51 Questions
What type of malware can be transmitted to a smartphone without user intervention?
Worm
Which mobile operating system is targeted by most hackers according to the text?
Android
What is the reported increase in malicious mobile malware attacks from 2017 to 2018 according to Kaspersky Lab?
100%
Which social networking site is mentioned as a conduit for malware in the text?
What percentage of the world's spam is delivered by botnets?
90%
Which type of attack involved the Mirai botnet in October 2016?
DDoS
What is the average annualized cost of cybercrime security for organizations in 2018?
$13 million
Which type of computer crime involves gaining unauthorized access?
Phishing
What is a major concern that prevents many companies from reporting computer crimes?
Fear of reputational damage
What type of attack involves activities of malicious insiders?
DDoS attacks
In 2019, what were the fraud losses in the United States due to identity theft?
$16.9 billion
Which phishing technique involves redirecting users to a bogus web page by gaining access to Internet address information?
Pharming
What is the primary goal of phishing?
Obtaining personal data
Which attack involves infecting computers with bot malware to open a back door for attackers to give instructions?
Botnet
What type of attack involves launching a DDoS attack against Dyn in October 2016?
DDoS
What is the primary concern for small and midsize businesses with less protected networks in relation to DDoS attacks?
Financial damage
Which type of attack involves misrepresenting oneself through fake email addresses or redirecting web links to steal sensitive information?
Spoofing
What type of malware appears benign but performs unexpected actions, allowing the introduction of viruses or malicious code?
Trojan horse
What type of attack exploits vulnerabilities in web application software to introduce malicious code into a company’s systems?
SQL injection
Which type of attack floods network servers with false communications to crash the network?
Denial-of-service (DoS) attacks
What type of attack extorts money by taking control of computers and encrypting data?
Ransomware
What serves advertising and monitors user web-surfing activity, with keyloggers being a particularly nefarious type?
Spyware
Which type of attack involves unauthorized access to computer systems, and criminal hackers, or crackers, engage in theft, system damage, and cybervandalism?
Hackers
What involves using numerous computers to overwhelm the network with false communications?
Distributed denial-of-service (DDoS) attacks
Which type of malware steals banking login credentials and infected 3.6 million computers in 2009?
ZeuS (Zbot) Trojan
What type of attack can steal proprietary information from networks when used for criminal purposes?
Sniffers
What poses security challenges from devices, platforms, communications, and connected systems?
The Internet of Things (IoT)
What is needed to protect IoT devices and platforms from information attacks and physical tampering, and to encrypt their communications?
New security tools
What is the average cost of a data breach among 507 surveyed companies globally, according to the 2019 Cost of a Data Breach Report?
$3.92 million
When did the U.S. Congress address computer crime threats?
1986
What is the main focus of cyberwarfare?
Penetrating computers or networks to cause damage and disruption
Which entities are considered targets of cyberwarfare?
Military, power grids, financial systems, and communication networks
What did foreign hackers steal from the United States?
Source code, blueprints, and plans for critical infrastructure
Which countries are reported to be developing offensive cyberattack capabilities?
Russia, China, Iran, and North Korea
What is the role of the U.S. Cyber Command?
Coordinates and directs operations and defense of Department of Defense information networks
What does cyberwarfare pose a serious threat to?
Infrastructure of modern societies, including major financial, health, government, and industrial institutions
What is a significant cause of network security breaches according to the text?
User lack of knowledge
How might employees inadvertently compromise systems?
Forgetting passwords or falling victim to social engineering tactics
What may failure to comply with legal and regulatory requirements for electronic records management lead to?
Costly litigation
What is the primary focus of the Sarbanes-Oxley Act of 2002?
Ensuring the accuracy and integrity of financial information
What is the main focus of disaster recovery planning?
Restoration of disrupted computing and communications services
What is the purpose of business continuity planning?
Restoring business operations after a disaster
What is the goal of business impact analysis?
Identifying critical systems and determining the maximum amount of downtime
What do information systems audits primarily examine?
The firm’s security environment and controls
What is the main focus of audits in relation to Sarbanes-Oxley?
Internal controls to govern the creation and documentation of financial information
What is the purpose of using duplicate computer centers or cloud-based disaster recovery services?
Restoring computing and communications services
What is the focus of PricewaterhouseCoopers LLP (PwC) UK's business continuity plans?
Providing resilient and recoverable operations in the event of crises
What is the primary purpose of an information systems audit?
Examine the firm’s security environment and controls
What is the main goal of business impact analysis?
Identify critical systems and determine the maximum amount of time the business can survive with its systems down
What is the primary purpose of disaster recovery planning?
Restore disrupted computing and communications services
What is the main focus of business continuity planning?
Restore business operations after a disaster
Study Notes
Cybersecurity and Cyberwarfare Threats
- The 2019 Cost of a Data Breach Report found that the average cost of a data breach among 507 surveyed companies globally was $3.92 million.
- The U.S. Congress addressed computer crime threats in 1986 with the Computer Fraud and Abuse Act, making unauthorized computer system access illegal.
- European nations and most U.S. states have similar laws addressing computer crimes.
- Cyberwarfare involves state-sponsored activities designed to cripple and defeat other nations by penetrating their computers or networks to cause damage and disruption.
- Cyberwarfare targets include military, power grids, financial systems, and communication networks, and can be conducted by nonstate actors such as terrorists or criminal groups.
- Foreign hackers have stolen source code, blueprints, and plans for critical infrastructure from the United States.
- U.S. intelligence reports that over 30 countries are developing offensive cyberattack capabilities, including Russia, China, Iran, and North Korea.
- The U.S. Cyber Command coordinates and directs operations and defense of Department of Defense information networks and prepares for military cyberspace operations.
- Cyberwarfare poses a serious threat to the infrastructure of modern societies, including their major financial, health, government, and industrial institutions that rely on the Internet for daily operations.
- Insiders pose serious security problems for businesses, with user lack of knowledge being the greatest cause of network security breaches.
- Employees may inadvertently compromise systems by forgetting passwords or falling victim to social engineering tactics.
- Companies face legal and regulatory requirements for electronic records management, such as the General Data Protection Regulation (GDPR) in the EU, and failure to comply may lead to costly litigation.
Information Security Regulations and Auditing
- HIPAA (Health Insurance Portability and Accountability Act) of 1996 outlines security and privacy rules for healthcare data, including privacy, security, and electronic transaction standards.
- The U.S. Financial Services Modernization Act (Gramm-Leach-Bliley Act) requires financial institutions to ensure the security and confidentiality of customer data, including storage and transmittal.
- The Sarbanes-Oxley Act of 2002 is designed to protect investors in public companies by ensuring the accuracy and integrity of financial information.
- In the UK, regulations such as the Records Management Code of Practice for Health and Social Care and the Companies Act 2006 impose specific requirements for managing records and corporate governance.
- Sarbanes-Oxley focuses on internal controls to govern the creation and documentation of financial information, requiring consideration of information systems security and controls.
- Disaster recovery planning focuses on the restoration of disrupted computing and communications services, while business continuity planning focuses on restoring business operations after a disaster.
- Firms may use duplicate computer centers, cloud-based disaster recovery services, or firms providing spare computers for emergency backup.
- Business continuity plans identify critical business processes and action plans for handling mission-critical functions if systems go down.
- PricewaterhouseCoopers LLP (PwC) UK has developed business continuity plans to provide resilient and recoverable operations in the event of crises.
- Business impact analysis is conducted to identify critical systems and determine the maximum amount of time the business can survive with its systems down.
- Information systems audits examine the firm’s security environment and controls, trace the flow of transactions, and may simulate an attack or disaster to test the response.
- Audits list and rank control weaknesses, estimating the probability of their occurrence and assessing financial and organizational impacts.
Explore the world of cybersecurity and cyberwarfare threats, including state-sponsored activities, data breaches, insider security problems, and the impact on modern societies. Learn about information security regulations and auditing, including laws like HIPAA, the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act, as well as disaster recovery planning and business impact analysis.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
