Understanding Cyber Security - Unit 1

Questions and Answers

What is the primary focus of cyber security?

Protecting privacy, ensuring data integrity, and safeguarding identity. (correct)

Enhancing the speed of internet connections.

Reducing the cost of technology hardware.

Developing new software applications.

Why has cyber security become more critical in recent years?

Due to a decrease in the number of internet users.

Because of the reduced reliance on connected technologies.

As the world has become more dependent on digital technologies. (correct)

Due to the lower frequency of cyber criminal activities.

What are potential consequences of cyber security breaches for businesses?

Enhanced brand image and increased market share.

Increased customer satisfaction and loyalty.

Improved employee productivity and morale.

Reputation damage, system downtime, and financial losses. (correct)

What aspect of data is a key concern of cyber security, along with privacy and confidentiality?

Data integrity.

What was the approximate percentage of businesses experiencing cyber-attacks in 2017?

50% of businesses.

What does the term 'cyber security' primarily involve?

Implementing safeguards to reduce digital security breaches.

Which of the following best describes a 'covert' outsider attack?

An attack involving the transmission of malicious software from outside.

What is the main driver behind the increased opportunity for cybercriminals?

The increased reliance on the internet.

What type of security issue involves unauthorized physical access to a computer system?

Physical security

What is cited as a key trend in modern communications and business activities?

An exponential growth in daily web traffic.

A computer virus falls under which classification of security threat?

Rogue software

What is the critical element that defines a network security issue?

Unauthorized access or compromise of a network.

What does the term 'outsiders unintended' refer to concerning security threats?

An outsider accidentally causing harm to computer systems or data.

Three decades ago, how was the field of computer security viewed?

It was largely non-existent.

What is the analogy used to describe the continuous battle between cyber security experts and cybercriminals?

A cat-and-mouse game

What does the text suggest regarding the possibility of 100% protection from cyber attacks?

It is impossible due to the ever-evolving techniques of cybercriminals.

What is a primary consequence for businesses that neglect cyber security?

Catastrophic impacts, such as data loss and reputational damage

Why can data breaches affecting customers be more damaging than those only impacting the company?

The reputational and legal impact of customer data breaches can be more severe than direct attacks on the company

What legal obligation do businesses have regarding customer data in the online space?

They have a legal obligation to protect their customers online

In the context of data security, who are classified as 'insiders'?

Employees within an organization who have access to company systems

Why can employees pose a more serious threat than outsiders?

Employees have greater access privileges and organizational knowledge

What is an example of 'insiders overt' security breaches?

A disgruntled employee maliciously damaging equipment and destroying company data

Which of the following is most likely to result from an 'insiders covert' action?

A deliberate action by an employee that could incur large reputational or financial impact

What is the most common threat class regarding internal breaches?

Unintended breaches caused by insiders making genuine errors

What is smishing primarily associated with?

Phishing via SMS text messages

What characterizes black hat hackers?

They act with criminal intent and disregard for victims.

Which type of hacker is hired by businesses to uncover security vulnerabilities?

White Hat

What is the main objective of computer vandalism?

To damage or destroy IT systems

Which type of hacker might be hired before a system launch to check for potential issues?

Blue Hat

What is typically the motivation behind computer hacking?

To obtain sensitive data or disrupt information

What distinguishes grey hat hackers from other types?

They charge a fee for their vulnerability identification services.

What can be a consequence of computer hacking?

Ransom demands to unlock encrypted systems

What is the primary intent behind the vast majority of computer viruses?

To cause problems for those affected

Which of the following is NOT a necessary condition for an email to be considered spam?

Sent with the recipient's express permission

What is a common characteristic of items involved in online auction fraud?

They often do not exist or won't reach the buyer

What typically motivates a cybercriminal to engage in cyber squatting?

To resell trademarked domain names at a higher price

What happens when the conditions of a logic bomb are met?

The code triggers an automatic activation causing disruption

What is the main purpose behind web jacking?

To demand a ransom or achieve political/social goals

Which statement about spam emails is true?

They can be inconvenient but are not usually considered dangerous

Why might some hackers develop advanced viruses?

To cause widespread damage to computer systems

What is the primary goal of physical security measures for computers and network systems?

Protecting the facility from unauthorized access

Why is user tracking important in a cyber security framework?

To create a detailed log of user activities for accountability

Which of the following can be a consequence of insufficient physical security for a facility?

Higher insurance premiums

What component is NOT mentioned as a potential physical security measure?

Automated user tracking systems

How can the effectiveness of a company's physical security be evaluated?

By conducting a regular cyber security risk assessment

What is one risk of not tracking user activity within a system?

Difficulties in attributing actions to specific users

What potential threat should physical security measures also consider beyond unauthorized access?

Natural disasters such as fire or flood

What is a critical element of user tracking in a cyber security context?

Details of activities performed by each user on the system

Study Notes

Unit 1: Understanding Cyber Security

• Cyber security refers to all safeguards to reduce digital security breaches, protecting privacy, confidentiality, along with data integrity and identity protection.
• Cyber security breaches are increasing in a world relying on connected technology.
• Cyber security issues are costly, impacting reputation, causing system downtime, and resulting in financial loss.
• Half of businesses in 2017 suffered attacks or attempted breaches.
• Businesses worldwide are prioritizing cyber security through robust measures and hiring experts.

Learning Outcomes

• Learners will define cyber security and its objectives.
• Learners will understand various cybercrime causes and those responsible.
• Learners will discuss cybercrime classifications and Microsoft's 10 laws of computer security.

What is Cyber Security?

• Cyber security encompasses all measures to reduce digital security breaches.
• It affects all computers and mobile devices, potentially targeted by cyber criminals.
• Key elements include privacy, confidentiality, data integrity, and identity protection.
• Cybercrime incidents are becoming more common.

The Importance of Security

• The internet has fundamentally transformed daily life for billions globally.
• Increasing internet traffic volume presents a significant opportunity for cyber criminals.
• Cyber security is no longer optional for businesses, with attacks having devastating consequences.
• Reputational damage can be challenging to overcome after an attack, even after business operations resume as normal.
• Protecting customers is crucial: a breach impacting customers can be more damaging than an attack on the company.

Insiders and Outsiders

• Cyber security classifications involve insiders (employees) and outsiders (non-employees).
• Insider threats are often classified as overt, covert, and unintended.
• Outsiders can carry out overt, covert, unintended attacks, or accidents.
• Accidents, such as natural disasters or equipment failures, represent a special class of threats that are not directly caused by humans.

The Seven Individual Classes

• Insiders overt: actions by disgruntled employees, leading to data compromise or equipment damage.
• Insiders covert: employees with privileged access causing more damage than outsiders.
• Insiders unintended: security issues caused by human error.
• Outsiders overt: direct attacks on network systems by outsiders— including denial-of-service (DoS) attacks).
• Outsiders covert: attacks involving software transmission from outside the business.
• Outsiders unintended: outsiders unintentionally harming a computer or accessing sensitive data.
• Accidents: issues regarding data integrity or security from unpredictable events—like natural disasters.

Classifications of Computer Security Issues

• Physical security: includes theft, damage, or physical access of computer equipment, systems, or data.
• Rogue software: includes viruses, malware, and other malicious software.
• Network security: comprises breaches and compromises of networks without authorization.

Microsoft’s 10 Laws of Cyber Security

• If someone persuades you to run a program, it’s no longer your computer.
• If someone alters the operating system, it’s no longer your computer.
• If someone has physical access, it’s no longer your computer.
• If someone uploads to your website, it's no longer your website.
• Weak passwords defeat strong security. (and other 5 points)

Recovery Planning

• A well-prepared disaster recovery plan outlines steps in case of facility destruction or inoperability
• Keeping hard copies of important documents alongside backups can aid recovery.
• Cybercrime refers to unlawful acts involving computers or connected devices.
• Motivations for cybercrime can include greed, revenge, or simple enjoyment.

Cyber Crimes

• Insider attacks occur from within an organisation.
• External attacks are launched from outside.

Structured & Unstructured Attacks

• Unstructured attacks are performed by individuals with limited experience or motivation, often randomly.
• Structured attacks are planned by skilled perpetrators, aiming to exploit vulnerabilities or gain access strategically.

Motivations for Cyber Crime

• Monetary gain
• Revenge
• Terrorism
• Recognition
• Anonymity
• Espionage

The Different Kinds of Cyber Crime

• Cyber stalking occurs through harassment or threats on social media.
• Child pornography involves possession and distribution of inappropriate content.
• Forgery/Counterfeiting involves creating fake documents.
• Software piracy violations copyright on software.
• Cyber terrorism aims to coerce or intimidate in pursuing a cause or political goal

Phishing

• Phishing involves tricking parties to reveal personal info by imitating trustworthy sources (often via email)
• Computer vandalism is damaging or destroying computer systems or data.
• Computer hacking encompasses unauthorized access of computer systems by malicious intent.
• White hat hacking is ethical and used for finding vulnerabilities.
• Black hat hacking aims at criminal activities.
• Grey hat hacking involves finding vulnerabilities, then offering services for remediation.

Other Cybercrimes

• Internet time theft: hacking to use an individual's internet account.
• Denial of Service (DoS) attacks: flooding a website to stop it functioning.
• Email Spoofing: fraudulently making email header look like they came from a different source.

Description

This quiz focuses on the fundamentals of cyber security, emphasizing its importance in today's digital landscape. Learners will explore definitions, objectives, and classifications of cyber crimes, as well as the implications of security breaches on businesses. Gain insights into the measures that organizations can take to protect their information.