Physical Security and Virtual World

Questions and Answers

What is the name of the 2FA feature in Facebook?

Login Approvals (correct)

Two-Factor Authentication

Login Verifications

Security Lock

What is the first step to enable 2FA in Gmail?

Click on the Account image Icon

Select Security in the navigation panel

Go to the security Tab

Open your Google Account (correct)

What is the purpose of the Registration Lock feature in Signal?

To enable two-factor authentication on a new device

To enhance security and require an additional PIN while registering Signal on a new device (correct)

To create a new PIN

To offer backup codes

What happens if you forget your PIN and have no access to your old device in Signal?

You will have to wait 7 days for the Registration Lock to expire

How do you enable 2FA in Instagram?

The steps are not provided in the content

What is the next step after clicking 'Get Started' in the 2FA process for Gmail?

Tap Yes

What is the purpose of the '2-Step Verification' feature in Gmail?

To enhance security by requiring an additional step while logging in

How do you turn on 2FA in Facebook?

By clicking 'Enable' in the Login Approvals settings

What is the final step to complete the 2FA process in Gmail?

2FA is Turn On

Does Signal support Authenticator apps or offer backup codes?

No, it does not support Authenticator apps or offer backup codes

What is the primary goal of a phishing attack?

To lure individuals into providing sensitive data

Why is it crucial to set password expiration and account lockout policies?

To protect against incorrect password entries

What is the result of a successful phishing attack?

Identity theft and financial loss

What is the purpose of taking an enemy's perspective in cybersecurity?

To recognize risk actors and their goals

What type of attack involves contacting targets by email, telephone, or text message?

Phishing attack

What is a common type of phishing attack?

Phishing URL Attack

Why is it essential to keep your cybersecurity solution updated?

To ensure the solution is trusted and reputable

What is a common goal of phishing attackers?

To collect vital information on the World Health Organization's initiative

What is the consequence of not recognizing risk actors and their goals?

Organizations become vulnerable to attacks

What is the purpose of setting account lockout policies?

To protect against incorrect password entries

Study Notes

Virtual World and Virtual Security

• The virtual world is a computer-based online community environment where individuals can interact in a custom-built, simulated world using text-based, two-dimensional or three-dimensional graphical models.
• Virtual security involves the protection of data and other information stored remotely across the internet or in the cloud.
• Virtual security focuses on keeping unsafe information out and ensuring approval and authorizations.

Importance of Virtual Security

• Losses in the virtual world are related to data security.
• Data is the most valuable asset in the virtual world.
• Examples of valuable data include Gmail accounts and other digitally connected accounts.

Need for Virtual Security

• We worry about something when we have something valuable and there is a risk associated with it.
• The virtual world provides an experimental manner of learning and developing technology.

Physical World vs Virtual World

• Physical world: being cautious about our actions and their permanent impacts on our lives.
• Virtual world: learning and developing technology in an experimental manner.

Internet

• The internet is a globally connected network system that uses TCP/IP to link devices.
• The internet can be used to transfer data via various types of media.
• Data available over the internet is free for anyone who wants to access it.

History of Internet

• The internet was developed in the 1970s as a combined effort of many scientists, programmers, and engineers.
• The first picture ever uploaded on the web was posted by Tim Berners-Lee.

Cyber Security

• Cyber security involves protecting data and other information from unauthorized access, theft, or damage.
• The CIA triad principle is used to ensure confidentiality, integrity, and availability of data.

Understanding Risk, Threat, and Vulnerability

• Risk: potential for loss or damage when a threat exploits a vulnerability.
• Threat: a new or newly discovered incident that has the potential to harm a system or company.
• Vulnerability: a known weakness of an asset that can be exploited by one or more attackers.

Common Vulnerabilities

• Unrestricted upload of dangerous file types
• Cross-site scripting and forgery
• Denial of services
• Download of code without integrity checks
• Virus-infected software
• Missing data encryption
• OS command injection
• Path traversal
• Data breach

Two-Factor Authentication (2FA)

• 2FA is a security process that requires two forms of verification to access an account or system.
• Examples of 2FA include login approvals, two-step verification, and registration locks.

2FA for Facebook, Gmail, and Instagram

• Steps to enable 2FA for Facebook, Gmail, and Instagram are provided in the text.
• 2FA adds an extra layer of security to prevent unauthorized access to accounts.

Vulnerability

• A vulnerability is a weakness that can be exploited to attack an individual or organization.
• Examples of vulnerabilities include:
  • Employee sharing confidential information on social media.
  • Outdated anti-virus software.
  • Inactive security guard for access control.

Risk

• Risk is the potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability.
• Risk is the product of Vulnerability and Threat, represented as R = VT.
• Examples of risks include:
  • Financial losses.
  • Loss of privacy.
  • Reputational damage.
  • Legal implications.
  • Loss of life.

Relationship between Risk, Threat, and Vulnerability

• Threats may exist, but if there are no vulnerabilities, there is no risk.
• Similarly, if there is a vulnerability, but no threat, there is no risk.
• Risk is the product of Vulnerability and Threat.

Cyber Security

• Cybersecurity is necessary to protect against threats and vulnerabilities.
• Cybersecurity measures can be taken to safeguard assets.

Threat

• A threat is a new or newly discovered incident that has the potential to harm a system or company.
• Examples of threats include:
  • Fire.
  • Earthquake.
  • Oil spillage.
  • Bomb.
  • Terrorist.
  • Hacker.
• Threats are negative scenarios that need to be avoided.

Phishing

• Phishing is a cybercrime in which a target is contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.
• Phishing attacks can result in:
  • Identity theft.
  • Financial loss.
• Examples of phishing attacks include:
  • Targeted phishing emails to collect vital information on the World Health Organization's initiative for distributing COVID-19 vaccines.

Phishing Attack Statistics

• Phishing email attacks.
• Phishing URL attacks.

The Opposite Side: Taking an Enemy Perspective

• Organizations should recognize risk actors and their goals by looking at themselves from the attacker's perspective.

Description

This quiz covers physical security measures, including hardware and software, to protect against natural disasters, theft, and other physical actions. It also explores virtual worlds and online community environments.