Cybersecurity Concepts and Threats

Questions and Answers

Which of the following describes what patents grant to their holders?

• The right to prevent others from making, using, or selling an invention. (correct)
• The right to copyright any written work immediately.
• The right to share formulas without restriction.
• The right to use trade secrets for their business.

Which of the following is not one of the key provisions of the Data Privacy Act of 2012?

• Secure storage of personal information.
• Rights of individuals to access and correct their data.
• Transparency in data collection.
• Legal protections for hate speech. (correct)

What type of policy primarily governs how data is handled within an organization?

• Data Classification Policy (correct)
• Access Control Policy
• Acceptable Use Policy
• Incident Response Policy

What cultural aspect do indigenous rights pertain to in the context of intellectual property?

Protection and recognition of community-designed innovations. (D)

Which of the following is an example of a trade secret?

A unique formula for a beverage. (A)

What is the primary role of proactive intrusion detection in physical security?

To serve as the first line of defense against intrusion (D)

What distinguishes known exploits from unknown exploits?

Known exploits have been discovered and documented, while unknown exploits have not. (B)

Which characteristic is essential for scalable physical security implementation?

Ease of installation and quick setup (B)

What is one advantage of cloud-operated physical security systems?

They easily integrate with other software and applications (B)

Which of the following best describes a denial of service (DoS) attack?

An attack that floods a system with data to render it non-functional. (D)

What does operational security primarily focus on?

Viewing operations from the perspective of an adversary (B)

What type of forensics involves the investigation of network traffic?

Network forensics (D)

Which of the following is NOT a method of data collection as outlined?

Direct Interviews (B)

Which of the following is a characteristic of malware?

It can include viruses, ransomware, and spyware. (A)

What does identity theft typically involve?

Unauthorized access to a user's personal information for illicit benefit. (B)

What is required from organizations before collecting personal data?

Clear and informed consent from individuals (A)

What is a significant concern associated with the over-sharing of information on social media?

Increased risk to personal privacy (B)

How does cryptojacking primarily operate?

By mining cryptocurrencies using the victims' computer resources without their consent. (A)

What is the primary goal of malware forensics?

To find, examine, and track down attacking malware. (A)

How can criminal defamation laws be misused?

By allowing public interest issues to be overlooked (D)

What is the primary purpose of physical security measures?

To protect buildings and secure equipment inside. (B)

Flashcards

Security Incident

A security event that damages network resources or data due to an attack or threat.

Exploit

A code, software, or method used by attackers to exploit vulnerabilities in applications, systems, or networks.

Known Exploits

Vulnerabilities or attack methods already discovered and made public.

Unknown Exploits (Zero-day)

Vulnerabilities or attack methods unknown to the public.

Denial of Service (DoS) Attack

An attack that floods a computer or website with data to overload it and prevent it from working.

Malware

Harmful software like spyware, viruses, ransomware, and worms that can access a system's data.

Disk Forensics

A type of forensics focusing on recovering deleted data and hidden partitions from physical storage devices.

Physical Security

Measures designed to protect buildings and equipment inside, keeping unwanted people out and granting access to authorized personnel.

Freedom of Expression

The ability of individuals to freely express their thoughts, beliefs, and opinions without government censorship.

Criminal Defamation Laws

Laws that punish individuals for making false and damaging statements about others. These laws are often misused.

Information Privacy

The right of individuals to control how their personal data is collected, stored, and shared.

Data Ownership

Individuals have the right to decide how their personal data is used.

Data Collection Practices

Businesses and organizations gather data through various methods, like online forms, cookies, and apps.

Consent

Individuals must provide explicit and informed consent before their data is collected.

Tracking Technologies

Tools like cookies and mobile apps track user activity online.

Data Breaches

Unauthorized access to sensitive data that can lead to identity theft or fraud.

Copyright

The right to control and profit from your original creations, such as writings, music, or software. It grants you the legal authority to prevent others from copying, distributing, or performing your work without permission.

Patent

A legal document that grants an inventor exclusive rights to their invention for a specific period. It protects the invention from being made, used, or sold by others.

Trade Secret

A type of intellectual property that protects the confidential information of a business, giving them a competitive advantage. It could involve formulas, patterns, methods, or processes.

Patent Infringement

The act of using or producing a patented invention without permission from the patent holder. It's illegal and can lead to legal action.

Registered Designs

A legal term that describes the protection given to individuals and groups who have developed unique designs or patterns in their products. These designs are often registered to prevent unauthorized copying.

Study Notes

Security Incidents and Exploits

• A security incident is an event that damages network resources or data, part of an attack or security threat.
• Exploits are codes, software, or methods attackers use to take advantage of system vulnerabilities.
• Known exploits are vulnerabilities or attack methods already discovered, documented, and made public.
• Unknown (zero-day) exploits are vulnerabilities or attack methods not yet known or disclosed.

Denial-of-Service Attacks

• A denial-of-service (DoS) attack floods a computer or website with data to overload the system, preventing proper function.

Malware

• Malware is harmful software, like spyware, viruses, ransomware, and worms, that can access system data.

Identity Theft

• Identity theft occurs when criminals gain access to personal information to use for their benefit.

Cryptojacking

• Cybercriminals use a victim's computer resources without their knowledge to mine cryptocurrencies.

Cross-Site Request Forgery (CSRF)

• CSRF forces a user to execute unwanted actions on a web application while logged in.

Disk Forensics

• Disk forensics recovers data from physical storage devices, including deleted or hidden partitions.

Network Forensics

• Network forensics investigates network traffic to find security incidents, unauthorized access, or other malicious activity.

Database Forensics

• Database forensics collects information from databases, including data and metadata.

Mobile Forensics

• Mobile forensics uses special software to extract, investigate, and recover data from devices.

Malware Forensics

• Malware forensics finds, examines, and tracks down attacking malware.

Physical Security

• Physical security protects buildings and equipment from unauthorized access.
• Preventing unauthorized entry is vital for secure office spaces.

Proactive Intrusion Detection

• Proactive intrusion detection is the first line of defense to prevent building intrusions.

Scalable Physical Security Implementation

• Scalable physical security solutions are easy to install and quickly adapt to new systems.

Seamless System Integrations

• Physical security systems can integrate with other software and applications, providing seamless transition.

Audit Trails and Analytics

• Audit trails and analytics allow easy and quick identification of possible system weaknesses.

Operational Security (Procedural Security)

• Operational security, or procedural security, is a risk management process that encourages managers to view operations from an adversary's perspective to protect sensitive information.

Information Privacy

• Information privacy is the right of individuals to control how their personal data is collected, stored, and shared.
• Data ownership is the right of individuals to decide how their personal data is used by organizations.

Data Collection Practices

• Data is collected through various means, including online forms, cookies, and apps.

Consent

• Consent is required before organizations collect personal data.

Tracking Technologies

• Tracking technologies, like cookies and mobile apps, track user activity.

Data Breaches

• Data breaches are unauthorized access to sensitive data, potentially leading to identity theft or fraud.

Social Media and Privacy

• Over-sharing and lack of privacy controls on social media expose personal information to risks.

Data Privacy Act of 2012 (RA 10173)

• This act protects personal data privacy by regulating its processing.

Freedom of Expression

• Freedom of expression is the ability to express beliefs, thoughts, ideas, and emotions without government censorship.

Criminal Defamation Laws

• Criminal defamation laws are often misused, used in situations not involving public interest, and should be a last resort.

Attacks on Media Workers

• Harassment of journalists poses a significant threat to independent and investigative journalism.

Informal Censorship

• Informal censorship prevents or punishes the publication of critical material.

Hate Speech

• Hate speech is a pervasive tactic for undermining rights.

Gender Equity

• Equal access and representation for women in media are crucial for proper coverage of women's issues and perspectives.

Intellectual Property

• Intellectual property is a non-physical asset a company or person owns.
• Copyright protects original works from unauthorized use.

Patents

• Patents protect inventions, allowing inventors to prevent others from making, using, or selling their inventions.

Patent Infringement

• Patent infringement is the unauthorized use of a patented invention without permission.

Trade Secrets

• Trade secrets are confidential business information that gives a company an advantage over its competitors.

Security Policies

• Acceptable Use Policy, Data Classification Policy, Incident Response Policy, and Access Control Policy are examples of security policies.

Data Privacy Act of 2012 Key Provisions

• Transparency in data collection, secure storage of personal information, and individual rights to access and correct data are key provisions.

Freedom of Speech Issues

• Key issues related to freedom of speech, as well as related key terms regarding Intellectual Property, are covered.

Examples of Trade Secrets, Patents, and Other IP

• Specific examples of various types of intellectual property, including formulas, methods, techniques, and specific types of patents, are included.