CA8 Flashcards

1
Q

State:

2 examples of what an organisation may store information about

A

2 of:
* Employee salaries
* Employee perks
* Client lists
* Trade secrets
* Sales numbers
* Customer information
* News about pending restructuring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

FIll The Blank:

Information the company stores such as ……….. ……………. and employee ……………….. must be kept confidential because any ……………. relating to this information can have a serious impact leading to possible loss of ……….. or business. This could lead to a downturn in the ………….. of the organisation which may ultimately lead to failure.

A

Trade Secrets, Salaries, Breaches, Clients, Health

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain:

Why it is important that employee salaries and perks are kept confidential

A

Different employees carrying out same task may not be paid the same because of different experience or other factors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Fill The Blank:

A client list may inlude individuals but also named ………………. of other businesses/organisations and should only be accessed by ………………… if abosolutely necessary

A

Representatives, Employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Fill The Blank:

Customer …………………… usually relates to those who buy goods or services and usually includes …………………. details.

A

Information, Personal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Fill The Blank:

If privacy and confidentiality of client lists and customer ………………….. are not maintained, the organisation could lose clients or …………………. and people should expect that any organisation storing their personal data will keep it ………… and ……………… to limit any breaches.

A

Information, Customers, Safe, Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fill The Blank:

The breach of personal data can have an impact on the …………………. and the people whose data has been …………………

A

Organisation, Leaked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Fill The Blank:

Any leak of ……… of a pending restructuring can have an impact on the organisation and its internal and external stakeholders, for example if employees here news that could threaten their job they may ……………

A

News, Leave

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Fill The Blank:

Maximising privacy can be done by using …………… controls, ……………….., authorisation and other security procedures to limit the access to the data and information - important data should also be regularly …………………. up

A

Access, Priveleges, Backed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Fill The Blank:

The impact/s of failing to maintain privacy and confidentiality can be wide ranging but includes ……………….. and …………………………….. impacts

A

Financial, Reputational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

State:

4 possible financial impacts of failing to maintain privacy and confidentiality

A
  • Possible payment of compensation
  • Increased costs to improve security and new computer devices, including installation and maintenance
  • Loss of customers leading to loss of revenue
  • Loss of revenue if, for example, invoices are lost
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

State:

examples of how reputation can be damaged by failing to maintain privacy and confidentiality

A
  • Business no longer seen as trustworthy
  • Business goes to competitors
  • Lost or corrupt data
  • Limited or halted day to day function - because data is required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define:

Cyber Security

A

The practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Fill The Blank:

Every business, industry, organisation and individual can be the target of technical ……………. and every digital system can have ………………………..

A

Threats, Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

State:

3 examples of possible technical threats a system could face

A

3 of:
* botnets
* DDoS
* hacking
* Malware
* Social engineering
* Insecure APIs
* Use of ad hoc or open networks
* Eavesdropping/man-in-the-middle attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fill The Blank:

An API is the ………………. that enables two, or more different software applications to …………………….

A

Interface, Communicate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Fill The Blank:

Over time APIs can become ……………… and this can lead to vulnerability that can be …………………

A

Unsecure, Exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Fill The Blank:

Most data is interconnected, and if one ……. is insecure then it can lead to a …………………. which can also lead to a higher risk of threat to everything this …… interacts with

A

API, Vulnerability, API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Explain:

A wireless ad hoc website (WANET)

A

A network that is created without a wireless router or an access point and the devices in the network communicate directly with each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

State:

2 main problems with ad hoc networks

A
  • Slow data transmission rate
  • Minimal security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Explain:

How a man in the middle attack works

A

When a hacker places themselves in the middle of a communication between two digital devices and/or the users to attempt to steal data and information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Fill The Blank:

An attacker may steal financial ……….. or ……..-…. details which may be posted to the …………. …….. where they can be bought and used by other attackers

A

Data, Log-in, Dark Net

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define:

Hacker

A

Someone who uses computers to gain unauthorised access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Define:

Dark Net

A

Networks that are not indexed by search engines; they can only be accessed by people with the relevant credentials and authorisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Fill The Blank:

Some companys run vulnerability testing (aka …………………… testing) when the digital system is being created and ………………

A

Vulnerability, Penetration, Installed

26
Q

Fill The Blank:

………………….. testing when the computer system is running to identify …………………. and steps can be taken to close them before an attack is successful

A

Vulnerability, Vulnerability

27
Q

Fill The Blank:

The biggest threat to digital systems is the ………… so they must be made aware of the vulnerabilities so that they do not become the start of any issues

A

User

28
Q

State:

The 2 categories that physical threats can be split into

A
  • Internal
  • External
29
Q

Explain:

Two factors affecting the location of physical systems and how these could be mitigated against

Internal Threats

A
  • Area with limited flammable material to limit fire risk (fire alarm system should be installed)
  • Low humidity/ventilation because heat can become humidity and components can corrode or be damaged to the point of not working as intended - Climate controlled area to regulate humidity and temperature
30
Q

Fill The Blanks:

The ………….. of digital systems should also be considered as this can also be a ……………………..

Internal Threats

A

Layout, Vulnerability

31
Q

State:

3 examples of physical threats to a system that link to the layout

Internal Threats

A

3 of:
* Door access codes not being updated regularly
* Using simple access codes such as 1234
* Reusing access codes on a rotation basis
* Lack of monitoring of access to secure areas
* Unnecessary access to secure areas

32
Q

Fill The Blank:

When a digital system is installed it can be assumed the hardware and software will be up to date and can be classed as ……………..

Internal Threats

A

Robust

33
Q

Fill The Blank:

Over a systems lifetime …………….. must be carried out. Eventually software will be become …………….. or (possibly earlier on) be classed as ……………….. software because there is limited support for interaction with ……………… applications

Internal Threats

A

Maintenance, Obsolete, Legacy, Modern

34
Q

Fill The Blank:

If software has become legacy software, it may be chosen to replace it with an up-to-date …………….. which will impact the business; how will ………. be stored during the transfer?

Internal Threats

A

Version, Data

35
Q

Fill The Blank:

Hardware can become outdated because of outdated ………………… or a reduction in ……………………

Internal Threats

A

Firmware, Performance

36
Q

Define:

Mitigate

Internal Threats

A

If you mitigate against something, you take steps to reduce the likelihood of it happening, or to reduce its impact if it does happen

37
Q

Define:

Humidity

Internal Threats

A

Amount of water vapour in the air. Higher humidity means more water in the air

38
Q

Define:

Firmware

Internal Threats

A

Code, added at time of manufacturing, written to a hardware device’s non-volatile memory - software that allows hardware to run

39
Q

Fill The Blank:

How a digital system and ……….. are used could lead to a …………..

Internal Threats

A

Data, Threat

40
Q

Fill The Blank:

Using business devices on unsecured …………. can leave employees vulnerable to attacks

Internal Threats

A

Hotspots

41
Q

Fill The Blank:

Some risk is mitigated through an …….. (if employees follow it) but there is the risk that a ……………………… employee could pose a threat to the hardware and software of the digital system.

Internal Threats

A

AUP, Disgruntled

42
Q

Expain:

2 natural disasters and briefly how they could impact digital systems

External Threats

A
  • Earthquake could stop internet
  • Floods or tsunamis could destroy and wash away buildings
  • Lightning strikes cause surge or spike in electricity supply
43
Q

State:

2 potential impacts of a natural disaster on digital systems

A
  • Any natural disaster could destroy backups
  • Power failure as potential after affects limiting access to data

This is not an extensive list

44
Q

State:

4 human threats

A
  • Human error
  • Malicious employees
  • Disguised criminals
  • Targeted attack
45
Q

Fill The Blank:

Human threats may be caused by ………………… intent, …………………… or be accidental.

A

Malicious, Negligence

46
Q

Fill The Blank:

Human error can lead to an accidental loss of ……. - the ……. itself rather than a backup

A

Data, Data

47
Q

State:

2 examples of human error

A

2 of:
* Accidentally deleting a file containing the data, or shredding the final hard copy of a data file
* Saving files and folders to a different location
* Sending emails to the wrong recipients with attachments containing data
* Accidentally making changes in documents

48
Q

State:

2 ways that a company can attempt to minimise the chance of an employee making an error

A

2 of:
* Regular employee training
* High profile reminders to employees
* Ensuring all policies and procedures are read and understood by employees

49
Q

State:

Another name for malicious employees

A

Turncloaks

50
Q

Fill The Blank:

Malicious ……………. typically user their access details in a malicious and deliberate way to steal ……………………… and ………… for financial or ………………. reasons

A

Employees, Information, Data, Personal

51
Q

Fill The Blank:

An employee may become malicious due to a …………….. engineering attack

A

Social

52
Q

Fill The Blank:

A malicious employee who has exited the company and holds a grudge could be difficult to trace because they usually are familiar with ………………………….. and any ………………………

A

Procedures, Vulnerabilities

53
Q

State:

3 things cyber security attempts to do

A
  • Act as a deterrent against attackers and hackers
  • Prevent an attack from happening
  • Detect and warn users of the digital systems that an attack is happening
54
Q

State:

Main purpose of cyber security

A

Maintain the confidentiality, integrity and availability (CIA) of digital systems, data and information

55
Q

Define:

Confidentiality

A

Digital systems , data and information resources are protected from unauthorised viewing and access (hacking)

56
Q

Define:

Integrity

A

Means that data is protected from unauthorised changes to ensure that it is reliable and correct

57
Q

Define:

Availability

A

Unauthorised users have access to the digital system, data and information they require

58
Q

Fill The Blank:

The CIA traid shows the ………………….. between the three parts of cyber security, and although they work together they also go against each other when deciding which types of ……………… to use.

A

Relationships, Mitigation

59
Q

Fill The Blank:

……………. aims to protect digital systems, ……….. and information. Part of this is to ensure these are not ………………….. if/when a critical threat happens

A

Security, Data, Compromised

60
Q

Fill The Blank:

Use of …………. means the threat being successful is reduced and identified …………………… of the digital system, data, information and people will also be reduced

A

Security, Vulnerabilities

61
Q

Fill The Blank:

Security must be used to maintain the CIA …….. where there is a strong relationship between all the components and security, this …………….. the chance of any component being compromised

A

Triad, Reduces