Data security and integrity processes Flashcards
paper 2
what do cyber attack vectors do
deliver malware/effect a malicious outcome eg obtaining personal data
is a pathway by which a hacker can gain access to computer network
virus
software which will attempt to spread over the network via infecting emails, removable storage devices etc.
trojans
similar to virus but hidden in files or programs - when files open trojan is activated
spyware
tracks key presses and software use to send back to hacker
commonly used of identification fraud
ransom ware
software that will delete, collect or encrypt files which they will ransom back
botnets
creates a back door to your computer allowing a hacker to use it without your permission
they can then use your computer to launch further attacks
phishing
cybercrime in which target is contacted by someone posing as legitimate institution to lure them into providing sensitive data.
accidental damage
when employees move, delete or update files which they weren’t supposed to
as they are not predictable they are hard to protect against
tends to happen due to lack of training, insufficient security on key files and fatigue
black hat hackers
break into systems for their own purpose eg financial gain
white hat hackers
use skills to break into system to expose flaws and advise on how to fix them (employed by company)
grey hat hackers
white hat hackers that aren’t directly hired by company but perform penetration testing anyway to expose flaws (often for hopes of being hired)
what is a contingency plan
plan to be enacted should a disaster happen
needs to be created, tested and maintained
needs to consider:
- what data is important
- frequency of backup needed
-can backups be automated
- can operations be moved to cloud
components of a contingency plan
frequency of backup of systems
data stored off-site in secure location
alternative means of communication just in case
plan for retrieval of data
data security
techniques and technology intended to keep data safe from theft/deliberate corruption
data integrity
keeping data intact and consistent even in a situation when some data is lost -done by keeping copies of data