Social Issues in IT - Cybersecurity Quiz

Questions and Answers

What is the primary concern related to cyberattacks?

They are always caused by external hackers.

They can enhance network performance.

They improve cybersecurity measures.

They may lead to data breaches. (correct)

Which of the following best describes the role of cybersecurity?

To protect systems from threats. (correct)

To facilitate easy access to information.

To encourage public sharing of sensitive data.

To increase the vulnerability of networks.

What is a potential consequence of inadequate cybersecurity?

Higher levels of customer engagement.

Loss of confidential information. (correct)

Increased operational efficiency.

Improved trust in digital systems.

Which option is a method commonly used to enhance cybersecurity?

Employing encryption techniques.

Why is it critical to understand the nature of cyberattacks?

To implement preventive measures effectively.

Which of the following is a common misconception about cybersecurity?

Cybersecurity is only necessary for large enterprises.

What can be considered a proactive approach to defending against cyberattacks?

Regularly updating security protocols.

Which of the following is a potential impact of a successful cyberattack on an organization?

Legal and financial repercussions.

What is one of the responsibilities of computer professionals concerning emerging technology?

To guide the ethical implications of technology

What is a major focus in the study of social and professional issues related to computing?

The impact of computers on societal norms

Which aspect is emphasized in ethics for IT workers and users?

Understanding legal implications of computer use

What is a key component of a strong security program against cyberattacks?

Regular updates of software and systems

How can organizations mitigate the effects of cyberattacks?

By implementing a comprehensive incident response plan

Which topic addresses the ethical implications of sharing information online?

Freedom of expression

What is one of the learning outcomes regarding cyberattacks?

To analyze the causes of computer incidents

In the context of computing responsibilities, what does intellectual property refer to?

The legal rights related to creative works

Study Notes

Course Manual: Social and Professional Issues in Information Technology

• This course examines the social impact, implications, and effects of computers, along with the responsibilities of computer professionals in the area of Information Systems.
• Specific topics include an overview of computing history, computer applications, their impact, the computing profession, legal and ethical responsibilities of professionals, and potential careers.

Table of Contents (Social and Professional Issues)

• Topic 1: Orientation
• Topic 2: Overview of Ethics
• Topic 3: Ethics for IT Workers and Users
• Topic 4: Cyberattacks and Cybersecurity
• Topic 5: Privacy
• Topic 6: Freedom of Expression
• Topic 7: Intellectual Property
• Topic 8: Ethical Decision Making in Systems Development
• Topic 9: Impact of Information Technology on Society
• Topic 10: Social Media
• Topic 11: Ethics of IT Organizations

Lesson 3: Cyberattacks and Cybersecurity

• Learning Outcomes:
  • Understanding factors behind the prevalence of computer incidents and their effects.
  • Implementing strategies to prevent cyberattacks.
  • Determining actions in case of successful security intrusions.

Learning Objectives (Cyberattacks and Cybersecurity)

• Explore factors contributing to computer incidents and their effects.
• Develop strategies for implementing strong security programs to prevent cyberattacks.
• Outline actions to take in case of successful security intrusion.

The Threat Landscape (Cyberattacks and Cybersecurity)

• Decisions concerning IT security require careful consideration of trade-offs between effort/cost and security considerations.
• Factors to account for include IT security safeguards' impact on business operations, potential for increased costs due to security safeguards and potential risks, and actions firms might take following a cybercrime.

Why Computer Incidents Are So Prevalent (Cyberattacks and Cybersecurity)

• Factors contributing to cyber incidents:
  • Increasing complexity and vulnerability.
  • Expanding network entry points.
  • Systems changes and expansion creating new security risks.
  • IT organizational actions must include keeping up with technological change, performing security assessments and dealing with new risks, and considerations regarding BYOD policies.

Classifying Perpetrators of Computer Crime (Cyberattacks and Cybersecurity)

• Type of Perpetrator | Description
• ----------------------- | ------------------------------------------------------------------
• Black hat hacker | Someone who violates computer security maliciously.
• Cracker | An individual who causes problems.
• Malicious insider | An employee who targets gain, financially or otherwise.
• Industrial spy | Someone who desires unfair advantage.
• Cybercriminal | Someone with financial motives that causes disruption.
• Hacktivist | Someone trying for political gain.
• Cyberterrorist | Someone seeking to destroy infrastructure.

Types of Exploits (Cyberattacks and Cybersecurity)

• Exploits (Part 1):

  • Ransomware – malware preventing computer use/access.
  • Viruses – disguised code that causes undesirable behavior.
  • Worms – harmful code in active memory that replicates.
  • Trojan horses – malicious code disguised as harmless.
  • Logic bombs – code executing on a specific event or triggered by a specific event.

• Exploits (Part 2):

  • Blended threats – simultaneous use of different vulnerabilities.
  • Spam – unsolicited emails.
  • CAN-SPAM Act – law regulating certain aspects of spam (return address, description and ability to opt-out needed)
  • CAPTCHA – test differentiating humans from computers.

• Exploits (Part 3):

  • DDoS attacks – overloading a target system with requests.
  • Rootkits – enabling administrator-level access without user consent.
  • APT (Advanced Persistent Threats) – attackers gaining persistent and undetected access.

• Exploits (Part 4):

  • Phishing – fraudulent emails designed to steal data.
  • Spear Phishing – targeted phishing emails directed to specific individuals.
  • Smishing – phishing through SMS messages.
  • Vishing – phishing through phone calls.

• Exploits (Part 5):

  • Cyberespionage – deployment of malware to steal data.
  • Cyberterrorism – use of IT to intimidate.
  • DHS (Department of Homeland Security) – federal agency ensuring national security
  • U.S. Computer Emergency Readiness Team (US-CERT)

Federal Laws for Prosecuting Computer Attacks (Cyberattacks and Cybersecurity)

• Laws exist to address computer fraud, including unauthorized access, harm caused or transmission of code, computer password trafficking, and threats.
• Cybercrime Prevention Act, Data Privacy Act, E-Commerce Act, Anti-Photo & Video Voyeurism Act, and Anti-Trafficking in Persons Act.

Implementing CIA Security (Cyberattacks and Cybersecurity)

• CIA security (Confidentiality, Integrity, Availability) is essential, implemented at organizational, network, application, and end-user levels. Risk assessments, security policies and security audits
• Authentication and authorization methods are critical.

Implementing CIA at the Organization Level (Cyberattacks and Cybersecurity)

• Risk assessment processes identify threats and vulnerabilities, helping organizations prioritize mitigation efforts.

Disaster Recovery (Cyberattacks and Cybersecurity):

• Disaster recovery plans guide organizations in recovering from computer security incidents.
• Mission-critical processes are crucial for ongoing operations, and are prioritized during recovery processes.

Security Policies and Security Audits (Cyberattacks and Cybersecurity)

• Organizations can create their own security policies to define requirements and establish protocols.
• Security audits help evaluate policies and procedures, and how well an organization is upholding policies and procedures in place.

Implementing CIA at the Network Level (Cyberattacks and Cybersecurity)

• Authentication methods, firewalls and routers, and encryption protocols help secure networks.

Implementing CIA at Application Level: (Cyberattacks and Cybersecurity)

• End-users should be educated on proper security practices.
• Implement antivirus software and encryption to protect from viruses and threats.

Implementing CIA at End-User Level (Cyberattacks and Cybersecurity)

• Educating end-users about their security responsibilities.
• Implement methods to help prevent unauthorized access.

Incident Notification (Cyberattacks and Cybersecurity)

• Incident notification processes determine who needs to be notified in a computer incident.
• It provides a framework concerning who should be contacted during a disruption, when local authorities or the FBI should be contacted, and under what conditions contact should be made.

Protection of Evidence and Activity Logs (Cyberattacks and Cybersecurity)

• Details of incidents should be documented. Logs are crucial to investigate an incident for possible misuse, fraud, etc.

Eradication and Incident Follow-Up (Cyberattacks and Cybersecurity)

• Eradication efforts start after collecting and logging evidence, and verifying backups.
• Incident follow-up involves investigating and determining how the incident occurred so it doesn't happen again, and documentation of formal incident reports.

Using an MSSP (Cyberattacks and Cybersecurity)

• A managed security service provider is an outside service provider that manages and maintains a business' computer and network security.

Computer Forensics (Cyberattacks and Cybersecurity)

• The process of collecting, examining, and preserving digital evidence in a way it can be used in court proceedings.

Summary

• The document is about computer attacks and the ways to address them effectively.

Description

Test your knowledge on social and professional issues related to cybersecurity in information technology. This quiz covers various topics including cyberattacks, ethical responsibilities, and impacts on society. Engage with questions that reflect current challenges faced by IT professionals.