Cybersecurity Threats

Questions and Answers

Which of the following is the BEST way to obscure your email address when posting online to avoid spam?

Changing your email address to a different service provider

Providing a web-based contact form instead of your email address (correct)

Inserting a random string of characters in the middle of your email address

Replacing the '@' symbol with 'at' and the '.' with 'dot'

What is the term used to describe the practice of registering a domain name that is a common misspelling of a popular website, with the intention of taking advantage of typing errors?

Typosquatting (correct)

Acceptable use policy violation

Cybervandalism

Website name stealing

Which of the following is the BEST practice to avoid ending up on a spammer's mailing list when posting online?

Replying to spam messages to request removal from the list

Changing your email address to a new service provider after each online post

Obscuring your email address by replacing special characters with text (correct)

Providing your real email address and hoping the website has robust spam protection

Which of the following technologies is PRIMARILY used to mitigate the damage caused by a security breach, after prevention and resistance strategies have failed?

Intrusion detection software

Which of the following is the BEST description of a firewall's primary function?

Analyzing incoming and outgoing network traffic to ensure it meets the organization's security policies

What is the term for a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software?

Scareware

Which term refers to the forging of the return address on an email to make it appear as if it comes from a different sender?

Spoofing

What is the characteristic of typosquatting?

Registering domain names similar to popular websites to deceive users

Which term refers to a program or device that can monitor data traveling over a network?

Sniffer

What do we call the action of granting authorized rights inappropriately known as?

Elevation of privilege

Which of the following is a key purpose of an anti-spam policy?

To prohibit employees from sending unsolicited emails

What is the purpose of a social media policy in an organization?

To outline corporate guidelines or principles governing employee online communications

What is the 'right to be forgotten' in the context of online content?

The ability for individuals to request the removal of content that violates their privacy

What is 'teergrubing' in the context of anti-spam measures?

The technique of launching a return attack against the computer that originated the suspected spam

Which of the following is a key concern regarding employee monitoring in the workplace?

It is considered by some to be unethical and an invasion of employee privacy

What is the primary purpose of an Acceptable Use Policy (AUP)?

To require users to agree to follow rules for accessing corporate systems

Which of the following is an example of cybervandalism?

Defacing a website by modifying its content or appearance

What is the purpose of an Internet Use Policy?

To outline guidelines for proper use of the internet within the organization

Which of the following is an example of typosquatting?

Registering a domain name that is a common misspelling of a popular website

What is the purpose of a Social Media Policy?

To outline the corporate guidelines or principles governing employee online communications

What is the term used to describe the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website owner?

Website name stealing

Which of the following is a legitimate ground for reading a user's email according to a typical email privacy policy?

To comply with legal requirements or a court order

What is the term used to describe the problem that occurs when someone registers purposely misspelled variations of well-known domain names to lure consumers who make typographical errors when entering a URL?

Typosquatting

Which of the following is a form of cybervandalism?

Sending a massive amount of email to a specific person or system to cause the user's server to stop functioning

Which of the following is a typical feature of an email privacy policy?

Defines legitimate email users and explains what happens to accounts after a person leaves the organization

Which of the following is NOT a technique used to gain personal information for the purpose of identity theft?

Keylogging

What is the term used to describe the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand?

Astroturfing

Which of the following is the LEAST effective way for an organization to help combat insider issues related to information security?

Relying solely on technical controls

Which of the following is the term used to describe the practice of registering a domain name that is a common misspelling of a well-known website, with the intent of diverting traffic or deceiving users?

Typosquatting

Which of the following is the MOST important step an organization should take to help combat insider issues related to information security?

Developing an information security policy

Which of the following is a key component of an effective employee monitoring policy?

Explicitly stating how, when, and where the company monitors employees

What is the term used to describe the practice of registering a domain name that is a common misspelling of a popular website, with the intention of taking advantage of typing errors?

Typosquatting

Which of the following is an example of an intellectual asset that needs to be protected by an organization?

Organizational information and intellectual capital

What is the term used to describe the practice of intentionally defacing or damaging a website or web application?

Cybervandalism

Which of the following is a potential consequence of a security breach that can result in downtime for an organization?

Revenue recognition issues

What is the term used to describe the practice of registering a domain name that is similar or identical to a well-known brand or company, with the intention of taking advantage of brand recognition or causing confusion?

Website name stealing

Which of the following is a potential consequence of a security breach that can impact an organization's financial performance?

Loss of stock price or credit rating

What is the term used to describe the practice of intentionally accessing or attempting to access a computer system or network without authorization?

Hacking

Which of the following is a potential consequence of a security breach that can impact an organization's reputation?

Damaged reputation with customers, suppliers, and business partners

Which of the following is a potential consequence of a security breach that can result in additional expenses for an organization?

Incurring overtime costs, temporary employee expenses, and legal obligations

The Ethical Computer Use Policy is designed to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.

True

The General Data Protection Regulation (GDPR) does not contain any general principles regarding information privacy.

False

The General Data Protection Regulation (GDPR) requires users to agree to an Acceptable Use Policy before being granted access to corporate email and information systems.

False

Nonrepudiation is a contractual stipulation that ensures ebusiness participants can deny their online actions.

False

Nonrepudiation is a contractual stipulation that ensures ebusiness participants cannot deny their online actions.

True

An Internet Use Policy typically describes the services available to users, but does not define the organization's position on the purpose of Internet access or any restrictions on that access.

False

The Internet Use Policy does not contain any general principles to guide the proper use of the internet.

False

Acceptable Use Policies (AUPs) do not require a user to agree to follow it in order to be provided access to corporate email, information systems, and the internet.

False

According to a typical Acceptable Use Policy, users are not required to cite sources or handle offensive material when using the organization's technology resources.

False

$5(7 + 3)$ is an example of a user responsibility described in a typical Acceptable Use Policy.

False

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information only within the European Union (EU).

False

An Acceptable Use Policy (AUP) typically outlines the responsibilities and permitted actions of users regarding organizational systems and data.

True

Nonrepudiation is a security principle that ensures a party cannot deny having performed a particular action related to data or information.

True

An Internet Use Policy typically prohibits any personal use of the internet while at work.

False

The 'right to be forgotten' in the context of online content allows individuals to request to have all content that violates their privacy removed.

True

In an Acceptable Use Policy, user responsibilities may include reporting any suspected security incidents or policy violations.

True

An Acceptable Use Policy (AUP) is primarily used to outline the corporate guidelines or principles governing employee online communications.

False

Nonrepudiation is a key component of an effective employee monitoring policy, ensuring that actions taken by employees cannot be denied later.

True

An Internet Use Policy is primarily used to mitigate the damage caused by a security breach, after prevention and resistance strategies have failed.

False

The 'opt-in' approach to email permissions requires users to choose to deny permission to incoming emails.

False

The General Data Protection Regulation (GDPR) gives individuals the 'right to be forgotten', which allows them to request the removal of their personal data from online platforms.

True

An Acceptable Use Policy (AUP) is primarily focused on defining user responsibilities and acceptable behaviors when using an organization's information systems and resources.

True

Nonrepudiation is a security principle that ensures the sender of a message cannot deny having sent the message, and the recipient cannot deny having received it.

True

An Internet Use Policy should focus on regulating employee access to social media websites, but does not need to address guidelines for the use of organization-provided email accounts.

False

According to a typical Acceptable Use Policy, users are responsible for ensuring the security and integrity of their own user accounts, but are not responsible for reporting any suspected security incidents or breaches.

False

The right to be left alone, control over personal possessions, and not being observed without consent are key components of Acceptable Use Policy.

False

Nonrepudiation ensures that messages and information are available only to authorized individuals.

False

Internet Use Policy is primarily concerned with ethical principles that guide employee behavior in an organization.

True

GDPR governs the principles and standards that guide our behavior towards other people in a business environment.

False

User responsibilities in Acceptable Use Policies include ensuring data privacy compliance and enforcing digital rights management.

False

The General Data Protection Regulation (GDPR) does not contain any general principles regarding information privacy.

False

Nonrepudiation is a contractual stipulation that ensures ebusiness participants can deny their online actions.

False

According to a typical Acceptable Use Policy, users are not required to cite sources or handle offensive material when using the organization's technology resources.

False

The Internet Use Policy does not contain any general principles to guide the proper use of the internet.

False

$5(7 + 3)$ is an example of a user responsibility described in a typical Acceptable Use Policy.

False

The General Data Protection Regulation (GDPR) requires users to agree to an Acceptable Use Policy before being granted access to corporate email and information systems.

False

Nonrepudiation is a contractual stipulation that ensures ebusiness participants cannot deny their online actions.

True

The Ethical Computer Use Policy is designed to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.

True

The Internet Use Policy typically describes the services available to users, but does not define the organization's position on the purpose of Internet access or any restrictions on that access.

False

The primary purpose of an Acceptable Use Policy (AUP) is to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.

True

Study Notes

Types of Hackers

• Black-hat hacker: steals, destroys, or does nothing
• Cracker: has criminal intent
• Cyberterrorist: destroys critical systems or information
• White-hat hacker: works to find system vulnerabilities and fix them at the request of the system owner

Types of Malware

• Virus: software written with malicious intent to cause annoyance or damage
• Worm: a type of virus that spreads from file to file and from computer to computer
• Malware: software intended to damage or disable computers and systems
• Adware: allows internet advertisers to display ads without user consent
• Spyware: collects user data and transmits it over the internet without user knowledge or permission
• Ransomware: infects computers and demands payment in exchange for restoration
• Scareware: tricks victims into buying or downloading useless and potentially harmful software

Security Threats to E-Business

• Elevation of privilege: grants unauthorized rights
• Hoaxes: transmit viruses with fake warnings
• Sniffers: monitor data traveling over a network
• Spoofing: forges return email addresses to impersonate senders
• Typosquatting: registers misspelled domain names to lure victims
• Website name stealing: steals domain names by posing as site administrators
• Internet censorship: government control over internet content
• Email privacy policy: outlines email message privacy and security

Detection and Response

• Intrusion detection software: monitors network traffic for patterns indicating intruders
• Spam management: avoids responding to spam messages and hides email addresses from spammers
• Anti-spam policy: prohibits sending unsolicited emails
• Opt-out policy: allows users to stop receiving emails
• Opt-in policy: requires users to permit email receipt

Information Security

• The first line of defense: develops information security policies and plans
• Information security policies: identify rules for maintaining information security
• Information security plan: details how to implement security policies
• Authentication and authorization: confirm user identities and grant access
• Prevention and resistance technologies: stop intruders from accessing and reading data
• Encryption: scrambles information, requiring a key or password to decrypt

Acceptable Use Policy

• Requires users to agree to follow internet use guidelines
• Typically includes rules for using company email, information systems, and the internet
• Non-repudiation: ensures e-business participants do not deny online actions
• Internet use policy: outlines principles for proper internet use

Social Media Policy

• Outlines guidelines for employee online communications
• Covers brand communication, blogging, social networking, and Twitter use
• The right to be forgotten: allows individuals to request removal of privacy-violating content

Description

Explore common cyber threats such as typosquatting, website name stealing, and internet censorship. Understand how these threats can impact individuals and organizations in the digital world.