Podcast
Questions and Answers
What type of malware can be transmitted to a smartphone without user intervention?
What type of malware can be transmitted to a smartphone without user intervention?
Which mobile operating system is targeted by most hackers according to the text?
Which mobile operating system is targeted by most hackers according to the text?
What is the reported increase in malicious mobile malware attacks from 2017 to 2018 according to Kaspersky Lab?
What is the reported increase in malicious mobile malware attacks from 2017 to 2018 according to Kaspersky Lab?
Which social networking site is mentioned as a conduit for malware in the text?
Which social networking site is mentioned as a conduit for malware in the text?
Signup and view all the answers
What percentage of the world's spam is delivered by botnets?
What percentage of the world's spam is delivered by botnets?
Signup and view all the answers
Which type of attack involved the Mirai botnet in October 2016?
Which type of attack involved the Mirai botnet in October 2016?
Signup and view all the answers
What is the average annualized cost of cybercrime security for organizations in 2018?
What is the average annualized cost of cybercrime security for organizations in 2018?
Signup and view all the answers
Which type of computer crime involves gaining unauthorized access?
Which type of computer crime involves gaining unauthorized access?
Signup and view all the answers
What is a major concern that prevents many companies from reporting computer crimes?
What is a major concern that prevents many companies from reporting computer crimes?
Signup and view all the answers
What type of attack involves activities of malicious insiders?
What type of attack involves activities of malicious insiders?
Signup and view all the answers
In 2019, what were the fraud losses in the United States due to identity theft?
In 2019, what were the fraud losses in the United States due to identity theft?
Signup and view all the answers
Which phishing technique involves redirecting users to a bogus web page by gaining access to Internet address information?
Which phishing technique involves redirecting users to a bogus web page by gaining access to Internet address information?
Signup and view all the answers
What is the primary goal of phishing?
What is the primary goal of phishing?
Signup and view all the answers
Which attack involves infecting computers with bot malware to open a back door for attackers to give instructions?
Which attack involves infecting computers with bot malware to open a back door for attackers to give instructions?
Signup and view all the answers
What type of attack involves launching a DDoS attack against Dyn in October 2016?
What type of attack involves launching a DDoS attack against Dyn in October 2016?
Signup and view all the answers
What is the primary concern for small and midsize businesses with less protected networks in relation to DDoS attacks?
What is the primary concern for small and midsize businesses with less protected networks in relation to DDoS attacks?
Signup and view all the answers
Which type of attack involves misrepresenting oneself through fake email addresses or redirecting web links to steal sensitive information?
Which type of attack involves misrepresenting oneself through fake email addresses or redirecting web links to steal sensitive information?
Signup and view all the answers
What type of malware appears benign but performs unexpected actions, allowing the introduction of viruses or malicious code?
What type of malware appears benign but performs unexpected actions, allowing the introduction of viruses or malicious code?
Signup and view all the answers
What type of attack exploits vulnerabilities in web application software to introduce malicious code into a company’s systems?
What type of attack exploits vulnerabilities in web application software to introduce malicious code into a company’s systems?
Signup and view all the answers
Which type of attack floods network servers with false communications to crash the network?
Which type of attack floods network servers with false communications to crash the network?
Signup and view all the answers
What type of attack extorts money by taking control of computers and encrypting data?
What type of attack extorts money by taking control of computers and encrypting data?
Signup and view all the answers
What serves advertising and monitors user web-surfing activity, with keyloggers being a particularly nefarious type?
What serves advertising and monitors user web-surfing activity, with keyloggers being a particularly nefarious type?
Signup and view all the answers
Which type of attack involves unauthorized access to computer systems, and criminal hackers, or crackers, engage in theft, system damage, and cybervandalism?
Which type of attack involves unauthorized access to computer systems, and criminal hackers, or crackers, engage in theft, system damage, and cybervandalism?
Signup and view all the answers
What involves using numerous computers to overwhelm the network with false communications?
What involves using numerous computers to overwhelm the network with false communications?
Signup and view all the answers
Which type of malware steals banking login credentials and infected 3.6 million computers in 2009?
Which type of malware steals banking login credentials and infected 3.6 million computers in 2009?
Signup and view all the answers
What type of attack can steal proprietary information from networks when used for criminal purposes?
What type of attack can steal proprietary information from networks when used for criminal purposes?
Signup and view all the answers
What poses security challenges from devices, platforms, communications, and connected systems?
What poses security challenges from devices, platforms, communications, and connected systems?
Signup and view all the answers
What is needed to protect IoT devices and platforms from information attacks and physical tampering, and to encrypt their communications?
What is needed to protect IoT devices and platforms from information attacks and physical tampering, and to encrypt their communications?
Signup and view all the answers
What is the average cost of a data breach among 507 surveyed companies globally, according to the 2019 Cost of a Data Breach Report?
What is the average cost of a data breach among 507 surveyed companies globally, according to the 2019 Cost of a Data Breach Report?
Signup and view all the answers
When did the U.S. Congress address computer crime threats?
When did the U.S. Congress address computer crime threats?
Signup and view all the answers
What is the main focus of cyberwarfare?
What is the main focus of cyberwarfare?
Signup and view all the answers
Which entities are considered targets of cyberwarfare?
Which entities are considered targets of cyberwarfare?
Signup and view all the answers
What did foreign hackers steal from the United States?
What did foreign hackers steal from the United States?
Signup and view all the answers
Which countries are reported to be developing offensive cyberattack capabilities?
Which countries are reported to be developing offensive cyberattack capabilities?
Signup and view all the answers
What is the role of the U.S. Cyber Command?
What is the role of the U.S. Cyber Command?
Signup and view all the answers
What does cyberwarfare pose a serious threat to?
What does cyberwarfare pose a serious threat to?
Signup and view all the answers
What is a significant cause of network security breaches according to the text?
What is a significant cause of network security breaches according to the text?
Signup and view all the answers
How might employees inadvertently compromise systems?
How might employees inadvertently compromise systems?
Signup and view all the answers
What may failure to comply with legal and regulatory requirements for electronic records management lead to?
What may failure to comply with legal and regulatory requirements for electronic records management lead to?
Signup and view all the answers
What is the primary focus of the Sarbanes-Oxley Act of 2002?
What is the primary focus of the Sarbanes-Oxley Act of 2002?
Signup and view all the answers
What is the main focus of disaster recovery planning?
What is the main focus of disaster recovery planning?
Signup and view all the answers
What is the purpose of business continuity planning?
What is the purpose of business continuity planning?
Signup and view all the answers
What is the goal of business impact analysis?
What is the goal of business impact analysis?
Signup and view all the answers
What do information systems audits primarily examine?
What do information systems audits primarily examine?
Signup and view all the answers
What is the main focus of audits in relation to Sarbanes-Oxley?
What is the main focus of audits in relation to Sarbanes-Oxley?
Signup and view all the answers
What is the purpose of using duplicate computer centers or cloud-based disaster recovery services?
What is the purpose of using duplicate computer centers or cloud-based disaster recovery services?
Signup and view all the answers
What is the focus of PricewaterhouseCoopers LLP (PwC) UK's business continuity plans?
What is the focus of PricewaterhouseCoopers LLP (PwC) UK's business continuity plans?
Signup and view all the answers
What is the primary purpose of an information systems audit?
What is the primary purpose of an information systems audit?
Signup and view all the answers
What is the main goal of business impact analysis?
What is the main goal of business impact analysis?
Signup and view all the answers
What is the primary purpose of disaster recovery planning?
What is the primary purpose of disaster recovery planning?
Signup and view all the answers
What is the main focus of business continuity planning?
What is the main focus of business continuity planning?
Signup and view all the answers
Study Notes
Cybersecurity and Cyberwarfare Threats
- The 2019 Cost of a Data Breach Report found that the average cost of a data breach among 507 surveyed companies globally was $3.92 million.
- The U.S. Congress addressed computer crime threats in 1986 with the Computer Fraud and Abuse Act, making unauthorized computer system access illegal.
- European nations and most U.S. states have similar laws addressing computer crimes.
- Cyberwarfare involves state-sponsored activities designed to cripple and defeat other nations by penetrating their computers or networks to cause damage and disruption.
- Cyberwarfare targets include military, power grids, financial systems, and communication networks, and can be conducted by nonstate actors such as terrorists or criminal groups.
- Foreign hackers have stolen source code, blueprints, and plans for critical infrastructure from the United States.
- U.S. intelligence reports that over 30 countries are developing offensive cyberattack capabilities, including Russia, China, Iran, and North Korea.
- The U.S. Cyber Command coordinates and directs operations and defense of Department of Defense information networks and prepares for military cyberspace operations.
- Cyberwarfare poses a serious threat to the infrastructure of modern societies, including their major financial, health, government, and industrial institutions that rely on the Internet for daily operations.
- Insiders pose serious security problems for businesses, with user lack of knowledge being the greatest cause of network security breaches.
- Employees may inadvertently compromise systems by forgetting passwords or falling victim to social engineering tactics.
- Companies face legal and regulatory requirements for electronic records management, such as the General Data Protection Regulation (GDPR) in the EU, and failure to comply may lead to costly litigation.
Information Security Regulations and Auditing
- HIPAA (Health Insurance Portability and Accountability Act) of 1996 outlines security and privacy rules for healthcare data, including privacy, security, and electronic transaction standards.
- The U.S. Financial Services Modernization Act (Gramm-Leach-Bliley Act) requires financial institutions to ensure the security and confidentiality of customer data, including storage and transmittal.
- The Sarbanes-Oxley Act of 2002 is designed to protect investors in public companies by ensuring the accuracy and integrity of financial information.
- In the UK, regulations such as the Records Management Code of Practice for Health and Social Care and the Companies Act 2006 impose specific requirements for managing records and corporate governance.
- Sarbanes-Oxley focuses on internal controls to govern the creation and documentation of financial information, requiring consideration of information systems security and controls.
- Disaster recovery planning focuses on the restoration of disrupted computing and communications services, while business continuity planning focuses on restoring business operations after a disaster.
- Firms may use duplicate computer centers, cloud-based disaster recovery services, or firms providing spare computers for emergency backup.
- Business continuity plans identify critical business processes and action plans for handling mission-critical functions if systems go down.
- PricewaterhouseCoopers LLP (PwC) UK has developed business continuity plans to provide resilient and recoverable operations in the event of crises.
- Business impact analysis is conducted to identify critical systems and determine the maximum amount of time the business can survive with its systems down.
- Information systems audits examine the firm’s security environment and controls, trace the flow of transactions, and may simulate an attack or disaster to test the response.
- Audits list and rank control weaknesses, estimating the probability of their occurrence and assessing financial and organizational impacts.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the world of cybersecurity and cyberwarfare threats, including state-sponsored activities, data breaches, insider security problems, and the impact on modern societies. Learn about information security regulations and auditing, including laws like HIPAA, the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act, as well as disaster recovery planning and business impact analysis.