Information Security: Attacks, Threats, and Impacts

Questions and Answers

What is the term used for hackers who use expertly written software to exploit a system?

• Ethical hackers
• Script kiddies (correct)
• Black Hats
• White Hats

What is the primary goal of attackers according to the text?

• To escalate their privileges and exploit a system (correct)
• To protest and challenge the system
• To evaluate a system's weaknesses ethically
• To target a system and gather information

Why do hackers need to possess skills in programming, networking protocols, and operating systems?

• To gather information and challenge themselves
• To evaluate system weaknesses ethically
• To write offensive code, move laterally within networks, and manipulate core services (correct)
• To make money and express ideas

What is the term used for computer criminals according to the text?

Black Hats (B)

What is the subculture that has evolved around hackers often referred to as?

The computer underground (D)

What term is used for hackers of limited skill who use expertly written software to exploit a system?

Script kiddies (C)

What is the term used for individuals who use automated exploits and have limited hacking skills?

Script kiddies (B)

What is the term used for employees who are among the greatest threats to an organisation's data?

Human error or failure (C)

What causes are included in human error or failure as per the text?

Inexperience, improper training, and incorrect assumptions (B)

What is the term used for attackers' goals according to the text?

To escalate their privileges and exploit a system (D)

What is the definition of a 'threat' in the context of information security?

A potential risk to an asset’s loss of value (C)

What is the definition of an 'attack' in the context of information security?

An intentional or unintentional act that can damage information and systems (A)

What is an 'exploit' in the context of information security?

A technique used to compromise a system (D)

Which of the following is an example of a 'threat' in information security?

Technological Obsolescence (A)

What is a 'vulnerability' in the context of information security?

A potential weakness in an asset or its defensive control system(s) (A)

What is the role of a 'hacker' in the context of information security?

Explores methods for breaching defenses and exploits weaknesses in a computer system or network (D)

What motivates hackers according to the text?

To explore methods for breaching defenses and exploits weaknesses in a computer system or network (B)

What does overall security improvement lead to, according to the text?

Increase in number of potential hackers (A)

Which of the following is considered a 'threat actor' in information security?

Hacker (D)

What does 'cyber espionage' refer to?

Theft of intellectual property (B)

What is the primary mission of an information security program according to the lecture?

To ensure information assets remain safe and useful (C)

According to the lecture, what is the constant concern in the context of information security?

Threat of attacks on information systems (A)

What are the four important functions of information security for an organization according to the lecture?

Protecting the organization’s ability to function, data and information, enabling safe operation of applications, improving IT systems (D)

According to the lecture, what does the primary mission of an information security program enable when there are no threats?

Exclusive use of resources to improve systems containing information (C)

What is the role of information security in enabling the safe operation of applications according to the lecture?

Preventing unauthorized access to data and applications (B)

According to the lecture, what problem does information security aim to address?

Threat of attacks on information systems (B)

What is the primary focus of implementing information security according to the text?

Facilitating a security program for management (A)

What is the maximum fine under GDPR for organisations that infringe its requirements?

Up to €20 million (C)

What is the key step in risk management involving the examination and documentation of an organisation's information technology and the risks it faces?

Risk identification (B)

What is the role of security management as per the text?

To ensure critical assets are sufficiently protected in a cost-effective manner (C)

What is the process of identifying risk, assessing its relative magnitude, and taking steps to reduce it to an acceptable level known as?

Risk control (D)

What is the primary concern before the design of new security solutions can begin according to the text?

Current state of the organisation and its relationship to security (A)

What does the Information Commissioner's Office (ICO) in the UK focus on?

Promoting openness by public bodies and data privacy for individuals (D)

What is the critical aspect mentioned in relation to protecting data according to the text?

Protecting data in transmission, processing, and at rest (storage) (D)

9

What is the primary goal of the Information Commissioner's Office (ICO) in the UK?

Promoting openness by public bodies and data privacy for individuals (D)

What is the maximum fine under the GDPR for organizations that infringe its requirements?

Up to 4% of annual global turnover or €20 million – whichever is greater (C)

What is the critical aspect mentioned in relation to protecting data according to the text?

Transmission (A)

What is the process of examining and documenting the security posture of an organization’s information technology and the risks it faces known as?

Risk identification (A)

What are the key steps in risk management mentioned in the text?

Risk identification, Risk assessment, Risk control (A)

What is the primary concern before the design of new security solutions can begin according to the text?

Understanding the current state of the organisation and its relationship to security (C)

What is the role of security risk assessment according to the text?

Determines the extent to which an organization’s information assets are exposed to risk (D)

What is risk management in the context of information security?

Process of identifying risk and assessing its relative magnitude (C)

What is the primary mission of an information security program according to the lecture?

Protecting data without which an organisation loses its record of transactions and ability to deliver value to customers (C)

What does overall security improvement lead to, according to the text?

Application of controls that reduce the risks to an organization’s information systems (C)

What is an example of a 'threat' in information security?

Suspending data transfers to third countries (D)