Information Communication Technology Grade 12

Questions and Answers

What is the primary goal of ensuring confidentiality in computer security?

• To allow unrestricted access to data
• To promote data modification by any user
• To ensure data is always available to all users
• To protect sensitive information from unauthorized access (correct)

What does integrity in computer security aim to guarantee?

• That data remains accurate and unaltered (correct)
• That sensitive information is always disclosed
• That data can be freely altered without restriction
• That data is available to everyone at all times

What method is encouraged to help individuals protect their online behaviors?

• Developing skills to identify security risks (correct)
• Ignoring potential security risks
• Using less secure coding practices
• Limiting their knowledge of security trends

Why is continuous learning important in the field of computer security?

Because the field is dynamic and constantly evolving (C)

What is a digital asset?

Any valuable piece of digital content or data (C)

What is ransomware primarily used for?

To encrypt a victim's data and demand payment for the decryption key (D)

What characterizes an insider threat?

Malicious activities initiated by individuals with authorized access (C)

What leads to a data breach?

Unauthorized access and disclosure of sensitive data (A)

Which of the following describes social engineering?

Manipulating individuals to reveal confidential information (C)

What does the term 'supply chain attack' refer to?

Exploiting vulnerabilities in third-party vendors to access systems (D)

Flashcards

Computer Security

The practice of securing computer systems, networks, and data from unauthorized access, attacks, or any form of exploitation.

Confidentiality

Ensuring that sensitive information is only accessible to authorized individuals.

Integrity

Guaranteeing that data remains accurate and unaltered throughout its life cycle.

Availability

Ensuring that computer systems, networks, and data are available to authorized users when needed.

Digital Asset

Any piece of digital content or data that holds value to an individual or organization.

Ransomware

Malicious software that encrypts a victim's data and demands a ransom payment for the decryption key. It's like a digital hostage situation, where your files are held captive until you pay.

Data Breaches

Unauthorized access and disclosure of sensitive data, often leading to privacy violations or identity theft. It's like someone breaking into your house and stealing your valuables.

Insider Threats

Malicious activities initiated by individuals within an organization who have authorized access to sensitive information. It's like a trusted employee turning traitor and betraying the company.

Supply Chain Attacks

Targeting vulnerabilities in third-party vendors or suppliers to gain access to their systems and compromise the target organization. It's like attacking a company through its suppliers, like infiltrating a fortress by targeting its guards.

Social Engineering

Manipulating individuals into revealing confidential information or performing actions that compromise security through deception or psychological manipulation. It's like tricking someone into giving you their password or opening a malicious link.

Study Notes

Information Communication Technology Text Book for Grade 12

• This text book is for Grade 12 students
• The author is Qelem Meda Technologies
• The text covers topics related to Information Communication Technology, including Computer Security, Relational Databases, and other potential modules in the subject matter.
• The table of contents on page 3 indicates sections like Introduction to Computer Security, Malware, Social Engineering, and Ethical Issues with AI
• Learning Outcomes on page 4 detail student learning objectives, including understanding cyber threats, security measures, and safe online practices.
• Page 5 details the main objectives of computer security like Confidentiality, Integrity, Availability, Authentication, and Authorization.
• Page 6 details Subject & General Vocabulary.
• Page 7 details topics like Protection of Sensitive Information, Prevention of Cyber Attacks, Business Continuity, Protection of National Security, Privacy and Trust, and Cyberterrorism.
• Page 8 is comprised of History followed by Intellectual Property Protection, Preservation of Reputation, Cyber Threats, all leading to Subject and General Vocabulary.
• Page 9 lists types of malware, such as Malware, Phishing, Denial-of-Service/Distributed Denial-of-Service, Man-in-the-Middle, Advanced Persistent Threats, and Zero-Day Exploits.
• Page 10 covers Malware that is ransomware, insider threats, data breaches, supply chain attacks, IoT vulnerabilities, social engineering.
• Page 11 and 12 are on Malware (Viruses, and Worms).
• Page 13 details Damage and Effects, Detection and Removal, Prevention, and Worms.
• Page 14 is on Key Point, Subject vocabulary, Characteristic of Worms, Network Propagation, Exploitation of Vulnerabilities, Rapid Spread, and Payload.
• Page 15 is on Subject Vocabulary, Lack of Interaction, Worm Botnets, Worm Detection and Mitigation, and Brainstorming Questions.
• Page 16 details History, subject vocabulary (Trojan), and General vocabulary (lure).
• Page 17 details General Vocabulary (unsilocited, reputable), a Did You Know section, and Detection, Prevention and Mitigation of Trojans.
• Page 18 is on General vocabulary (impersonation, deception, social norms), Did you know section, and different social engineering techniques.
• Page 19, 20 & 21 detail Subject vocabulary (Spear Phishing), General Vocabulary (convincing, salutation) and History on larger-scale phishing attacks.
• Page 22 and 23 contain discussions about History (such as the John Podesta Email Hack and the MySpace Samy Worm), and General vocabulary including authentic and credibility.
• Page 24 and 25 discuss and detail on a history of various attacks, including a notable attack against Digg v4 in 2010.
• Page 26 details subject vocabulary (backdoor), general vocabulary (exfiltration, inadvertently, intellectual property, enticing).
• Page 27 & 28 detail Baiting strategies, the Intentional USB Drive, and Employee Curiosity
• Page 29 & 30 detail on Tailgating, Security Awareness Training, and Phishing Simulations.
• Page 31 details Penetration Testing, Least Privilege Patch and Update Management, Physical Security, Vendor Management, Restricting Personal Information Sharing.
• Page 32 & 33 detail on Data backup and protection, Regular security tests, Types of Encryption like Symmetric, Asymmetric, and Hybrid, and various Encryption Algorithms.
• Page 34 discusses Encryption algorithms, and General Vocabulary (infeasible).
• Page 35 and 36 cover Symmetric Encryption, Asymmetric Encryption (Public-Key Encryption), Hybrid Encryption, General Vocabulary (symmetric, asymmetric, and Hybrid), and Essential Web Development.
• Page 37 details Web Application Firewalls (WAF), authentication, authorization, and Session Management.
• Page 38 details Input Validation, Regular Updates and Patch Management, and Cross-Origin Resource Sharing (CORS).
• Page 39 describes Common Web Vulnerabilities like SQL Injection (SQLi) and Cross-Site Scripting (XSS).
• Page 40 details examples and methods for Normal Search Queries, Malicious Input.
• Page 41 and 42 describe cross-site scripting XSS.
• Page 43 details history, and general vocabulary.
• Page 44 describes Insecure Direct Object References (IDOR), Insecure File Uploads, and Server-Side Request Forgery (SSRF)
• Page 45 details on Remote Code Execution (RCE).
• Page 46 through 49 provide ways to protect web applications and websites such as Secure Coding, Input Validation, Least Privilege Principle, Regular Security Testing, and deploying a Web Application Firewall (WAF).
• Page 49 to 51 are on review exercises and provide a possible format of short answer questions, such as what is the primary purpose of encryption in computer security, as well as defining malware, detailing the difference between virus and malware, and describing SQL injection and cross-site scripting.
• Page 52 and 53 focus on the fundamentals of Artificial Intelligence (AI) and its applications.
• Page 54 through 58 discuss Artificial Intelligence (AI), such as different types of Al (Reactive, Limited Memory, Theory of Mind)
• Page 59 and 60 cover Types of Al (Narrow and General), and subject vocabulary (Virtual Assistant).
• Page 61 details on different types of Artificial Intelligence.
• Page 62 and 63 detail on Superintelligence and Reactive Al.
• Page 64 details history followed by limited memory and theory of mind.
• Page 65 and 66 are on Machine Learning.
• Page 67 and 68 cover Unsupervised and Reinforcement learning methods, and Autonomous Driving.
• Page 69 to 71 detail Neural Networks, Data types such as input, hidden, output, and computer vision. Followed by different applications of Natural Language Processing (NLP)
• Page 72 explains Machine Learning with Python and other important concepts for implementing ML.
• Page 73 defines and explains variables and the different data types in Python
• Page 74 explains different arithmetic and comparison operators.
• Page 75 and 76 detail on Logical & Assignment Operators, and explain Identity Operators, comments, control-flow structures.
• Page 77 and 78 cover topics on Loops and functions, as well as parameters and arguments.
• Page 79 and 80 cover modules and packages, and different ways to import packages.
• Page 81 details on Machine Learning with Python, and local development environments for machine learning.
• Page 82 details Anaconda and Jupyter Notebooks as local deployment environments, as well as other options.
• Page 83 provides specific instructions on how to create a notebook.
• Page 84 through 86 cover the Jupyter Notebook interface details for markdown cells, and renaming notebooks.
• Page 87 provides instruction on Data gathering and the use of CSV data from the dataset.
• Page 88 details on importing datasets with Pandases.
• Page 89 describes how to remove duplicate rows from a dataset.
• Page 90 details on training a model on a dataset, such as splitting data into training and testing sets, and selecting an algorithm such an Simple Linear Regression.
• Page 91 and 92 provide details & examples using code on training & predicting model performance in Machine Learning with Python using Linear Regression.
• Page 93 and 94 explain concepts on Data splitting, Training set, Test set, how to select an algorithm in Python as well as evaluating model performance.
• Page 95 and 96 describe ethical issues with Al such as bias, fairness, privacy, data protection, transparency and explainability, accountability and responsibility and job displacement.
• Page 97 discusses Ethical considerations regarding Autonomous Weapons, and Manipulation and Misinformation.
• Page 98 and 99 contain a summary of the concepts covered in the text, as well as review exercises to test understanding of the subject matter.