Cyber security Flashcards

1
Q

Define Social engineering

A

Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the types of social engineering techniques

A

Phishing
Vishing
Baiting
Email hacking
Pre-texting
Quid pro quo scams
Active digital footprints
Passive digital footprints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Phishing

A

Fraudulent e-mails, text messages or websites that appear to be from trustworthy sources are used to trick victims into revealing sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Vishing

A

Voice phishing uses voice calls, voicemails or interactive voice response (IVR) systems to trick individuals into revealing sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Baiting

A

When an attacker leaves a physical item, such as a USB drive or CD, in a public place with the intention of tricking someone into taking it and using it on their computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Active digital footprints

A

Information that is actively shared online (e.g. through social media) that can be used to build a more successful cyber-attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Email hacking

A

The unauthorised access or manipulation of someone else’s e-mail account or e-mail messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Pre-texting

A

A false scenario or cover story is used to manipulate someone into revealing sensitive information or performing a certain action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Quid pro quo scams

A

When an attacker offers something desirable or valuable to a victim in exchange for sensitive information or access to their computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Passive digital footprints

A

Data or information left behind as a result of online activities, such as browsing history or IP addresses, that can be used to create more convincing social engineering attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the different sectors social engineering is used in

A
  • commerce
  • personal finance and home banking
  • process control.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the different laws in place to protect against social engineering

A

The Computer Misuse Act 1990: This Act makes it a criminal offence to gain unauthorised access to computer systems through hacking, viruses and other forms of cyber-attacks.

The Fraud Act 2006: This Act makes it a criminal offence to carry out deception with the intention of making a gain or causing a loss.

The General Data Protection Regulation (GDPR): This regulation, requires organisations to protect the personal data of individuals and to report data breaches to the ICO within 72 hours.

The Privacy and Electronic Communications Regulations 2003: This regulation regulates the use of electronic communication services, including e-mail, voice calls and text messages. It requires organisations to obtain consent from individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Resilience Controls

A

Cyber resilience is the ability of an organisation to withstand and quickly recover from cyber-attacks, system failures and other security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the consequences of a cyber-attack

A
  • Financial loss
  • Reputational damage
  • Legal liability
  • Intellectual property theft
  • System downtime
  • Long-term damage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the effects of a website being unavailable

A
  • Loss of reputation
  • Loss of competitive advantage
  • Legal and social implications
  • Financial loss
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the impact of damaged software

A
  • System crashes
  • Loss of data
  • Security vulnerabilities
  • Inefficient performance
  • Compatibility issues
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the legal and professional responsibilities

A
  • General Data Protection Regulation (GDPR)
  • Network and Information Systems Regulations (NISR)
  • Adherence to professional standards, such as ISO 2700
  • Responsibility for the protection of personal data
  • Duty of care to ensure the continuity of critical business functions
  • Ensuring the security and confidentiality of sensitive information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Explain how information is temporarily lost

A

The loss of access to information due to technical issues such as power outages and system crashes.

Can usually be restored from backups or through other recovery processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Explain how information is permanently lost

A

The complete and permanent destruction of information that cannot be restored.

Can occur due to physical damage to storage devices, deliberate destruction, or the permanent failure of storage devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the ways to prevent a cyber-attack in a business

A

Boundary firewall and Internet gateway
Staff training
Secure system configuration
Patch management
Malware protection
Access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are some methods of resilience controls for recovery from a cyber attack

A

What if scenarios
Regular backups of data
Planning alternative premises, communication methods and facilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are what if scenarios

A

Allows for preparation and mitigation of a cyber-attack. Hypothetical scenarios allow organisations to plan how they would respond to a cyber-attack and identify vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are Regular backups of data

A

Used in disaster recovery and BCP.
Backups ensure that critical data can be restored in the event of a data loss, minimising the impact on the organisation

24
Q

What is Planning alternative premises, communication methods and facilities

A

Used in Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) to ensure that critical business operations can continue in the event of a cyber-attack

25
Q

What is required to prevent a malicous attack

A

Requires a multi-layered approach that includes security awareness training, regular security updates, penetration testing and incident response planning.

26
Q

Define Black hat hacking

A

A hacker gains unauthorised access to computer systems, networks or data with malicious intent. This type of hacking is illegal and unethical

27
Q

Define Grey hat hacking

A

A grey hat hacker is a computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent.

28
Q

Define White hat hacking

A

White hat hackers are security professionals who identify vulnerabilities and weaknesses in computer systems and networks and report them to the relevant organisations.

29
Q

Define Penetration testing

A

Also known as pen testing, this is a security testing technique used to evaluate the security of a system by simulating an attack. It identifies security vulnerabilities and weaknesses

30
Q

What are the 4 types of security measures

A
  • Encryption
  • Firewalls
  • Antivirus software
  • Hierarchical access levels
31
Q

Define Biometrics

A

The use of unique physiological or behavioural characteristics to identify individuals to provide a reliable means of identification and authentication that is difficult to imitate.

32
Q

What are some examples of biometrics

A
  • fingerprint recognition
  • facial recognition
  • iris recognition
  • voice recognition
  • signature recognition
  • behavioural biometrics.
33
Q

Evaluate biometrics

A

+
Increased security
Convenience
Reduced fraud
Increased accuracy

-
Privacy concerns
Technical limitations
Cost
Bias and discrimination

34
Q

Define Cryptography

A

The practice of securing communication and data through the use of mathematical algorithms. The purpose of cryptography is to protect the confidentiality, integrity and authenticity of data.

35
Q

What are the techniques of cryptography

A
  • Symmetric key cryptography
  • Asymmetric key cryptography
  • Hash functions
  • Digital signatures
  • Steganography
  • Random number generation
  • Quantum cryptography
36
Q

What are some mechanisms to defend against threats and vulnerabilities

A
  • Firewalls
  • Encryption
  • Access control
  • Antivirus software
  • Patches and updates
  • Backups
  • User education and awareness training
  • Network segmentation
  • Intrusion detection and prevention systems
  • Virtual Private Network (VPN) technology
37
Q

What are some range of mechanisms for attacking vulnerabilities

A
  • Brute force attacks
  • SQL injection
  • Cross-Site Scripting (XSS)
  • Remote Code Execution (RCE)
  • Man-in-the-middle (MitM) attacks
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Social engineering
38
Q

Define cyber security

A

How individuals and organisations reduce the risk of cyberattacks, and how to prevent unauthorised access to the personal information we store on our devices and online.

39
Q

What are the risks with online marketing communications

A
  • Spam and unwanted e-mail
  • Phishing and scam attempts
  • Privacy concerns
  • Ad fraud
  • Brand safety
  • Misinformation
40
Q

Define accidental damage

A

Accidental damage is any damage or loss of data that is not intentional. Actions that are intended to cause harm to data are classed as malicious damage.

41
Q

What are the types of accidental damage

A

Human error
Accidental data file deletion
Software corruption
Hardware malfunction
Natural disasters
Power failure

42
Q

What are the types of deliberate damage

A

Malware
Phishing and social engineering
DDoS attacks
SQL injection
Ransomware
Insider threats

43
Q

What are the threats to the privacy of the individual from the use of data mining

A
  • Data breaches
  • Unauthorised data sharing
  • Discrimination
  • Profiling
  • Lack of control
  • Inaccurate data
44
Q

What are the types of malware

A
  • Virus
  • Trojan
  • Worm
  • Ransomware
  • Adware
  • Spyware
  • Rootkit
45
Q

What are the operations of malware

A
  • Data theft
  • System disruption
  • Spamming
  • Crypto jacking
  • Extortion
46
Q

What is the importance of large data sets to the health sector

A

Electronic health records (EHRs), patient data and clinical trial data are used to improve patient care, support medical research and streamline operations.

47
Q

What is the importance of large data sets to Finance sector

A

Transaction data, credit history and market data are used to make informed investment decisions, identify fraud and improve risk management strategies.

48
Q

What is the importance of large data sets to Retail sector

A

Customer data, sales data and supply chain data are used to improve marketing and sales campaigns, optimise supply chain operations and provide personalised customer experiences

49
Q

What are the security problems during online file updates

A
  • Unauthorised access
  • Incomplete updates
  • Man-in-the-middle attacks
  • Denial of service
  • Malicious software
  • Rollback attacks
50
Q

What are the risks of the use of a unique MAC address

A
  • MAC spoofing
  • Privacy concerns
  • Network security
  • Network performance
51
Q

Define MAC address

A

The Media Access Control (MAC) address is a unique identifier assigned to a Network Interface Controller (NIC) for use as a network address in communications within a network segment.

52
Q

Define Blockchain

A

Blockchain is a decentralised, digital ledger that records transactions across a network of computers. It uses cryptography to secure and validate transactions, ensuring that the ledger is tamper-proof

53
Q

How is blockchain technology used in cyber security

A
  • Decentralised identity management
  • Cyber threat intelligence sharing
  • Secure record keeping
  • Data privacy
  • Chain security
  • Cyber insurance
54
Q

How does anti-virus software detect malware

A
  • signature-based detection, which compares the code of a file or program to a database of known malware signatures in order to identify a match
  • heuristic-based detection, which looks for patterns or behaviour that are typical of malware in order to identify new or unknown threats
  • behavioural-based detection monitors the behaviour of a program or process in order to identify malicious activity
55
Q

What is the main purpose of cryptography

A
  • confidentiality: Cryptography is used to protect the confidentiality of data by encrypting it so that it can only be read by authorised parties who possess the proper decryption key.
  • integrity: Cryptography is used to protect the integrity of data by creating a digital signature or a message authentication code, which can be used to detect any unauthorised changes to the data
  • authenticity: Cryptography is used to ensure the authenticity of data by verifying the identity of the sender through the use of digital certificates or public key infrastructure.
56
Q

Define steganography

A

This technique is used to hide a message or other data within another file, such as an image or audio file, in order to conceal its existence