Cybersecurity and Privacy Laws

Questions and Answers

What is the primary goal of ensuring confidentiality in information security?

To counter cyber terrorism

To prevent data theft

To maintain productivity

To ensure that only authorized users have access to information (correct)

What is the main purpose of the Personal Data Protection Act 2012?

To prevent hacking

To prevent identity theft

To maintain corporate governance

To protect personal data (correct)

What is phishing?

A type of hacking

A type of malware

A type of identity theft through fraudulent emails (correct)

A type of denial of service attack

What is the primary purpose of non-repudiation in information security?

To assure non-denial of communication or transaction

What is the main consequence of a successful denial of service attack?

Inaccessible information to authorized users

What is the primary goal of the Cybersecurity Act 2018?

To prevent cyber terrorism and other cyber threats

What is a common goal of cyber-terrorist attacks?

To deny services to legitimate computer users

What is a characteristic of a computer worm?

It can spread and replicate on its own

What is the role of a botnet herder?

To control a group of infected computers

What is a challenge in defending against cyber attacks?

Attackers can launch attacks against millions of computers within minutes

What is a type of hacker that uses hacking for a political or social cause?

Hacktivist

What is a feature of the internet that makes it vulnerable to attacks?

It allows universal access

What is the main difference between a computer virus and a worm?

A virus requires human action to spread, while a worm does not

What is the purpose of a Trojan horse?

To create a backdoor for remote control

Study Notes

Common Internet Vulnerabilities

• Hacking: unauthorised access to systems or data
• Denial of Service (DoS) attack: flooding a system with traffic to make it unavailable
• Phishing: tricking users into revealing sensitive information
• Malware infection: installing harmful software on IT systems
• Identity theft: stealing personal information to impersonate victims

Internet and Privacy Laws

• Cybersecurity Act Laws 2018 (CSA): regulates cybersecurity in Singapore
• Computer Misuse Act (CMA): criminalises unauthorised access to computer systems
• Personal Data Protection Act 2012 (PDPA): protects personal data in Singapore
• Corporate Governance: ensures accountability in organisations
• Protection from Online Falsehoods and Manipulation Act (POFMA): combats online falsehoods

Principles of Information Security

Confidentiality

• Ensures only authorised users have access to information

Integrity

• Protects information from unauthorised access, ensuring trustworthiness and accuracy

Availability

• Ensures information is accessible to authorised users when needed

Authentication

• Verifies the identity of individuals

Non-Repudiation

• Ensures individuals cannot deny involvement in a transaction or communication

Goals of Information Security

• Prevent data theft
• Prevent identity theft
• Maintain productivity
• Counter cyber terrorism

Difficulties in Defending Against Attacks

• Universally connected devices make attacks easier
• Increased speed of attacks
• Greater sophistication of attacks
• Availability and simplicity of attack tools
• Faster detection of vulnerabilities
• Delays and weak patching
• Distributed attacks
• User confusion

Types of Hackers

• White Hat: ethical hackers
• Black Hat: malicious hackers
• Gray Hat: hackers with mixed intentions
• Elite Hackers: highly skilled hackers
• Script Kiddies: amateur hackers using existing tools
• Hacktivist: hackers with a political or social agenda
• Cyber-Terrorist: hackers with malicious intent

Goals of Cyber Terror Attacks

• Deface websites and spread misinformation
• Deny services to legitimate users
• Commit unauthorised intrusions and corruption of data

5 Key Features of the Internet

• A network of networks
• Controlled by no one
• Allows efficient communication between organisations
• Robust architecture
• Geographically distributed with universal access

Differences Between Computer Worms and Viruses

Computer Viruses

• Can replicate themselves
• Need a carrier to infect computers
• Infect files (programs or data)
• Require human action to spread
• Cannot be remotely controlled

Computer Worms

• Can spread and replicate on their own
• Do not require a carrier to infect computers
• Can spread without human action
• Can be remotely controlled

Trojan Horse

• Creates a backdoor for remote control
• Does not replicate itself
• Must be installed by an unwitting user

Botnet Herder

• Controls a botnet (group of infected computers)
• Can command zombies to participate in a coordinated attack

Logic Bomb

• Malicious code that activates at a specific point
• Can be used to destroy data or disrupt systems

Description

This quiz covers common internet vulnerabilities, principles of information security, and various privacy laws, including the Cybersecurity Act, Computer Misuse Act, and Personal Data Protection Act.