Cyber Ethics and Policy Management (Lecture 2) Flashcards

1
Q

What is Risk Management?

A

A process of identifying factors damaging or disclosing data

To sustain a secure environment

To develop and implement information security strategies to reduce risk and support the organisational mission and objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is professionalism?

A

Acting to meet the standards set by a profession in terms of individual conduct, competence and integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the CIA Triad?

A

Forms the basis of Information Security and stands for Confidentiality, Integrity and Availability.

Also includes Authentication and Nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain what each of the 3 CIA components mean

A

Confidentiality ensures only authorised users have access to information. For it to be maintained on a network data must be protected from unauthorised access or disclosure while stored, in process and in transit

Integrity provides assurances that the information is accurate and not changed by unauthorised users. Controls must be in place to restrict access to data and resources. Activity logging should be employed to ensure only authorised users can access their respective resources

Availability provides that there is timely, reliable access to the information to those who have authorised access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is COBIT?

A

Control Objectives for Information and related Technologies

Provides a framework for good practice and enables clear policy development and puts an emphasis on regulatory compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What challenges are faced with Information Security? (5)

A

Privacy

Data breaches

Identification of threats and vulnerabilities

Risk assessments

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a policy?

A

A policy is a business requirement on actions or processes performed by an organisation.

Security policies require placement of controls in processes specific to the system

COBIT 5 specifically relates to Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does good security policy management consist of? (9)

A
Standards
Policies
Risk frameworks
Legislation
Guidelines
Codes of practice/conduct
Professional Ethics
Codes of Ethics (ACM)

Enforcement of policies, codes and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

List some challenges in Security Policy Management?

A

Complex technologies create more vulnerabilities and disruptions especially with more reliance on it

Cost of keeping up to date with technology

Keeping policies up to date

Technical and human challenges faced with implementing policies

Understanding the risks

Enforcement issues

Struggle between government control and individual rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name some current and future challenges with Cloud technology (6)

A

Landscape of cyberspace constantly changing

Artificial Intelligence

Internet of Things

Terrorist threats

Cyber bullying and social media

Cryptowar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What should assist practitioners in maintaining professional standards?

A

Formal Codes of Conduct

Codes of Ethics

Organisational Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What groups create policy

A

World Wide Web Consortium - International standards setting body

Internet Engineering Task Force (IETF) - develops technical standards such as communication protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can cause breaches in Confidentiality (5)

A

failing to properly encrypt a transmission

failing to authenticate a remote system before transferring data

leaving open otherwise secure access points

accessing malicious code which opens a backdoor

documents left on printers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of attacks focus on violating confidentially? (5)

A

Capturing network traffic

Stealing password files

Social engineering

Port scanning

Sniffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of attacks focus on violating integrity (5)

A

viruses

logic bombs

Unauthorised access

errors in coding and applications

malicious modification or replacement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Nonrepudiation?

A

It ensures that the subject of an activity or event cannot deny that the event occurred.

Prevents someone from claiming not to have sent a message or performed an action

17
Q

How is Nonrepudiation maintained?

A

Through identification, authentication, authorisation, accountability and auditing.

Established using digital certificates, session identifiers, transaction logs and other access control mechanisms

18
Q

Why is Nonrepudiation essential for accountability?

A

If someone can repudiate your evidence then they cannot be held accountable

19
Q

Why is accountability important in an organisations security policy?

A

It can only be enforced if accountability is maintained

Effective accountability relies on being able to prove a person’s identity and track their activities

20
Q

How is accountability maintained?

A

By linking a person to the activities of an online identity through the security services and by using auditing, authorisation, authentication and identification