Digital Security Risks and Malware

Questions and Answers

What is a digital security risk?

• A legal action involving computers
• Any event causing a loss or damage to digital devices (correct)
• A virus that infects software
• A network connection failure

All digital security risks are considered computer crimes.

False (B)

What is malware?

Malicious software that acts without a user's knowledge to alter computer operations.

A program that blocks access to files until a payment is made is known as __________.

ransomware

Which of the following types of malware collects user information without their knowledge?

Spyware (A)

Match the malware types with their descriptions:

Adware = Displays online advertisements Trojan horse = Hides within a legitimate program Worm = Copies itself repeatedly Rootkit = Allows remote control of a device

A Trojan horse replicates itself to spread to other computers.

False (B)

Name one major difference between a virus and a worm.

A virus requires a host program to spread, while a worm copies itself to spread independently.

Information transmitted over networks is at a higher security risk than information kept on __________.

premises

Which type of malware is specifically designed to disrupt the functioning of system resources?

Virus (D)

What is a botnet?

A group of compromised computers or mobile devices (C)

A passphrase is a numeric password assigned by a company.

False (B)

What is the purpose of a firewall?

To protect a network's resources from intrusion.

A compromised computer or device is known as a ______.

zombie

Match the following authentication methods to their descriptions:

PIN = Numeric password for access Biometric device = Identification through personal characteristics Passphrase = Combination of words for access Possessed object = Item required for access

What does a denial of service attack (DoS) do?

Disrupts computer access to an Internet service (A)

Spoofing makes a network transmission appear illegitimate.

False (B)

What is the function of access controls?

To define who can access a computer, device, or network.

An example of a biometric device is a ______.

fingerprint reader

What is the primary role of an audit trail?

To record access attempts (B)

What can cookies be used for on websites?

Track user visits and target advertisements (A)

Adware is a type of program that secretly collects user information and sends it to an external source.

False (B)

What is phishing?

A scam to obtain personal and financial information through deceptive messages.

_________ is a program that collects information about users without their knowledge.

Spyware

Match the following terms with their definitions:

Phishing = Deceptive attempts to obtain sensitive information Spyware = Program that collects user data without consent Content Filtering = Restricting access to certain online material Cookies = Text files stored on computers by websites

What is the main purpose of social engineering?

To gain unauthorized access to confidential information (D)

Clickjacking involves legitimate interfaces without any malicious intentions.

False (B)

What does web filtering software do?

It restricts access to specified websites.

Employees might have their computer usage __________ by some employers.

monitored

Which of these is NOT a purpose of cookies?

Hacking into user's accounts (C)

What does a hand geometry system verify?

The shape and size of a person's hand (D)

Iris recognition is a method used in digital forensics.

False (B)

What is two-step verification?

A security process that uses two separate methods to verify a user's identity.

The process of converting data into encoded characters to prevent unauthorized access is called ______.

encryption

Match the following areas that use digital forensics with their primary focus:

Law enforcement = Investigation of crimes Military intelligence = National security Insurance agencies = Fraud detection Information security departments = Protecting network security

Which of the following best defines information privacy?

The right to deny or restrict the collection, use, and dissemination of personal data (A)

Not all information found on the web is accurate.

True (A)

What is the main purpose of digital forensics?

To discover, collect, and analyze evidence found on computers and networks.

Information theft involves stealing ______ or confidential information.

personal

Which of the following methods is NOT a type of biometric verification?

Keypad entry (C)

Flashcards

Digital Security Risk

Any event or action that could harm a computer or mobile device, its software, data, or processing.

Computer Crime

Any illegal act involving computers or related devices.

Cybercrime

An illegal act committed online or using the internet.

Malware

Software designed to harm computers or mobile devices without the user's knowledge.

Adware

A type of malware that displays unwanted online ads.

Ransomware

A type of malware that blocks access to a device until a ransom is paid.

Rootkit

A hidden program that gives remote access to a device.

Spyware

Malware that secretly collects information about a user and sends it to someone else.

Trojan Horse

Disguised software that hides its true purpose.

Worm

A program that replicates itself and can spread through networks, potentially harming computers.

Botnet

A group of compromised computers or mobile devices connected to a network.

Zombie

A compromised computer or device within a botnet.

Denial of service (DoS) attack

An attack that disrupts computer access to an internet service.

Distributed DoS (DDoS) attack

A DoS attack launched from multiple sources, making it harder to block.

Backdoor

A hidden program or instruction allowing users to bypass security controls.

Spoofing

A technique intruders use to make their network or internet transmission appear legitimate.

Firewall

Hardware and/or software protecting a network's resources from intrusion.

Access controls

Rules defining who can access a computer, device, or network, when they can access it, and what actions they can take.

Audit trail

A record of both successful and unsuccessful access attempts to a computer, device, or network.

Passphrase

A combination of words associated with a username for access to computer resources, often containing mixed capitalization and punctuation.

Hand Geometry System

A system that verifies a person's identity by analyzing the unique shape and size of their hand.

Iris Recognition System

A biometric system that uses patterns in the iris of the eye to identify individuals.

Signature Verification System

Verifies identity by analyzing the unique way a person signs their name.

Voice Verification System

Verifies identity by analyzing the unique characteristics of a person's voice.

Two-Step Verification

Two-step verification improves security by requiring two separate forms of identification to access an account.

Digital Forensics

The process of finding, collecting, and analyzing digital evidence from computers and networks.

Information Theft

The act of stealing personal or confidential information.

Encryption

Converting data into a scrambled format that only authorized individuals can access.

Technology Ethics

Moral rules that guide the use of technology, including computers, mobile devices, and information systems.

Information Privacy

An individual's right to control the collection, use, and dissemination of information about themselves.

What is a cookie?

A small text file that a web server stores on your computer.

What is phishing?

A scam where someone sends an official-looking message to trick you into giving them your personal or financial information.

What is clickjacking?

A type of attack where a hidden object on a website contains a malicious program that can be triggered by clicking on it.

What is spyware?

A program that secretly collects information about you from your computer or mobile device and sends it to someone else.

What is adware?

A program that displays online advertisements in banners, pop-ups, or pop-unders.

What is social engineering?

Gaining unauthorized access to information by exploiting people's trust and naivete.

What is content filtering?

The process of restricting access to certain websites or content.

What is web filtering software?

Software that restricts access to specified websites.

What are privacy laws?

Laws that protect your privacy by regulating how businesses can store and share your personal data.

What is a digital security risk?

Any event or action that could harm a computer, its software, data, or processing.

Study Notes

Digital Security Risks

• A digital security risk is any event or action that could cause loss or damage to a computer or mobile device's hardware, software, data, information, or processing capabilities.
• Computer crime is any illegal act involving computers or related devices.
• Cybercrime is an online or Internet-based illegal act.

Internet and Network Attacks

• Information transmitted over networks has a higher security risk than information kept on organizational premises.
• Malware is malicious software that acts without user knowledge, altering computer and mobile device operations.

Common Types of Malware

• Adware: Displays online advertisements on webpages, emails, or Internet services.
• Ransomware: Blocks or limits access to a computer, phone, or file until a payment is made.
• Rootkit: Hides within a computer or device, allowing remote control.
• Spyware: Secretly collects user information and sends it to an outside source.
• Trojan horse: Appears legitimate but contains malicious code. Doesn't replicate itself.
• Virus: A potentially damaging program that negatively affects a computer or device by altering its operations without permission.
• Worm: Copies itself repeatedly, using resources and potentially shutting down systems.

Internet and Network Attacks (continued)

• A botnet is a group of compromised computers or devices connected to a network. A compromised computer is known as a "zombie."
• A denial of service (DoS) attack disrupts computer access to an Internet service, a Distributed DoS attack (DDoS) is specifically more widespread
• A backdoor is a program that bypasses security controls.
• Spoofing is a technique that makes network or Internet transmissions appear legitimate.

Internet and Network Attacks (continued)

• A firewall is hardware and/or software that protects a network's resources from intrusion.

Unauthorized Access and Use

• Access controls define who can access a computer, device, or network, when they can access it, and the actions they can take.
• Computers, devices, or networks should maintain an audit trail of access attempts (both successful and unsuccessful).
• Examples of access controls include user names, passwords, passphrases, and PINs.

Unauthorized Access and Use (continued)

• Passphrases are private combinations of words, often containing mixed capitalization and punctuation, associated with a user name, allowing access to computer resources.
• PINs (Personal Identification Numbers) are numeric passwords, either assigned by a company or selected by a user.

Unauthorized Access and Use (continued)

• A possessed object is an item required to gain access to a computer or facility.
• Biometric devices authenticate a person's identity by translating a personal characteristic (e.g., fingerprint, face, iris, signature, voice) into a digital code.

Unauthorized Access and Use (continued)

• Examples of biometric devices include fingerprint readers, face recognition systems, hand geometry systems, iris recognition systems, and signature/voice verification systems.

Unauthorized Access and Use (continued)

• Two-step verification uses two separate methods to verify a user's identity.

Unauthorized Access and Use (continued)

• Digital forensics involves discovering, collecting, and analyzing evidence found on computers and networks.
• Many areas use digital forensics including law enforcement, criminal prosecutors, military intelligence, insurance agencies, and information security departments.

Information Theft

• Information theft occurs when someone steals personal or confidential information.
• Encryption is a process to convert readable data into encoded characters to prevent unauthorized access.

Ethics and Society

• Technology ethics are moral guidelines for the use of computers, mobile devices, information systems, and related technologies.
• Information accuracy is a concern since not all information on the web is correct.

Information Privacy

• Information privacy is the right of individuals and companies to control the collection, use, and dissemination of information about them.
• Huge online databases store information.
• Websites often collect data to personalize advertisements and email messages.
• Some employers monitor computer usage and email messages.

Information Privacy (continued)

• Cookies are small text files stored on a computer by web servers.
• Websites use cookies for personalization, storing user names/passwords, online shopping assistance, tracking visits, and targeted advertisements.

Information Privacy (continued)

• Phishing is a scam that sends official-looking messages to obtain personal and financial information.
• Clickjacking is when an object on a website contains a malicious program.
• Spyware is a program secretly collecting user information and communicating it to an outside source.
• Adware is a program that displays advertisements on webpages, emails, or Internet services.

Information Privacy (continued)

• Social engineering is gaining unauthorized access by taking advantage of human nature.
• Federal and state laws address privacy regarding personal data storage and disclosure.
• Content filtering restricts access to specific material.
• Web filtering software restricts access to particular websites.

Description

This quiz covers essential concepts related to digital security risks, including types of malware and cybercrime. Explore how these threats can impact devices, data, and online safety. Test your knowledge on protecting against these security challenges.