Chapter 9

Questions and Answers

What is the primary goal of hackers?

To improve system security

To gain unauthorized access with malicious intent (correct)

To provide technical support

To create new software

What type of cybercrime is identity theft classified as?

A software development method

A harmless prank

Illegal assumption of a person's identity for economic gain (correct)

A form of cyberterrorism

Which of the following describes ransomware?

A method of improving computer performance

Malicious software that encrypts data and demands payment for access (correct)

A type of hardware security measure

Software that protects against unauthorized access

What is the main objective of a DDoS attack?

To coordinate multiple computers to overwhelm a service

How do most internet scams typically initiate?

Via mass mailings to unsolicited individuals

Which type of cookie is generated only by the websites you are visiting?

First-party cookies

What is the primary function of anti-spyware programs?

Detect and remove privacy threats

Which mode in Google Chrome allows for private browsing where activity is not recorded?

Incognito Mode

Which law protects personal financial information?

Gramm-Leach-Bliley Act

What are web bugs primarily known for?

Tracking online user activity via invisible images

Which of the following is considered the most invasive and dangerous type of privacy threat?

Computer monitoring software

What is the primary purpose of a Disaster Recovery Plan?

To provide a way to continue operations during a disaster

What does online identity consist of?

Information posted voluntarily by individuals

Which act is designed to resist the disclosure of educational records?

Family Educational Rights and Privacy Act

Which of the following measures helps in preventing data loss?

Frequent backups

What is an example of a precaution to protect yourself from high-tech crimes?

Using antivirus software

What does Digital Rights Management (DRM) primarily control?

Access to electronic media and files

Which of the following is a component of Computer Ethics?

Copyright and Digital Rights Management

What major concern is related to the use of technology and personal data?

Privacy threats

Which type of cybercrime involves gaining unauthorized access to personal information?

Identity theft

What is a fundamental ethical concern in computing?

Digital rights management

Which method is NOT a way to protect computer security?

Encouraging open access

What role does social engineering play in cybercrime?

It involves manipulating people into divulging confidential information

Which of the following is a type of malicious software?

Zombies

What is the purpose of encrypting data?

To protect sensitive information from unauthorized access

Which law is specifically related to digital rights and copyright considerations?

Digital Millennium Copyright Act (DMCA)

What defines cyberbullying?

Posting harmful content online about someone

What is a common job requirement for IT Security Analysts?

Bachelor's or associate's degree in information systems

What significant change regarding anonymity is predicted for the future?

Systems will be able to track individual movements

Which of the following accurately represents plagiarism?

Representing someone else's work as your own

What is the expected salary range for IT Security Analysts?

$49,000 to $99,000

What is one of the major concerns regarding future privacy?

Continuous updating of personal digital footprints

Which skills are most important for IT Security Analysts?

Strong communication and research skills

What can future software be expected to do in retail environments?

Track customer movements and preferences

What is the primary purpose of phishing attacks?

To trick users into revealing personal information

Which of the following describes a worm?

A self-replicating program that fills a computer with information

What is the role of a botnet in cybercrime?

To conduct denial-of-service attacks by overwhelming a target

Which criminal act does the Computer Fraud and Abuse Act address?

Spreading malicious software across state lines

What is a common characteristic of rogue Wi-Fi hotspots?

They mimic legitimate networks to capture data

What is one method to restrict access to computers?

Using biometric scanning for authorized users

Which type of malware is often disguised as legitimate software?

Trojan horse

How can organizations prepare for potential disasters affecting data security?

By creating a comprehensive disaster recovery plan

Study Notes

Privacy, Security, and Ethics in Computing

• Learning changes everything
• Privacy concerns the collection and use of data about individuals
• Three primary privacy issues include: accuracy, property, and access
• Accuracy focuses on the responsibility of data collectors. Data collectors must ensure data is secure and correct
• Property relates to who owns the data
• Access concerns the responsibility of those who control and use data
• Big Data records all human events digitally
• Large organizations compile information about individuals daily.
• The federal government alone has over 2,000 databases.
• Information resellers/brokers collect and sell personal data (digital footprint) ,creating electronic profiles
• Personal information is a marketable commodity raising issues like collecting public but personally identifying information (such as Google Street View), spreading information without consent leading to identity theft, misinformation and mistaken identity
• The Freedom of Information Act and a right to look at your records held by government agencies are important considerations
• Private Networks monitor virtually everything employees do on their computers, including email monitoring, which is legal
• A proposed law might require companies to notify employees before monitoring
• Online identity is easily archived on the Web indefinitely
• Major privacy laws include the Gramm-Leach-Bliley Act (protecting personal financial information), Health Insurance Portability and Accountability Act (HIPAA - protecting medical records), and Family Educational Rights and Privacy Act (FERPA - protecting educational records).
• Most information collected by private organizations isn't currently included in existing laws
• Security protects individuals and organizations from theft and danger
• Hackers gain access with malicious intent (not all hackers are illegal)
• Cybercrime is criminal offenses involving computers and networks impacting over 400 million annually and costing about $400 billion annually
• Cyberterrorism is a politically motivated cybercrime

Forms of Computer Crime

• Identity theft- illegally assuming someone else's identity for financial gain
• Internet scams- fraud over the internet
• Data manipulation- unauthorized access and copying of network files
• Ransomware- malicious software that encrypts a user's data
• Denial-of-service attacks (DoS) and Distributed Denial-of-Service (DDoS) attacks- attempts to slow down/stop computer systems by overwhelming them with requests.

Internet Scams and Social Engineering

• Phishing- impersonating an organization to trick people into giving sensitive data
• Advanced-fee scams- receiving email from a person in distress, requiring financial assistance and payment of fees
• Greeting card scams- tricking victims into downloading malware to view a greeting card
• Bank loan/credit card scams- unusually good deals on loans or credit cards, demanding fees
• Lottery scams- claims of lottery winnings requiring a processing fee
• Social Engineering- manipulating people into revealing private data (identity theft, internet scams, data manipulation)
• Phishing is the most common social engineering technique

Malicious Software

• Malicious programs/Malware are designed by crackers to damage or disrupt a computer system
• A cracker is a computer criminal who creates and distributes malware
• Software like viruses, worms, and Trojan horses are examples of malicious software
• Viruses spread to other programs, Worms fill computers with self-replicating data, and Trojan horses are programs disguised as something else
• The Computer Fraud and Abuse Act makes spreading viruses a federal offense

Malicious Hardware

• Criminals use hardware for crime, including Zombies (computers infected by viruses, worms, or Trojan Horses), botnets (a collection of Zombies), rogue Wi-Fi hotspots (imitation of legitimate Wi-Fi to capture data), and infected USB flash drives

Computer Security Measures

• Prevent unauthorized people from viewing, copying or damaging data
• Measures like access restrictions, data encryption, disaster anticipates and data loss prevention are implemented
• Restrictions like passwords, dictionary attacks, biometric scanning (fingerprints, iris scans, and facial recognition) - secure access
• Automated security tasks like security suites, firewalls, and password managers make it possible
• Encryption codes information to make it unreadable except for authorized users
  • Common uses include email, file, website encryption; HTTPS, VPNs, WPA2 for secure access

Anticipating Disasters and Preventing Data Loss

• Physical security protects hardware.
• Data security protects software and data from unauthorized tampering
• Disaster recovery plans describe operating procedures for disaster events
• Frequent backups, redundant data storage, and storing data off-site prevent data loss

Making IT Work for You

• Precautions to take against high-tech crimes include:
  • Updating software
  • Regularly backing up data
  • Using antivirus software
  • Using strong passwords
  • Protecting against data breaches
  • Enabling two-factor authentication
  • Being careful when browsing and email scamming

Ethics

• Standards of moral conduct govern computing practices
• Computer ethics guidelines direct the morally acceptable use of computers
• Areas of consideration include copyright and digital rights management, cyberbullying, and plagiarism
  • Copyright gives creators control of their work
  • Software piracy is unauthorized copying
  • Digital rights management and the Digital Millennium Copyright Act protect digital content

Cyberbullying and Plagiarism

• Cyberbullying involves using the internet to harm others
• Plagiarism is presenting someone else's work as your own

Careers in IT

• IT security analysts maintain company security (network, systems, and data)
• Ensures confidentiality, integrity, and availability of information
• Experience in network administration/information systems is necessary
• Requires a bachelor's or associate's degree in information systems
• Must safeguard against external threats, have good communication and research skills
• Salary ranges from 49,000to49,000 to 49,000to99,000
• Job market is expected to grow

Open-Ended Questions

• Discussion of privacy impact of large databases and networks; laws defining online identity
• Definition of security; concepts of computer crime, social engineering, malware, malicious hardware
• Ways to protect computer security (restrictions, encryption, disaster anticipation, data loss prevention)
• Defining computer ethics, copyright law, cyberbullying, plagiarism

A Look to the Future

• Most modern forum and comment areas allow anonymous posting
• Future software can identify and track activity like shopping
• Security cameras can update online identities (tracking paths in malls)

Description

Explore the critical issues surrounding privacy, security, and ethics in computing. This quiz discusses topics like data accuracy, ownership, and access concerns in the context of big data and personal information. Understand the implications of data collection by large organizations and the role of information resellers.