Digital Security Risks Flashcards
It refers to potential threats and vulnerabilities that could compromise the confidentiality, integrity, or availability of data, systems, or networks.
These risks can stem from various sources, such as malicious attacks, human errors, or software vulnerabilities.
Digital Security Risks
Types of Digital Security Risks
- Malware
- Viruses
- Worms
- Trojan Horses
- Ransomware
- Spyware
- Adware
- Phishing
- Social Engineering
- Data Breaches
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
- Man-in-the-Middle (MitM) Attacks
- Zero-Day Exploits
- Brute Force Attacks
- Insider Threats
Malicious software designed to harm or exploit systems.
Malware
Attaches itself to legitimate software and spreads to other files.
Viruses
Self-replicating malware that spreads without needing a host file.
Worms
Disguised as legitimate software but performs malicious activities.
Trojan Horses
Encrypts a user’s files and demands payment for their release.
Ransomware
Collects sensitive information without the user’s knowledge.
Spyware
Automatically delivers unwanted ads.
Adware
Fraudulent attempts to obtain sensitive information (such as usernames, passwords, and credit card details) by disguising as a trustworthy entity in electronic communications (e.g., email, SMS).
Phishing
Manipulating individuals into divulging confidential or personal information, often through deceptive tactics like posing as a trusted person or authority.
Social Engineering
Unauthorized access to confidential data, which may lead to loss of sensitive information such as personal data, intellectual property, or financial information.
Data Breaches
Overloading a network or server with excessive requests to make it unavailable to legitimate users.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
A hacker intercepts and potentially alters the communication between two parties without their knowledge.
Man-in-the-Middle (MitM) Attacks
Exploiting software vulnerabilities that the software vendor is unaware of or has not yet patched.
Zero-Day Exploits
Attempts to crack passwords or encryption keys by trying all possible combinations.
Brute Force Attacks
Employees or contractors who intentionally or unintentionally compromise the security of an organization from within.
Insider Threats
These are actions carried out by malicious actors intending to disrupt, damage, or gain unauthorized access to computer systems or networks.
Internet and Network Attacks
Common Types of Network Attacks
- Packet Sniffing
- Spoofing
- IP Spoofing
- DNS Spoofing
- SQL Injection
- Cross-Site Scripting (XSS)
- Password Attacks
- Dictionary Attacks
- Rainbow Table Attacks
- Botnets
- Session Hijacking
- DNS Attacks
Intercepting and capturing packets of data as they travel through the network. Tools like Wireshark are used to analyze network traffic.
Packet Sniffing
Pretending to be another entity by falsifying data to gain access to systems or resources.
Spoofing
Modifying the IP address in packets to hide the identity of the attacker.
IP Spoofing
Redirecting traffic to a malicious website by corrupting DNS data.
DNS Spoofing
Inserting malicious SQL queries into web forms to manipulate or retrieve data from a database.
SQL Injection
Injecting malicious scripts into a website, which then executes on a user’s browser, potentially stealing data or performing actions on behalf of the user.
Cross-Site Scripting (XSS)
Attempting to gain unauthorized access by cracking passwords.
Password Attacks
Using a list of known passwords to attempt access.
Dictionary Attacks
Precomputed hash tables used to reverse cryptographic hash functions.
Rainbow Table Attacks
Networks of infected computers (bots) under the control of an attacker. These are used to launch coordinated attacks, such as DDoS attacks, or send spam.
Botnets
Taking control of a user’s active session by stealing session cookies or tokens.
Session Hijacking
Manipulating the Domain Name System to redirect users to malicious websites or disrupt the functioning of a network.
DNS Attacks
Digital Ethics Issues
- Privacy
- Intellectual Property
- Censorship
- Digital Divide
- Cyberbullying
- Social Manipulation
- Automation and AI Ethics
- Digital Ownership and Control
Balancing the need for data collection (e.g., for security or marketing) with the individual’s right to privacy. Issues arise from government surveillance, corporate data mining, and social media platforms collecting user data.
Privacy
Digital content (software, music, movies) is easily copied and distributed, raising concerns about copyright infringement, fair use, and plagiarism.
Intellectual Property
Governments or organizations may restrict access to certain content (e.g., political, religious, or controversial materials).
This can be seen as a violation of freedom of expression.
Censorship
The gap between those who have access to modern technology and the internet and those who do not.
This inequality impacts education, job opportunities, and economic development.
Digital Divide
The use of digital platforms to harass, threaten, or humiliate others. Social media has amplified the reach and intensity of this incidents.
Cyberbullying
The use of digital platforms to spread misinformation, fake news, or propaganda to influence public opinion, elections, or social movements.
Social Manipulation
The increasing use of artificial intelligence raises questions about job displacement, bias in decision-making algorithms, and the responsibility for decisions made by machines.
Automation and AI Ethics
Who owns and controls the data that users create? Should users have full control over their digital footprint, or do companies and platforms have rights over the data they collect?
Digital Ownership and Control
Legal and Regulatory Frameworks
- GDPR
- COPPA
- HIPAA
A European Union law that governs data protection and privacy, setting strict guidelines on how personal data is collected, stored, and processed.
GDPR (General Data Protection Regulation)
U.S. regulation that protects the privacy of children under 13 by restricting data collection on websites targeting children.
COPPA (Children’s Online Privacy Protection Act)
Protects the privacy and security of health information.
HIPAA (Health Insurance Portability and Accountability Act)
Impact on Society
- Evolving Social Norms
- Job Market and Automation
- Security and Freedom
- Global Connectivity
Technology has transformed how people communicate, work, and socialize. Social norms around privacy, sharing, and interaction have shifted, particularly with the rise of social media.
Evolving Social Norms
Automation and artificial intelligence are reshaping industries. While technology has created new jobs, it has also led to job displacement in some sectors (e.g., manufacturing, retail).
Job Market and Automation
The balance between ensuring national security and preserving individual freedoms is a constant debate, especially in areas like government surveillance, encryption, and internet censorship.
Security and Freedom
The internet has made it possible for people worldwide to connect, collaborate, and share information. However, it has also exposed vulnerabilities to cyberattacks and increased the spread of disinformation.
Global Connectivity
