Chapter #6

Question 1

The expressions computer security and cybersecurity generally refer to computer/cyber-related concerns affecting the following topics:

Answer 1

reliability,
availability,
accessibility,
system safety,
data integrity,
confidentiality,
privacy.

Question 2

Computer security can be defined in terms of three elements:

Answer 2

confidentiality, confidentiality focuses on protecting against “unauthorized persons gaining access to unauthorized information.”

integrity, integrity can be understood as “preventing an attacker from modifying data.”

accessibility, accessibility has to do with “making sure that resources are available for authorized users.”

Question 3

Computer Security Issues as Distinct from Computer Crime (read)

Answer 3

Some cyber/computer-related crimes have no direct implications for cyber/computer security.
Consider, for example, that someone can use a computer or an electronic device to:
make unauthorized copies of software programs;
stalk a victim in cyberspace;
bully someone online;
elicit sex with young children;
distribute child pornography;
None of these (criminal) acts are a direct result of insecure computer systems.

Question 4

Cyber-related security concerns (unlike those of privacy) typically arise because of either:(Concerns of the people to be specific)

Answer 4

1. fears that many individuals and organizations have that their data could be accessed by those who have no legitimate need for, or right to, such information;
2. worries that personal data or proprietary information, or both, could be retrieved and possibly altered by individuals and organizations who are not authorized to access that data.

Question 5

Three Aspects of Cybersecurity:

Answer 5

Data, System, and Network Security

unauthorized access to data, which either is resident in or exchanged between computer systems (i.e., data security);

attacks on system resources (such as computer hardware, operating system software, and application software) by malicious computer programs (i.e., system security);

attacks on computer networks, including the infrastructure of privately owned networks and the Internet itself (i.e., network security).

Question 6

Data Security:

Answer 6

Data security is concerned with vulnerabilities pertaining to unauthorized access to data that can either:

1. reside in one or more computer storage devices,
2. be exchanged between two or more computer systems.

Data-security issues affect the confidentiality, integrity, and availability of that information

Question 7

System Security

Answer 7

System security is concerned with vulnerabilities to system resources such as computer hardware, operating system software, and application software.

It is also concerned with various kinds of viruses, worms, and related “malicious programs” that can disrupt and sometimes destroy computer systems.

Question 8

Viruses and Worms

Answer 8

A virus is a
self-replicating piece of software code that “attaches itself to other programs and usually requires human action to propagate.”

A worm is a
self-replicating piece of code that “spreads via networks and usually doesn’t require human interaction to propagate.”

Question 9

Malware

Answer 9

“software designed to produce, damage, or provide unauthorized access to computers or computer systems.” (This would include viruses and worms)

viruses,
worms,
Trojan horses,
logic bombs,
(at least some forms of) “spyware”.

Question 10

Network Security

Answer 10

is concerned with securing a wide range of computer networks – i.e., from privately owned computer networks (such as LANs and WANs) to the Internet itself – against various kinds of attacks.

The Internet’s infrastructure, which includes the set of protocols that makes communication across individual (or privately owned) computer networks possible, has been the victim of several attacks.

Question 11

Cloud Computing

Answer 11

…a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services).

Question 12

The NIST definition of cloud computing :Deployment models include the:

Answer 12

Private Cloud,
Community Cloud,
Public Cloud,
Hybrid Cloud.

Question 13

The NIST definition of cloud computing :Service models include the:

Answer 13

Software as a Service (or SaaS),
Platform as a Service (PaaS),
Infrastructure as a Service (IaaS).

Question 14

Cloud Storage Concerns

Answer 14

One concern has to do with how users can control their data stored in the cloud – e.g., at present, users have very little control over or direct knowledge about how their information is transmitted, processed, or stored.

A second concern involves the integrity of the data – for example, if the host company goes out of business, what happens to the users’ data?

A third kind of concern affects questions about access to the data – i.e., can the host deny a user access to his/her own data?

A fourth concern has to do with who actually “owns” the data that is stored in the cloud.

Question 15

Many businesses worry about turning over their data to third parties. What are their three concerns?

Answer 15

accidental loss of data,
fear of hacking attacks,
theft by “rogue employees of cloud providers.”

Question 16

An ethical analysis of cybersecurity issues needs to consider whether an appropriate balance can be found in preserving both:

Answer 16

adequately secure computer systems;
autonomy and privacy for computer users.

Question 17

Hackers

Answer 17

Individuals and groups that launch malicious programs of various kinds are commonly described in the media as hackers.

A hacker is anyone who “accesses a computer system or network without authorization from the owner”

Question 18

“True computer hackers”

Answer 18

individuals who play with computers for the “pure intellectual challenge” and as “master programmers, incorruptibly honest, unmotivated by money, and careful not to harm anyone.”

Question 19

Hacker Ethic” holds the following beliefs:

Answer 19

Access to computers should be unlimited and total.
All information should be free.

Mistrust Authority - Promote Decentralization.

Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.

You can create art and beauty on a computer.

Computers can change life for the better.

Question 20

Cyberterrorism

Answer 20

is the “convergence of cyberspace and terrorism.”

Cyberterrorism covers a range of politically motivated hacking operations intended to cause grave harm that can result in either loss of life or severe economic loss, or both.

Question 21

Hacktivism

Answer 21

is the convergence of activism and computer hacking.

It uses hacking techniques against a target Internet site with intent to disrupt normal operations, but without intending to cause serious damage.

Question 22

For an act to qualify as “civilly disobedient,” it must satisfy the following conditions:

Answer 22

No damage done to persons or property;
Nonviolent;
Not for personal profit;
Ethical motivation – the strong conviction that a law is unjust, or unfair, to the extreme detriment of the common good;
Willingness to accept personal responsibility for the outcome of actions.

Question 23

Activism

Answer 23

includes the normal, non-disruptive use of the Internet to support a cause.

For example, an activist could use the Internet to discuss issues, form coalitions, and plan and coordinate activities.

Question 24

Information Warfare

Answer 24

is “operations that target or exploit information media in order to win some objective over an adversary.”

Certain aspects of cyberterrorism also seem to conform to the definition of IW, but IW is a broader concept than cyberterrorism.
For example, IW need not involve loss of life or severe economic loss, even if such results can occur.