Cyber Security: Weeks 1 & 2

Questions and Answers

What is the primary concern if a student attends an SGTA session for which they are not registered?

• The session content will not be relevant to their course.
• They will not receive credit for attending the session.
• The tutor may ask them to leave or not mark their paper. (correct)
• They will be required to pay an additional fee.

What is the weighting of the quiz towards the final grade?

• 50%
• 30% (correct)
• 70%
• 16%

Which of the following is NOT a component of the CIA Triad?

• Confidentiality
• Availability
• Authentication (correct)
• Integrity

Which of the following is an example of a real-world cyber incident?

A data breach resulting in the compromise of user data. (A)

What does 'defensive mindset' and 'defence in depth' refer to?

Concepts related to cyber hygiene. (B)

Which of the following is NOT typically considered a method of social engineering?

System Hardening. (D)

Why is cyber security education and training important in building a cyber-resilient culture?

It ensures that all employees understand their roles and responsibilities in maintaining security. (D)

Which of the following is the MOST accurate description of 'system hardening'?

Minimizing vulnerabilities by reducing the attack surface. (B)

What is the primary risk associated with using public Wi-Fi networks?

Exposure to MITM attacks. (C)

What is the role of firewalls and antivirus software?

To prevent and detect malware and unauthorized access. (A)

Which of the following is an example of a threat type?

Ransomware. (B)

What is the difference between top-down and bottom-up methods of implementation in cyber security?

Top-down refers to implementing security measures starting at the executive level, while bottom-up starts with individual users. (B)

Which of the following is an example of a key security tool used for protection and prevention?

Data Loss Prevention (DLP) (D)

In the context of digital ethics, what does 'utilitarianism' emphasize?

The consequences of actions to maximize overall happiness. (C)

What is the primary concern related to AI and data-driven decisions from an ethical standpoint?

The potential for bias and discrimination. (D)

Why is understanding concepts more valuable than memorizing definitions in cyber security?

Understanding enables problem-solving and adaptation to new situations. (D)

How can understanding the real-world relevance of cyber security practices improve decision-making?

By understanding how security measures affect daily life. (D)

Why is it important to explain why certain cyber security practices or decisions are ethical or insecure?

To encourage a culture of ethical awareness and accountability. (C)

Which scenario showcases the tension between security and privacy?

Utilizing facial recognition technology. (A)

Why is it important to consider how technical and human elements interact in cyber risk?

Human error often undermines strong technical defenses. (D)

Flashcards

CIA Triad

Confidentiality, Integrity, and Availability. A model designed to guide information security policies.

Cyber Hygiene

The practice of protecting systems and data through good habits like password management, updates, and isolation.

Defensive mindset

The proactive security measure to anticipate potential attacks and reduce system's attack surface.

System hardening

Strengthening systems to withstand attacks by reducing vulnerabilities and minimizing potential damage.

Social engineering techniques

Manipulating individuals into divulging confidential information, achieved via phishing, baiting, vishing, whaling.

Network Components Vulnerabilities

Exploits that target vulnerabilities in network infrastructure.

Malware

Malicious software intended to damage or disable computer systems.

MITM attack

Attack where the attacker intercepts and possibly alters data transmitted between two parties.

SQL injection

A type of attack that exploits vulnerabilities in a database.

Firewalls

Software to prevent unauthorized access to or from a private network.

Antivirus

Software designed to detect and destroy computer viruses.

Ransomware

Malicious software that encrypts a victim's data and demands a ransom to restore access.

Insider threats

Employees or former employees who exploit their access for malicious purposes.

DDoS

A type of cyberattack where a malicious actor overwhelms a server with traffic, making it unavailable.

Backups

Creating copies of data to allow for recovery in case of data loss or corruption.

Logging

Recording user activity for monitoring and analysis.

Auditing

Reviewing system logs to identify security breaches.

Encryption

Converting data into coded form to prevent unauthorized access.

NAC

Network Access Control. Managing access to a network based on defined policies.

Digital ethics

Practices focusing on the moral principles and values guiding decisions in the digital world.

Study Notes

• If attending an SGTA session not registered for on eStudent, the tutor may ask the student to leave or not mark the paper.
• The quiz duration is 40 minutes, incorporating Universal Design for Learning (UDL) to allow all students to complete it within the timeframe.
• The quiz is weighted at 30% of the final grade, even though it is marked out of 16.
• The quiz format includes eight multiple-choice questions, two short-answer questions, and one scenario-based question.

Week 1: Introduction to Cyber Security

• The CIA Triad encompasses Confidentiality, Integrity, and Availability.
• Real-world cyber incidents have a significant impact.
• Key challenges in cybersecurity include technology, policy, economics, and society.
• It is important to grasp the interdisciplinary nature of cybersecurity.

Week 2: Cyber Hygiene

• Cyber hygiene principles include password practices, updates, and isolation.
• Concepts include defensive mindset and defense in-depth strategies.
• System hardening is an important aspect.
• Important tools include antivirus software, encryption, and backups.

Week 3: The Human Factor

• Phishing, baiting, vishing, whaling, and dumpster diving are examples of social engineering techniques.
• Understanding why people fall for attacks is important.
• Cyber security education and training are important.
• Roles and responsibilities in building a cyber-resilient culture are key.

Week 4: Technical Foundations

• Understanding the basics of network components and their vulnerabilities is crucial.
• Common attack types include malware, MITM, and SQL injection.
• Firewalls and antivirus software play a critical role.
• Familiarity of WEP, WPA, WPA2, and the risks of public Wi-Fi is needed.

Week 5: Protection & Prevention

• Threat types include malware, ransomware, insider threats, and DDoS attacks.
• Understanding the CIA Triad in real-attack scenarios is a must.
• Implementation methods include top-down versus bottom-up approaches.
• Key tools include backups, logging, auditing, encryption, NAC, and DLP.
• Disaster recovery planning is importance.

Week 6: Societal Security & Ethics

• Digital ethics involves utilitarianism versus deontology.
• Ethical concerns arise in AI and data-driven decisions.
• Case studies involving data breaches and ransomware are insightful.
• There are tensions between security and privacy, such as facial recognition and contact tracing
• Professional codes of ethics and responsibilities are important.

General Tips

• Focus on understanding concepts rather than memorizing definitions.
• Consider the real-world relevance of the topics learned.
• Explain why certain practices or decisions are ethical or insecure.
• Pay attention to how technical and human elements interact in cyber risk.