ITC 1370: Cybersecurity Concepts
10 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a characteristic of an internal attacker?

  • They only target external networks.
  • They seek to misuse organizational assets. (correct)
  • They operate completely anonymously.
  • They borrow sensitive information for personal use.
  • Which of the following is a common mistake that enhances security vulnerabilities?

  • Regularly updating software.
  • Sharing password information with colleagues. (correct)
  • Using complex passwords.
  • Enforcing strict access controls.
  • What might be a direct consequence of falling for phishing scams?

  • Improving email encryption.
  • Having secure access to company files.
  • Receiving unsolicited emails from trusted sources.
  • Granting access to personal data to attackers. (correct)
  • What is a primary method used by internal attackers to misuse data?

    <p>Downloading data unrelated to their job function.</p> Signup and view all the answers

    Which of the following is NOT a strategy for improving IT security?

    <p>Installing unauthorized software.</p> Signup and view all the answers

    Why is sending sensitive information to the wrong recipients a security issue?

    <p>It increases the risk of data leaks.</p> Signup and view all the answers

    What is a social engineering tactic commonly used by attackers?

    <p>Creating phishing emails.</p> Signup and view all the answers

    What type of access control technique helps prevent unauthorized data sharing?

    <p>Segregation of duties.</p> Signup and view all the answers

    What is an effect of equipment theft in an organization?

    <p>Loss of sensitive data.</p> Signup and view all the answers

    How can unauthorized downloads from the Internet compromise security?

    <p>They can introduce malware or spyware.</p> Signup and view all the answers

    Study Notes

    Types of External Attacks

    • Phishing: A deceptive method that impersonates legitimate businesses to steal personal information through emails or instant messages. Typically features urgent requests for sensitive data.
    • Keystroke Loggers: Tools that capture every keystroke from a user, potentially collecting logins, banking details, and sensitive information, leading to identity theft.
    • Denial of Service (DoS) Attacks: Attempts to disrupt access to servers or network segments by overwhelming them, causing outages that prevent legitimate users from accessing resources.
    • Botnets: Networks composed of compromised computers used to launch attacks, spread malware, and distribute spam. Botnets can be employed for coordinated DoS attacks on organizations.
    • Man-in-the-Middle Attacks: Involves intercepting communications between two parties to steal or corrupt data. Attackers can manipulate information and access internal systems.
    • Social Engineering: Techniques employed to manipulate individuals into revealing confidential information by deception, often through manipulation of trust.

    Equipment Theft

    • Internal and External Equipment Theft: Can involve stealing hardware, such as internal and external hard drives, RAM, flash drives, and peripherals like keyboards and mice, with intent to sell stolen equipment or confidential data.
    • Targeted Items: Key items for theft include internal Hard Disk Drives (HDD), RAM, electronic circuits, external HDDs, flash drives, mouse, keyboard, and organizational key cards.

    Internal Attacker

    • Definition: An internal threat typically involves current or former employees or business associates who misuse their access to sensitive organizational data.
    • Common Actions:
      • Downloading or accessing large amounts of sensitive data.
      • Sharing confidential information outside the organization.
      • Bypassing security measures intentionally.
      • Accessing data unrelated to their job roles.
      • Running unauthorized software on company systems.

    Vulnerabilities Leading to Attacks

    • Weak Passwords: Easily guessable passwords can lead to unauthorized access.
    • Misdelivery: Sending sensitive information to incorrect recipients can expose data.
    • Unauthorized Software: Installing unverified applications can introduce vulnerabilities.
    • Download Risks: Unmonitored file downloads may lead to malware infections.
    • Phishing Downloads: Falling victim to phishing scams can compromise sensitive data.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    This quiz covers essential cybersecurity concepts from the ITC 1370 course, focusing on threats like keystroke loggers and Denial of Service (DoS) attacks. Understand how these attacks compromise sensitive data and disrupt network functionality. Test your knowledge on preventative measures and implications for business operations.

    More Like This

    Use Quizgecko on...
    Browser
    Browser