Data security and integrity processes Flashcards

paper 2

You may prefer our related Brainscape-certified flashcards:
1
Q

what do cyber attack vectors do

A

deliver malware/effect a malicious outcome eg obtaining personal data
is a pathway by which a hacker can gain access to computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

virus

A

software which will attempt to spread over the network via infecting emails, removable storage devices etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

trojans

A

similar to virus but hidden in files or programs - when files open trojan is activated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

spyware

A

tracks key presses and software use to send back to hacker
commonly used of identification fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ransom ware

A

software that will delete, collect or encrypt files which they will ransom back

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

botnets

A

creates a back door to your computer allowing a hacker to use it without your permission
they can then use your computer to launch further attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

phishing

A

cybercrime in which target is contacted by someone posing as legitimate institution to lure them into providing sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

accidental damage

A

when employees move, delete or update files which they weren’t supposed to
as they are not predictable they are hard to protect against
tends to happen due to lack of training, insufficient security on key files and fatigue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

black hat hackers

A

break into systems for their own purpose eg financial gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

white hat hackers

A

use skills to break into system to expose flaws and advise on how to fix them (employed by company)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

grey hat hackers

A

white hat hackers that aren’t directly hired by company but perform penetration testing anyway to expose flaws (often for hopes of being hired)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is a contingency plan

A

plan to be enacted should a disaster happen
needs to be created, tested and maintained
needs to consider:
- what data is important
- frequency of backup needed
-can backups be automated
- can operations be moved to cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

components of a contingency plan

A

frequency of backup of systems
data stored off-site in secure location
alternative means of communication just in case
plan for retrieval of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

data security

A

techniques and technology intended to keep data safe from theft/deliberate corruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

data integrity

A

keeping data intact and consistent even in a situation when some data is lost -done by keeping copies of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

security risks to modern systems

A

outside access of files
corruption of data
unauthorised reading/duplication
loss/deliberate deleting

17
Q

symmetric encyrption

A

single key used for both encryption and decryption of data
only trusted parties must know shared secret key

18
Q

symmetric encryption pros

A

quick to set up and easy to execute
faster

19
Q

symmetric encryption con

A

very easy for modern computers to crack using brute force

20
Q

asymmetric encryption

A

2 different keys:
public encryption key to send messages but only recipient has private decryption key to read messages

21
Q

asymmetric pros

A

much more secure as even if message is intercepted it cannot be read + harder to crack key

22
Q

asymmetric cons

A

very complex
much slower than symmetric
keys are harder to generate

23
Q

protection for systems often used

A

-clerical procedures eg removing USB ports to prevent theft of data and virus implantation
- levels of permitted access
- passwords

24
Q

cryptography (encryption)

A

techniques that render data unreadable to anyone beside intended recipient.

25
Q

biometrics

A

the use of unique characteristics of a human body to generate biometric authentication and protect data security
eg facial recognition
finger prints etc

26
Q

fingerprint recognition pros

A

low rate of errors using fingerprint scanner compared to other biometrics
fingerprint unique to each person so good at IDing people
modern tech detects blood flow so fake fingerprints won’t work

27
Q

fingerprint recognition con

A

false negative could come from age, dirt etc

28
Q

iris vs retinal scanners

A

iris reads surface of the iris while retina reads layer of blood vessels behind the eye
retina considered to be more effective as can authenticate those who are blind (or have lack of pigment in iris)
retina is also more invasive as requires person to be very close to scanner

29
Q

voice print recognition

A

measures pauses, accents as well as what they say
used with few authenticated users
errors arise from factors eg background noise

30
Q

biometric pros

A

very hard to replicate data
biometrics cannot be lost, stolen or forgotten like conventional passwords
no one can trick you into revealing your biometric info
faster and easy to identify

31
Q

biometric cons

A

people change over time (aging, illness, injury)
privacy concerns on use of the data
if data is compromised user cannot replace it (eg get new finger)
large amounts of data must be processed and stored for each use

32
Q

penetration testing stages

A

involves trying to break into system by finding vulnerabilities
1. reconnaissance (finding info about system)
2. scanning
3. gaining access
4. maintaining access
5. clearing tracks