Data security and integrity processes

Question 1

what do cyber attack vectors do

Answer 1

deliver malware/effect a malicious outcome eg obtaining personal data
is a pathway by which a hacker can gain access to computer network

Question 2

virus

Answer 2

software which will attempt to spread over the network via infecting emails, removable storage devices etc.

Question 3

trojans

Answer 3

similar to virus but hidden in files or programs - when files open trojan is activated

Question 4

spyware

Answer 4

tracks key presses and software use to send back to hacker
commonly used of identification fraud

Question 5

ransom ware

Answer 5

software that will delete, collect or encrypt files which they will ransom back

Question 6

botnets

Answer 6

creates a back door to your computer allowing a hacker to use it without your permission
they can then use your computer to launch further attacks

Question 7

phishing

Answer 7

cybercrime in which target is contacted by someone posing as legitimate institution to lure them into providing sensitive data.

Question 8

accidental damage

Answer 8

when employees move, delete or update files which they weren’t supposed to
as they are not predictable they are hard to protect against
tends to happen due to lack of training, insufficient security on key files and fatigue

Question 9

black hat hackers

Answer 9

break into systems for their own purpose eg financial gain

Question 10

white hat hackers

Answer 10

use skills to break into system to expose flaws and advise on how to fix them (employed by company)

Question 11

grey hat hackers

Answer 11

white hat hackers that aren’t directly hired by company but perform penetration testing anyway to expose flaws (often for hopes of being hired)

Question 12

what is a contingency plan

Answer 12

plan to be enacted should a disaster happen
needs to be created, tested and maintained
needs to consider:
- what data is important
- frequency of backup needed
-can backups be automated
- can operations be moved to cloud

Question 13

components of a contingency plan

Answer 13

frequency of backup of systems
data stored off-site in secure location
alternative means of communication just in case
plan for retrieval of data

Question 14

data security

Answer 14

techniques and technology intended to keep data safe from theft/deliberate corruption

Question 15

data integrity

Answer 15

keeping data intact and consistent even in a situation when some data is lost -done by keeping copies of data

Question 16

security risks to modern systems

Answer 16

outside access of files
corruption of data
unauthorised reading/duplication
loss/deliberate deleting

Question 17

symmetric encyrption

Answer 17

single key used for both encryption and decryption of data
only trusted parties must know shared secret key

Question 18

symmetric encryption pros

Answer 18

quick to set up and easy to execute
faster

Question 19

symmetric encryption con

Answer 19

very easy for modern computers to crack using brute force

Question 20

asymmetric encryption

Answer 20

2 different keys:
public encryption key to send messages but only recipient has private decryption key to read messages

Question 21

asymmetric pros

Answer 21

much more secure as even if message is intercepted it cannot be read + harder to crack key

Question 22

asymmetric cons

Answer 22

very complex
much slower than symmetric
keys are harder to generate

Question 23

protection for systems often used

Answer 23

-clerical procedures eg removing USB ports to prevent theft of data and virus implantation
- levels of permitted access
- passwords

Question 24

cryptography (encryption)

Answer 24

techniques that render data unreadable to anyone beside intended recipient.

Question 25

biometrics

Answer 25

the use of unique characteristics of a human body to generate biometric authentication and protect data security
eg facial recognition
finger prints etc

Question 26

fingerprint recognition pros

Answer 26

low rate of errors using fingerprint scanner compared to other biometrics
fingerprint unique to each person so good at IDing people
modern tech detects blood flow so fake fingerprints won’t work

Question 27

fingerprint recognition con

Answer 27

false negative could come from age, dirt etc

Question 28

iris vs retinal scanners

Answer 28

iris reads surface of the iris while retina reads layer of blood vessels behind the eye
retina considered to be more effective as can authenticate those who are blind (or have lack of pigment in iris)
retina is also more invasive as requires person to be very close to scanner

Question 29

voice print recognition

Answer 29

measures pauses, accents as well as what they say
used with few authenticated users
errors arise from factors eg background noise

Question 30

biometric pros

Answer 30

very hard to replicate data
biometrics cannot be lost, stolen or forgotten like conventional passwords
no one can trick you into revealing your biometric info
faster and easy to identify

Question 31

biometric cons

Answer 31

people change over time (aging, illness, injury)
privacy concerns on use of the data
if data is compromised user cannot replace it (eg get new finger)
large amounts of data must be processed and stored for each use

Question 32

penetration testing stages

Answer 32

involves trying to break into system by finding vulnerabilities
1. reconnaissance (finding info about system)
2. scanning
3. gaining access
4. maintaining access
5. clearing tracks