Digital Security and Cybercrime Overview

Questions and Answers

What is employee monitoring primarily used for?

To observe and review an employee's use of technology (correct)

To promote creative thinking

To enhance employee morale

To increase employee privacy

It is illegal for employers to monitor their employees' technology usage.

False

What is content filtering?

The process of restricting access to certain material or websites.

Employee monitoring can involve the use of __________ to observe communications.

cameras

Match the following terms with their descriptions:

Employee Monitoring = Using technology to observe employee activity Content Filtering = Restricting access to certain websites Web Filtering Software = Software to limit internet access Digital Security Risks = Threats to online information and systems

Which of the following is NOT a type of threat mentioned?

Social media engagement

Many businesses use web filtering software to allow unrestricted internet access.

False

Name one type of theft mentioned in the context of digital security risks.

Software theft or information theft or hardware theft

Which of the following is a type of digital security risk?

Information theft

A denial of service (DoS) attack aims to enhance computer access to an Internet service.

False

What is the purpose of a firewall?

To protect a network's resources from intrusion.

A __________ is a numeric password used for gaining access to a computer or a service.

PIN

Match the following types of attacks with their definitions:

Phishing = Scam to obtain personal information Spoofing = Making a transmission appear legitimate Social engineering = Gaining access by manipulating trust Botnet = A group of compromised devices

What is an example of unauthorized access?

Using a company computer for personal work without permission

Encryption is a process that converts readable data into encoded characters.

True

Define software theft.

The unauthorized copying, installing, or using of software.

A digital __________ verifies the identity of the sender of a message.

signature

Which of the following methods is NOT used for identity verification?

Data mining

Cloud storage is a method for backing up files off-site.

True

What does the term 'hardware vandalism' refer to?

The act of defacing or destroying digital equipment.

A __________ file collects information about a user when they visit a website.

cookie

Which of the following is a safeguard against unauthorized access?

Using a strong password

Study Notes

Digital Security, Ethics, and Privacy

• Digital security risk is any event or action that could cause a loss or damage to computer or mobile device hardware, software, data, information, or processing capability
• Computer crime encompasses any illegal act involving the use of a computer or related devices
• Cybercrime is an online or Internet-based illegal act
• Types of cybercriminals include hackers, crackers, script kiddies, corporate spies, unethical employees, cyberextortionists, and cyberterrorists

Internet and Network Attacks

• Information transmitted over networks has a higher security risk than information on an organization's premise
• Malware is malicious software that acts without user knowledge, deliberately altering computer and mobile device operations
• Types of malware include viruses, worms, Trojan horses, rootkits, spyware, and adware

Internet and Network Attacks (cont.)

• A botnet is a group of compromised computers or mobile devices connected to a network
• Denial of service (DoS) attack disrupts computer access to an internet service
• Distributed DoS (DDoS) attack is a coordinated DoS attack from multiple sources
• Backdoor is a program or instruction set that bypasses security controls
• Spoofing makes a network or internet transmission seem legitimate

Internet and Network Attacks (cont.)

• Firewall is hardware or software that protects a network's resources from intrusion

Unauthorized Access and Use

• Unauthorized access is the use of a computer or network without permission
• Unauthorized use is the use of a computer or its data for unapproved or illegal activities
• Organizations use measures like acceptable use policies and disabling file and printer sharing to prevent unauthorized access
• Access controls define who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it
• The computer, device, or network should maintain an audit trail that records both successful and unsuccessful actions

Unauthorized Access and Use (cont.)

• Passphrase is a private combination of words, often with mixed capitalization and punctuation, used with a user name to access computer resources
• PIN (personal identification number) is a numeric password, either assigned by a company or chosen by a user
• Possessed object is any item required for access to a computer or computer facility
• Biometric device authenticates a person's identity by translating a characteristic into a digital code
• Biometric characteristics include fingerprints, hand geometry, signature verification, voice verification, and iris recognition

Unauthorized Access and Use (cont.)

• Two-step verification uses two separate methods to verify a user's identity

Unauthorized Access and Use (cont.)

• Digital forensics involves the discovery, collection, and analysis of evidence found on computers and networks
• Digital forensics is utilized by law enforcement, criminal prosecutors, insurance agencies, information security departments, and military intelligence

Software Theft

• Software theft occurs when someone steals software media, intentionally erases programs, illegally registers/activates programs, or illegally copies programs
• Manufacturers use activation processes to prevent unauthorized installations
• A license agreement specifies the permitted uses of software

Information Theft

• Information theft occurs when someone steals personal or confidential information
• Encryption converts readable data into encoded characters to prevent unauthorized access
• Digital signature is an encrypted code to verify the identity of a message sender
• Digital certificate guarantees a user or website's legitimacy
• Secure site uses encryption techniques to protect its data

Hardware Theft, Vandalism, and Failure

• Hardware theft involves stealing digital equipment
• Hardware vandalism involves defacing or destroying digital equipment
• Safeguards against theft include physical access controls, alarm systems, physical security devices, and device-tracking apps

Hardware Theft, Vandalism, and Failure (cont.)

• Safeguards against failure include surge protectors, uninterruptible power supplies, duplicate components, and fault-tolerant computers

Backing Up – The Ultimate Safeguard

• Backup is a duplicate of a file, program, or media
• To back up a file means to make a copy of it
• Off-site backups are stored separate from the computer or mobile device
• Categories of backups include full, differential, incremental, selective, and continuous data protection (CDP)
• Various backup methods include full backup, differential, incremental, selective, continuous data protection (CDP) backups, and cloud backups

Wireless Security

• Wireless access poses additional security risks
• Some perpetrators connect to others' wireless networks to gain free internet access or confidential data
• Others connect to unsecured wireless access points (WAP) or combination router/WAP

Ethics and Society

• Technology ethics govern the use of computers, mobile devices, information systems, and related technologies
• Information accuracy is a concern
• Intellectual property refers to unique and original works
• Copyright protects tangible forms of expression
• Digital rights management (DRM) prevents the illegal distribution of digital content

Ethics and Society (cont.)

• Code of conduct is a written guideline to determine whether a specification is ethical/unethical or allowed/not allowed
• Green computing reduces electricity and environmental waste
• Some examples of green computing tips include using ENERGY STAR-compliant devices, turning off devices when not in use, using paperless methods, and telecommunicating

Information Privacy

• Information privacy refers to individuals' and companies' right to deny or restrict the collection, use, and dissemination of information
• Huge databases store data online
• Websites often collect data to personalize advertisements and messages
• Some employers monitor computer usage and email messages. Types of information theft that are discussed in the notes include: phishing, clickjacking, spyware, adware, social engineering

Information Privacy (cont.)

• Cookie is a small text file that stores information on a web server
• Websites use cookies for personalization, tracking user visits, and assisting with online shopping

Information Privacy (cont.)

• Phishing is a scam where perpetrators attempt to get personal info through official-looking emails
• Clickjacking is when an object that can be tapped or clicked on a website contains a malicious program
• Spyware is a program placed on a device that secretly collects information
• Adware displays advertisements
• Social engineering is gaining access or obtaining info by taking advantage of trust
• Employee monitoring involves the use of computers, mobile devices, or cameras to observe, record, and review employee activities
• Content filtering and web filtering software restrict access to certain materials and websites

Information Privacy (cont.)

• Laws concerning privacy have been enacted by federal and state governments

Description

This quiz covers essential concepts in digital security, including risks, types of cybercrime, and various forms of malware. Understand the distinctions between different cybercriminals and their tactics. Test your knowledge on protecting digital assets from security threats.