1 Flashcards
1
What is the primary focus of information security in the modern digital era?
Governed by legal, ethical, and professional standards.
What does the legal aspect of information security protect against?
Cyber threats, ensuring compliance and accountability.
What role do ethics play in information security?
Guide professionals in responsible decisions regarding data privacy and cybersecurity practices.
What is professionalism in the context of information security?
Maintaining integrity, competence, and a duty to protect information assets.
What are the potential consequences of unethical behavior in cybersecurity?
Legal consequences, financial damage, reputational harm, operational disruption.
What law can lead to criminal charges for unauthorized access (hacking)?
Computer Fraud and Abuse Act (CFAA).
What can data breaches due to negligence result in?
Heavy fines under laws like HIPAA or GDPR.
What is ethical hacking?
Legally authorized practice of probing systems to identify vulnerabilities.
What are ethical hackers also known as?
White-hat hackers.
What is the intent of unethical hacking?
Stealing data, causing harm, or disrupting operations.
Who are black-hat hackers?
Hackers engaged in unauthorized access with malicious intent.
What is penetration testing?
Simulating cyberattacks to find and fix weaknesses.
What is a bug bounty program?
Companies reward ethical hackers for reporting security flaws.
What does the GDPR stand for?
General Data Protection Regulation.
What is the purpose of the GDPR?
Protect the privacy and personal data of EU citizens.
What is a key provision of the GDPR?
Companies must report data breaches within 72 hours.
What does the Digital Millennium Copyright Act (DMCA) protect against?
Digital piracy and unauthorized access to copyrighted material.
What is one notable case associated with the CFAA?
Aaron Swartz Case (2011-2013).
What is the purpose of the U.S. Electronic Communications Privacy Act (ECPA)?
Regulate government and private surveillance of electronic communications.
What is one example of unethical hacking?
Ransomware attacks.
Fill in the blank: Ethical hackers use their skills to ______.
strengthen security and prevent breaches.
Fill in the blank: Unauthorized access to systems is characteristic of ______ hacking.
unethical.
True or False: Ethical hacking requires authorization from the system owner.
True.
True or False: Black-hat hackers act within legal and ethical boundaries.
False.
What is one of the key lessons from Kevin Mitnick’s story?
Even notorious black-hat hackers can turn ethical and contribute positively.
What motivates hacktivists?
Promote a political or social agenda.
What happened in the 2008 cyber-attacks by Anonymous?
They protested against the Church of Scientology’s censorship.
What is a gray-hat hacker?
Operates without permission but does not intend harm.
What is the impact of unethical behavior in cybersecurity?
Causes financial losses and reputational damage.
What is the role of cybersecurity laws?
Protect against unauthorized access, fraud, and data breaches.
Who does the ECPA affect?
Internet users, law enforcement, ISPs, and companies storing user data.
What does the ECPA prohibit?
Unauthorized interception of emails, phone calls, and online communications.
What must law enforcement obtain to access stored digital communications?
A warrant.
What can the government demand without a full warrant under the ECPA?
Metadata.
What notable case involved Microsoft and the U.S. government?
Microsoft vs. U.S. Government (2013-2018).
What did Microsoft argue in the notable case regarding ECPA?
That ECPA did not apply outside the U.S.
Why is the ECPA significant?
It protects online privacy but has loopholes allowing government surveillance.
What does intellectual property (IP) refer to in cybersecurity?
Creations of the mind that are legally protected from unauthorized use.
What types of creations does IP protect in cybersecurity?
Software, databases, cryptographic methods, and other digital assets.
What are the types of intellectual property protection?
- Copyright
- Patents
- Trademarks
- Trade Secrets
What does copyright protect?
Original works, including software code, digital content, music, books, and films.
How long does copyright protection last?
For the creator’s lifetime + 50 to 100 years.
What must be filed and approved for patent protection?
An application by a government patent office.
How long does patent protection last?
20 years.
What does trademark protection cover?
Distinctive brand elements like logos, names, and slogans.
What is required for trademark protection?
Registration with trademark offices.
How long can trademarks last?
Indefinitely, as long as they are renewed.
What is a trade secret?
Privately held, valuable business information.
What is required for trade secret protection?
No registration required; protection depends on keeping it secret.
What are common types of software licenses?
- Proprietary License
- Open-Source License
- Freeware
- Shareware
What is software piracy?
Unauthorized copying, distribution, or use of software without a legal license.
What is a key requirement of ISO/IEC 27001?
Risk Assessment.
What is the purpose of the NIST Cybersecurity Framework?
Helps organizations identify, protect, detect, respond to, and recover from cyber threats.
What are the five core functions of the NIST Cybersecurity Framework?
- Identify
- Protect
- Detect
- Respond
- Recover
What is the role of an information security professional?
Protect organizations from cyber threats through risk assessment and policy implementation.
What are potential consequences of negligence in cybersecurity?
- Data Breaches
- Financial Penalties
- Loss of Trust
- Legal Action
What does CISSP stand for?
Certified Information Systems Security Professional.
What is the focus of the CISM certification?
Information security governance and compliance.
What does CEH stand for?
Certified Ethical Hacker.
What is the Security+ certification?
Entry-level certification for IT security fundamentals.
