPNs enable remote users to bypass firewalls and access corporate internal networks securely.

• Combines software and security measures to maintain overall network security during off-site access.

Antivirus Programs

• Antivirus software detects and removes malicious programs like viruses and spyware.
• Functions as a reactive measure, requiring updates to recognize new threats.

Backup Strategies

• Essential for protecting organizational data, including server and individual computer backups.
• Key components of a backup plan include:
  • Understanding information assets and their storage locations (servers, hard drives, cloud).
  • Regular backups based on data criticality; daily backups for critical data, weekly for less important.
  • Offsite storage to protect against disasters, ensuring backups are separate from original data.
  • Regular testing of backup restoration processes to confirm functionality and reliability.

Physical and Operational Security

• Physical security measures protect hardware and networking components, vital for data integrity.
• Implementation includes:
  • Locked doors and restricted access to sensitive areas.
  • Physical intrusion detection via security cameras.
  • Environmental monitoring to ensure optimal conditions for sensitive equipment.
  • Employee training against theft, particularly during travel.

Security Policies

• Security policies are vital administrative controls establishing guidelines for resource use.
• Must comply with legal and regulatory requirements relevant to the organization.
• Acceptable Use Policies (AUPs) delineate allowable actions while using organizational resources.

Incident Response and Network Security Measures

• Organizations should develop incident response plans as part of their cybersecurity strategy.
• Employ multiple security measures including:
  • Regular software updates and enabling security software.
  • Strong user authentication, employee training, and data backup protocols.
  • Secure configurations for devices and cloud services.

Password Security

• Effective password policies should require complexity, regular changes, and avoidance of reuse.
• Employee training is crucial to prevent social engineering tactics used to steal passwords.

Cybersecurity Framework

• The CIA triangle (Confidentiality, Integrity, Availability) is foundational for security policy development.
• Tools for enhancing security include authentication measures, firewalls, and intrusion detection systems.

Cybercrime

• Defined as illegal acts using computers or targeting them.
• The increase of cybercrime correlates with the growing reliance on technology in businesses.

User Position on Data Privacy

• Organizations need to consider user rights and data handling ethics.
• Users should maintain control over their personal data, with organizations held accountable for ethical management.

Key Terms Summary

• Access Control: Limits user access to information based on permissions.
• Acceptable Use Policies (AUP): Rules governing the acceptable use of resources.
• Authentication: Verifying user identity through knowledge, tokens, or biometrics.
• Backup: Creating copies of data for recovery: a critical disaster recovery strategy.### Biometric Authentication
• Verifies identity using unique biological traits, e.g., fingerprints.

Confidentiality

• Ensures information access is restricted to authorized individuals.

Cybercrime

• Refers to illegal activities using a computer or targeting a computer.

Denial-of-Service (DoS) Attack

• Prevents authorized users from accessing a web server.

Employee Training

• Essential for securing equipment; employees should safeguard laptops during travel.

Encryption

• Encodes data during transmission/storage, ensuring only authorized access.

Environmental Monitoring

• High-value equipment like servers must be monitored for temperature, humidity, and airflow to prevent failure.

Firewall

• Increases network security by blocking unauthorized data and messages.

Hacking

• Involves unauthorized access to a computer.

Identity Theft

• Criminals exploit personal information for unauthorized use.

Integrity

• Guarantees that accessed information is unaltered and accurate.

Intrusion Detection System (IDS)

• Identifies potential attacks on the network.

Physical Security

• Protects hardware and networking components holding sensitive information.

Locked Doors

• Secure valuable information assets in controlled-access locations to prevent physical theft.

Multifactor Authentication

• Requires multiple independent authentication methods for identity verification.

Phishing

• Deceptive emails posing as trusted sources to extract personal information.

Physical Intrusion Detection

• Monitors secure locations with security cameras to detect unauthorized access.

Piracy

• Illegal copying and distribution of software is classified as a computer crime.

Public Key Encryption

• Utilizes a pair of keys (public and private) for secure message transmission.

RBAC (Role-Based Access Control)

• Users assigned roles determine access rights, simplifying security management.

Secured Equipment

• Devices should be locked to prevent theft of sensitive data.

Spoofing

• Disguising identity by altering the source address of messages to appear authorized.

Social Engineering

• Manipulates individuals into revealing confidential information.

Symmetric Key Encryption

• Both parties share the encryption key to secure information transmission.

Universal Power Supply (UPS)

• Provides battery backup for critical system components, preventing data loss during power failures.

VPN (Virtual Private Network)

• Enables external users to access internal corporate networks securely by bypassing firewalls.

Description

Test your knowledge on cyber security in Canada, including the average cost of resolving cyber attacks, percentage of impacted businesses, and more.