ITM100 CHAPTER 8 QUIZ

Cybersecurity and Cyberwarfare Threats

• The 2019 Cost of a Data Breach Report found that the average cost of a data breach among 507 surveyed companies globally was $3.92 million.
• The U.S. Congress addressed computer crime threats in 1986 with the Computer Fraud and Abuse Act, making unauthorized computer system access illegal.
• European nations and most U.S. states have similar laws addressing computer crimes.
• Cyberwarfare involves state-sponsored activities designed to cripple and defeat other nations by penetrating their computers or networks to cause damage and disruption.
• Cyberwarfare targets include military, power grids, financial systems, and communication networks, and can be conducted by nonstate actors such as terrorists or criminal groups.
• Foreign hackers have stolen source code, blueprints, and plans for critical infrastructure from the United States.
• U.S. intelligence reports that over 30 countries are developing offensive cyberattack capabilities, including Russia, China, Iran, and North Korea.
• The U.S. Cyber Command coordinates and directs operations and defense of Department of Defense information networks and prepares for military cyberspace operations.
• Cyberwarfare poses a serious threat to the infrastructure of modern societies, including their major financial, health, government, and industrial institutions that rely on the Internet for daily operations.
• Insiders pose serious security problems for businesses, with user lack of knowledge being the greatest cause of network security breaches.
• Employees may inadvertently compromise systems by forgetting passwords or falling victim to social engineering tactics.
• Companies face legal and regulatory requirements for electronic records management, such as the General Data Protection Regulation (GDPR) in the EU, and failure to comply may lead to costly litigation.

Information Security Regulations and Auditing

• HIPAA (Health Insurance Portability and Accountability Act) of 1996 outlines security and privacy rules for healthcare data, including privacy, security, and electronic transaction standards.
• The U.S. Financial Services Modernization Act (Gramm-Leach-Bliley Act) requires financial institutions to ensure the security and confidentiality of customer data, including storage and transmittal.
• The Sarbanes-Oxley Act of 2002 is designed to protect investors in public companies by ensuring the accuracy and integrity of financial information.
• In the UK, regulations such as the Records Management Code of Practice for Health and Social Care and the Companies Act 2006 impose specific requirements for managing records and corporate governance.
• Sarbanes-Oxley focuses on internal controls to govern the creation and documentation of financial information, requiring consideration of information systems security and controls.
• Disaster recovery planning focuses on the restoration of disrupted computing and communications services, while business continuity planning focuses on restoring business operations after a disaster.
• Firms may use duplicate computer centers, cloud-based disaster recovery services, or firms providing spare computers for emergency backup.
• Business continuity plans identify critical business processes and action plans for handling mission-critical functions if systems go down.
• PricewaterhouseCoopers LLP (PwC) UK has developed business continuity plans to provide resilient and recoverable operations in the event of crises.
• Business impact analysis is conducted to identify critical systems and determine the maximum amount of time the business can survive with its systems down.
• Information systems audits examine the firm’s security environment and controls, trace the flow of transactions, and may simulate an attack or disaster to test the response.
• Audits list and rank control weaknesses, estimating the probability of their occurrence and assessing financial and organizational impacts.

Explore the world of cybersecurity and cyberwarfare threats, including state-sponsored activities, data breaches, insider security problems, and the impact on modern societies. Learn about information security regulations and auditing, including laws like HIPAA, the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act, as well as disaster recovery planning and business impact analysis.