Chapter 9

Questions and Answers

What is the primary goal of hackers?

• To improve system security
• To gain unauthorized access with malicious intent (correct)
• To provide technical support
• To create new software

What type of cybercrime is identity theft classified as?

• A software development method
• A harmless prank
• Illegal assumption of a person's identity for economic gain (correct)
• A form of cyberterrorism

Which of the following describes ransomware?

• A method of improving computer performance
• Malicious software that encrypts data and demands payment for access (correct)
• A type of hardware security measure
• Software that protects against unauthorized access

What is the main objective of a DDoS attack?

To coordinate multiple computers to overwhelm a service (A)

How do most internet scams typically initiate?

Via mass mailings to unsolicited individuals (C)

Which type of cookie is generated only by the websites you are visiting?

First-party cookies (D)

What is the primary function of anti-spyware programs?

Detect and remove privacy threats (A)

Which mode in Google Chrome allows for private browsing where activity is not recorded?

Incognito Mode (D)

Which law protects personal financial information?

Gramm-Leach-Bliley Act (C)

What are web bugs primarily known for?

Tracking online user activity via invisible images (D)

Which of the following is considered the most invasive and dangerous type of privacy threat?

Computer monitoring software (D)

What is the primary purpose of a Disaster Recovery Plan?

To provide a way to continue operations during a disaster (A)

What does online identity consist of?

Information posted voluntarily by individuals (D)

Which act is designed to resist the disclosure of educational records?

Family Educational Rights and Privacy Act (D)

Which of the following measures helps in preventing data loss?

Frequent backups (A)

What is an example of a precaution to protect yourself from high-tech crimes?

Using antivirus software (C)

What does Digital Rights Management (DRM) primarily control?

Access to electronic media and files (D)

Which of the following is a component of Computer Ethics?

Copyright and Digital Rights Management (B)

What major concern is related to the use of technology and personal data?

Privacy threats (D)

Which type of cybercrime involves gaining unauthorized access to personal information?

Identity theft (B)

What is a fundamental ethical concern in computing?

Digital rights management (C)

Which method is NOT a way to protect computer security?

Encouraging open access (B)

What role does social engineering play in cybercrime?

It involves manipulating people into divulging confidential information (C)

Which of the following is a type of malicious software?

Zombies (B)

What is the purpose of encrypting data?

To protect sensitive information from unauthorized access (A)

Which law is specifically related to digital rights and copyright considerations?

Digital Millennium Copyright Act (DMCA) (B)

What defines cyberbullying?

Posting harmful content online about someone (B)

What is a common job requirement for IT Security Analysts?

Bachelor's or associate's degree in information systems (C)

What significant change regarding anonymity is predicted for the future?

Systems will be able to track individual movements (B)

Which of the following accurately represents plagiarism?

Representing someone else's work as your own (C)

What is the expected salary range for IT Security Analysts?

$49,000 to $99,000 (B)

What is one of the major concerns regarding future privacy?

Continuous updating of personal digital footprints (C)

Which skills are most important for IT Security Analysts?

Strong communication and research skills (B)

What can future software be expected to do in retail environments?

Track customer movements and preferences (A)

What is the primary purpose of phishing attacks?

To trick users into revealing personal information (B)

Which of the following describes a worm?

A self-replicating program that fills a computer with information (C)

What is the role of a botnet in cybercrime?

To conduct denial-of-service attacks by overwhelming a target (D)

Which criminal act does the Computer Fraud and Abuse Act address?

Spreading malicious software across state lines (D)

What is a common characteristic of rogue Wi-Fi hotspots?

They mimic legitimate networks to capture data (C)

What is one method to restrict access to computers?

Using biometric scanning for authorized users (A)

Which type of malware is often disguised as legitimate software?

Trojan horse (D)

How can organizations prepare for potential disasters affecting data security?

By creating a comprehensive disaster recovery plan (C)

Flashcards

Impact of technology on privacy

Technology, especially large databases, private networks, the internet, and the web, significantly affect personal privacy.

Online Identity

The representation of oneself online, including digital profiles and interactions.

Cybercrimes

Criminal activities performed online, such as identity theft, scams, data manipulation, ransomware, and denial-of-service attacks.

Social Engineering

Manipulating people to gain access to sensitive information or systems.

Malware

Malicious software designed to damage or disrupt systems.

Computer Security

Protecting computers and data from unauthorized access, use, disclosure, disruption, modification, or destruction.

Computer Ethics

Principles and guidelines for responsible use of computer systems and software.

Privacy Concerns

Significant worries about the protection of personal information in the technological age.

Identity theft

Using someone else's identity illegally for financial gain.

Ransomware

Malicious software that encrypts data and demands a ransom.

Denial-of-service (DoS) attack

Flooding a computer/network with requests to slow it down or stop it.

Cookies

Small data files saved on your computer from websites.

First-party cookies

Cookies created by the website you are visiting.

Third-party cookies

Cookies created by a different company affiliated with a website.

Privacy modes

Browser features that limit data collection.

Web bugs

Hidden images or code in emails or websites that track activity.

Privacy threats (general)

Methods used to gather or exploit your personal online information without your consent.

Disaster Recovery Plan

A detailed strategy for continuing business operations after a disaster, outlining steps to restore data, systems, and communication.

Data Backup

Creating copies of important data to prevent loss in case of system failure or data corruption.

Redundant Data Storage

Storing data in multiple locations to ensure availability even if one location is lost or inaccessible.

Software Piracy

Illegal copying and distribution of copyrighted software without permission.

Digital Rights Management (DRM)

Technologies that control access and usage of digital content, preventing unauthorized copying or distribution.

Cyberbullying

Using the internet to intentionally harm someone with hurtful messages, images, or videos.

Plagiarism

Using someone else's work or ideas as your own without giving them credit.

IT Security Analyst

This job protects a company's network, systems, and data from security threats.

Facial Recognition

Technology that identifies people by analyzing their facial features.

Data Manipulation

Altering or changing data illegally, often for personal gain.

DoS Attack

A type of cyberattack that floods a server with traffic, making it unavailable to users.

Phishing

A social engineering technique where attackers trick users into thinking a fake website or email is legitimate, often to steal personal information.

Virus

A type of malware that can spread throughout networks and attach itself to different programs.

Worm

A self-replicating malware program that can fill a computer with unwanted data.

Trojan Horse

A type of malware disguised as a legitimate program, often used to gain access to a computer.

Zombie

A computer infected with malware, controlled by an attacker from afar.

Botnet

A network of infected computers, controlled by a single attacker, often used for large-scale attacks.

Rogue Wi-Fi Hotspot

A fake Wi-Fi network that appears legitimate, but is actually controlled by an attacker to capture user data.

Study Notes

Privacy, Security, and Ethics in Computing

• Learning changes everything
• Privacy concerns the collection and use of data about individuals
• Three primary privacy issues include: accuracy, property, and access
• Accuracy focuses on the responsibility of data collectors. Data collectors must ensure data is secure and correct
• Property relates to who owns the data
• Access concerns the responsibility of those who control and use data
• Big Data records all human events digitally
• Large organizations compile information about individuals daily.
• The federal government alone has over 2,000 databases.
• Information resellers/brokers collect and sell personal data (digital footprint) ,creating electronic profiles
• Personal information is a marketable commodity raising issues like collecting public but personally identifying information (such as Google Street View), spreading information without consent leading to identity theft, misinformation and mistaken identity
• The Freedom of Information Act and a right to look at your records held by government agencies are important considerations
• Private Networks monitor virtually everything employees do on their computers, including email monitoring, which is legal
• A proposed law might require companies to notify employees before monitoring
• Online identity is easily archived on the Web indefinitely
• Major privacy laws include the Gramm-Leach-Bliley Act (protecting personal financial information), Health Insurance Portability and Accountability Act (HIPAA - protecting medical records), and Family Educational Rights and Privacy Act (FERPA - protecting educational records).
• Most information collected by private organizations isn't currently included in existing laws
• Security protects individuals and organizations from theft and danger
• Hackers gain access with malicious intent (not all hackers are illegal)
• Cybercrime is criminal offenses involving computers and networks impacting over 400 million annually and costing about $400 billion annually
• Cyberterrorism is a politically motivated cybercrime

Forms of Computer Crime

• Identity theft- illegally assuming someone else's identity for financial gain
• Internet scams- fraud over the internet
• Data manipulation- unauthorized access and copying of network files
• Ransomware- malicious software that encrypts a user's data
• Denial-of-service attacks (DoS) and Distributed Denial-of-Service (DDoS) attacks- attempts to slow down/stop computer systems by overwhelming them with requests.

Internet Scams and Social Engineering

• Phishing- impersonating an organization to trick people into giving sensitive data
• Advanced-fee scams- receiving email from a person in distress, requiring financial assistance and payment of fees
• Greeting card scams- tricking victims into downloading malware to view a greeting card
• Bank loan/credit card scams- unusually good deals on loans or credit cards, demanding fees
• Lottery scams- claims of lottery winnings requiring a processing fee
• Social Engineering- manipulating people into revealing private data (identity theft, internet scams, data manipulation)
• Phishing is the most common social engineering technique

Malicious Software

• Malicious programs/Malware are designed by crackers to damage or disrupt a computer system
• A cracker is a computer criminal who creates and distributes malware
• Software like viruses, worms, and Trojan horses are examples of malicious software
• Viruses spread to other programs, Worms fill computers with self-replicating data, and Trojan horses are programs disguised as something else
• The Computer Fraud and Abuse Act makes spreading viruses a federal offense

Malicious Hardware

• Criminals use hardware for crime, including Zombies (computers infected by viruses, worms, or Trojan Horses), botnets (a collection of Zombies), rogue Wi-Fi hotspots (imitation of legitimate Wi-Fi to capture data), and infected USB flash drives

Computer Security Measures

• Prevent unauthorized people from viewing, copying or damaging data
• Measures like access restrictions, data encryption, disaster anticipates and data loss prevention are implemented
• Restrictions like passwords, dictionary attacks, biometric scanning (fingerprints, iris scans, and facial recognition) - secure access
• Automated security tasks like security suites, firewalls, and password managers make it possible
• Encryption codes information to make it unreadable except for authorized users
  • Common uses include email, file, website encryption; HTTPS, VPNs, WPA2 for secure access

Anticipating Disasters and Preventing Data Loss

• Physical security protects hardware.
• Data security protects software and data from unauthorized tampering
• Disaster recovery plans describe operating procedures for disaster events
• Frequent backups, redundant data storage, and storing data off-site prevent data loss

Making IT Work for You

• Precautions to take against high-tech crimes include:
  • Updating software
  • Regularly backing up data
  • Using antivirus software
  • Using strong passwords
  • Protecting against data breaches
  • Enabling two-factor authentication
  • Being careful when browsing and email scamming

Ethics

• Standards of moral conduct govern computing practices
• Computer ethics guidelines direct the morally acceptable use of computers
• Areas of consideration include copyright and digital rights management, cyberbullying, and plagiarism
  • Copyright gives creators control of their work
  • Software piracy is unauthorized copying
  • Digital rights management and the Digital Millennium Copyright Act protect digital content

Cyberbullying and Plagiarism

• Cyberbullying involves using the internet to harm others
• Plagiarism is presenting someone else's work as your own

Careers in IT

• IT security analysts maintain company security (network, systems, and data)
• Ensures confidentiality, integrity, and availability of information
• Experience in network administration/information systems is necessary
• Requires a bachelor's or associate's degree in information systems
• Must safeguard against external threats, have good communication and research skills
• Salary ranges from 49,000to49,000 to 49,000to99,000
• Job market is expected to grow

Open-Ended Questions

• Discussion of privacy impact of large databases and networks; laws defining online identity
• Definition of security; concepts of computer crime, social engineering, malware, malicious hardware
• Ways to protect computer security (restrictions, encryption, disaster anticipation, data loss prevention)
• Defining computer ethics, copyright law, cyberbullying, plagiarism

A Look to the Future

• Most modern forum and comment areas allow anonymous posting
• Future software can identify and track activity like shopping
• Security cameras can update online identities (tracking paths in malls)

Description

Explore the critical issues surrounding privacy, security, and ethics in computing. This quiz discusses topics like data accuracy, ownership, and access concerns in the context of big data and personal information. Understand the implications of data collection by large organizations and the role of information resellers.