CA8

Question 1

State:

2 examples of what an organisation may store information about

Answer 1

2 of:
* Employee salaries
* Employee perks
* Client lists
* Trade secrets
* Sales numbers
* Customer information
* News about pending restructuring

Question 2

FIll The Blank:

Information the company stores such as ……….. ……………. and employee ……………….. must be kept confidential because any ……………. relating to this information can have a serious impact leading to possible loss of ……….. or business. This could lead to a downturn in the ………….. of the organisation which may ultimately lead to failure.

Answer 2

Trade Secrets, Salaries, Breaches, Clients, Health

Question 3

Explain:

Why it is important that employee salaries and perks are kept confidential

Answer 3

Different employees carrying out same task may not be paid the same because of different experience or other factors

Question 4

Fill The Blank:

A client list may inlude individuals but also named ………………. of other businesses/organisations and should only be accessed by ………………… if abosolutely necessary

Answer 4

Representatives, Employees

Question 5

Fill The Blank:

Customer …………………… usually relates to those who buy goods or services and usually includes …………………. details.

Answer 5

Information, Personal

Question 6

Fill The Blank:

If privacy and confidentiality of client lists and customer ………………….. are not maintained, the organisation could lose clients or …………………. and people should expect that any organisation storing their personal data will keep it ………… and ……………… to limit any breaches.

Answer 6

Information, Customers, Safe, Secure

Question 7

Fill The Blank:

The breach of personal data can have an impact on the …………………. and the people whose data has been …………………

Answer 7

Organisation, Leaked

Question 8

Fill The Blank:

Any leak of ……… of a pending restructuring can have an impact on the organisation and its internal and external stakeholders, for example if employees here news that could threaten their job they may ……………

Answer 8

News, Leave

Question 9

Fill The Blank:

Maximising privacy can be done by using …………… controls, ……………….., authorisation and other security procedures to limit the access to the data and information - important data should also be regularly …………………. up

Answer 9

Access, Priveleges, Backed

Question 10

Fill The Blank:

The impact/s of failing to maintain privacy and confidentiality can be wide ranging but includes ……………….. and …………………………….. impacts

Answer 10

Financial, Reputational

Question 11

State:

4 possible financial impacts of failing to maintain privacy and confidentiality

Answer 11

• Possible payment of compensation
• Increased costs to improve security and new computer devices, including installation and maintenance
• Loss of customers leading to loss of revenue
• Loss of revenue if, for example, invoices are lost

Question 12

State:

examples of how reputation can be damaged by failing to maintain privacy and confidentiality

Answer 12

• Business no longer seen as trustworthy
• Business goes to competitors
• Lost or corrupt data
• Limited or halted day to day function - because data is required

Question 13

Define:

Cyber Security

Answer 13

The practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks

Question 14

Fill The Blank:

Every business, industry, organisation and individual can be the target of technical ……………. and every digital system can have ………………………..

Answer 14

Threats, Vulnerabilities

Question 15

State:

3 examples of possible technical threats a system could face

Answer 15

3 of:
* botnets
* DDoS
* hacking
* Malware
* Social engineering
* Insecure APIs
* Use of ad hoc or open networks
* Eavesdropping/man-in-the-middle attacks

Question 16

Fill The Blank:

An API is the ………………. that enables two, or more different software applications to …………………….

Answer 16

Interface, Communicate

Question 17

Fill The Blank:

Over time APIs can become ……………… and this can lead to vulnerability that can be …………………

Answer 17

Unsecure, Exploited

Question 18

Fill The Blank:

Most data is interconnected, and if one ……. is insecure then it can lead to a …………………. which can also lead to a higher risk of threat to everything this …… interacts with

Answer 18

API, Vulnerability, API

Question 19

Explain:

A wireless ad hoc website (WANET)

Answer 19

A network that is created without a wireless router or an access point and the devices in the network communicate directly with each other

Question 20

State:

2 main problems with ad hoc networks

Answer 20

• Slow data transmission rate
• Minimal security

Question 21

Explain:

How a man in the middle attack works

Answer 21

When a hacker places themselves in the middle of a communication between two digital devices and/or the users to attempt to steal data and information

Question 22

Fill The Blank:

An attacker may steal financial ……….. or ……..-…. details which may be posted to the …………. …….. where they can be bought and used by other attackers

Answer 22

Data, Log-in, Dark Net

Question 23

Define:

Hacker

Answer 23

Someone who uses computers to gain unauthorised access to data

Question 24

Define:

Dark Net

Answer 24

Networks that are not indexed by search engines; they can only be accessed by people with the relevant credentials and authorisation

Question 25

# Fill The Blank: Some companys run vulnerability testing (aka ........................ testing) when the digital system is being created and ..................

Answer 25

Vulnerability, Penetration, Installed

Question 26

# Fill The Blank: ....................... testing when the computer system is running to identify ...................... and steps can be taken to close them before an attack is successful

Answer 26

Vulnerability, Vulnerability

Question 27

# Fill The Blank: The biggest threat to digital systems is the ............ so they must be made aware of the vulnerabilities so that they do not become the start of any issues

Answer 27

User

Question 28

# State: The 2 categories that physical threats can be split into

Answer 28

* Internal * External

Question 29

# Explain: Two factors affecting the location of physical systems and how these could be mitigated against | Internal Threats

Answer 29

* Area with limited flammable material to limit fire risk (fire alarm system should be installed) * Low humidity/ventilation because heat can become humidity and components can corrode or be damaged to the point of not working as intended - Climate controlled area to regulate humidity and temperature

Question 30

# Fill The Blanks: The .............. of digital systems should also be considered as this can also be a .......................... | Internal Threats

Answer 30

Layout, Vulnerability

Question 31

# State: 3 examples of physical threats to a system that link to the layout | Internal Threats

Answer 31

3 of: * Door access codes not being updated regularly * Using simple access codes such as 1234 * Reusing access codes on a rotation basis * Lack of monitoring of access to secure areas * Unnecessary access to secure areas

Question 32

# Fill The Blank: When a digital system is installed it can be assumed the hardware and software will be up to date and can be classed as ................. | Internal Threats

Answer 32

Robust

Question 33

# Fill The Blank: Over a systems lifetime ................. must be carried out. Eventually software will be become ................. or (possibly earlier on) be classed as .................... software because there is limited support for interaction with .................. applications | Internal Threats

Answer 33

Maintenance, Obsolete, Legacy, Modern

Question 34

# Fill The Blank: If software has become legacy software, it may be chosen to replace it with an up-to-date ................. which will impact the business; how will .......... be stored during the transfer? | Internal Threats

Answer 34

Version, Data

Question 35

# Fill The Blank: Hardware can become outdated because of outdated ..................... or a reduction in ........................ | Internal Threats

Answer 35

Firmware, Performance

Question 36

# Define: Mitigate | Internal Threats

Answer 36

If you mitigate against something, you take steps to reduce the likelihood of it happening, or to reduce its impact if it does happen

Question 37

# Define: Humidity | Internal Threats

Answer 37

Amount of water vapour in the air. Higher humidity means more water in the air

Question 38

# Define: Firmware | Internal Threats

Answer 38

Code, added at time of manufacturing, written to a hardware device's non-volatile memory - software that allows hardware to run

Question 39

# Fill The Blank: How a digital system and ........... are used could lead to a .............. | Internal Threats

Answer 39

Data, Threat

Question 40

# Fill The Blank: Using business devices on unsecured ............. can leave employees vulnerable to attacks | Internal Threats

Answer 40

Hotspots

Question 41

# Fill The Blank: Some risk is mitigated through an ........ (if employees follow it) but there is the risk that a ........................... employee could pose a threat to the hardware and software of the digital system. | Internal Threats

Answer 41

AUP, Disgruntled

Question 42

# Expain: 2 natural disasters and briefly how they could impact digital systems | External Threats

Answer 42

* Earthquake could stop internet * Floods or tsunamis could destroy and wash away buildings * Lightning strikes cause surge or spike in electricity supply

Question 43

# State: 2 potential impacts of a natural disaster on digital systems

Answer 43

* Any natural disaster could destroy backups * Power failure as potential after affects limiting access to data *This is not an extensive list*

Question 44

# State: 4 human threats

Answer 44

* Human error * Malicious employees * Disguised criminals * Targeted attack

Question 45

# Fill The Blank: Human threats may be caused by ..................... intent, ........................ or be accidental.

Answer 45

Malicious, Negligence

Question 46

# Fill The Blank: Human error can lead to an accidental loss of ....... - the ....... itself rather than a backup

Answer 46

Data, Data

Question 47

# State: 2 examples of human error

Answer 47

2 of: * Accidentally deleting a file containing the data, or shredding the final hard copy of a data file * Saving files and folders to a different location * Sending emails to the wrong recipients with attachments containing data * Accidentally making changes in documents

Question 48

# State: 2 ways that a company can attempt to minimise the chance of an employee making an error

Answer 48

2 of: * Regular employee training * High profile reminders to employees * Ensuring all policies and procedures are read and understood by employees

Question 49

# State: Another name for malicious employees

Answer 49

Turncloaks

Question 50

# Fill The Blank: Malicious ................ typically user their access details in a malicious and deliberate way to steal ........................... and ............ for financial or ................... reasons

Answer 50

Employees, Information, Data, Personal

Question 51

# Fill The Blank: An employee may become malicious due to a ................. engineering attack

Answer 51

Social

Question 52

# Fill The Blank: A malicious employee who has exited the company and holds a grudge could be difficult to trace because they usually are familiar with ................................ and any ...........................

Answer 52

Procedures, Vulnerabilities

Question 53

# State: 3 things cyber security attempts to do

Answer 53

* Act as a deterrent against attackers and hackers * Prevent an attack from happening * Detect and warn users of the digital systems that an attack is happening

Question 54

# State: Main purpose of cyber security

Answer 54

Maintain the confidentiality, integrity and availability (CIA) of digital systems, data and information

Question 55

# Define: Confidentiality

Answer 55

Digital systems , data and information resources are protected from unauthorised viewing and access (hacking)

Question 56

# Define: Integrity

Answer 56

Means that data is protected from unauthorised changes to ensure that it is reliable and correct

Question 57

# Define: Availability

Answer 57

Unauthorised users have access to the digital system, data and information they require

Question 58

# Fill The Blank: The CIA traid shows the ....................... between the three parts of cyber security, and although they work together they also go against each other when deciding which types of .................. to use.

Answer 58

Relationships, Mitigation

Question 59

# Fill The Blank: ................ aims to protect digital systems, ........... and information. Part of this is to ensure these are not ....................... if/when a critical threat happens

Answer 59

Security, Data, Compromised

Question 60

# Fill The Blank: Use of ............. means the threat being successful is reduced and identified ........................ of the digital system, data, information and people will also be reduced

Answer 60

Security, Vulnerabilities

Question 61

# Fill The Blank: Security must be used to maintain the CIA ........ where there is a strong relationship between all the components and security, this ................. the chance of any component being compromised

Answer 61

Triad, Reduces