Essentials Lec 1 - Lec 6

Question 1

What is cyberspace?

Answer 1

“Cyberspace is composed of all the computerised networks in the world, as well as of all computerised end points, including
telecommunications networks, special purpose networks, the internet, computer systems, and computer-based systems. The concept
also includes the information stored, processed, and transmitted on the devices and between these networks.”

Question 2

What is cybersecurity?

Answer 2

“Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber
attacks.” — “Effective cyber security reduces the risk of cyber attacks, and protects organisations and individuals from the
unauthorised exploitation of systems, networks and technologies.”

If it works, nothing happens. Is there a threat or are actors not interested? How can we tell? Focus on measurable outcomes. “A lot of
people still seem to think that you can solve the problem of cyber security with a couple of boxes, a bit of electronics and some clever
programming.”

Question 3

Why do we care about cybersecurity

Answer 3

Protection of critical national infrastructure (clean drinking water, electricity, internet, etc.)
- Privacy and sensitive data
- Financial reasons

Question 4

What is the three-layer model? Governqnce

Answer 4

• Outer layer — Governance - In between — Socio-technical: people interacting with that technology - Middle — Technical

Question 5

What is the CIA-triad?

Answer 5

Protection of data: CIA triad -

Confidentiality: information only available to authorised entities. Not only through hacking.
This could also be for instance wrong attachment in an email, data screens in public
displays, materials not removed correctly (e.g. secure bins), Grindr and Strava -

Integrity: can we trust the data, the whole data and noting but the data? No changes made
to data without detection. This includes changing data, adding data and deleting data. e.g.
millennium bug -

Availability: data available when needed. Systems up and running, people who should have
access have access and others not. e.g. Maastricht University ransomware attack

Question 6

What is Data Backup?

Answer 6

a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss
event. Primary data failures can be the result of hardware or software failure, data corruption, or a human-caused event, such as a
malicious attack (virus or malware), or accidental deletion of data. —> 3-2-1 (3 copies, 2 local, 1 in a galaxy far far away. e.g. DropBox,
TimeMachine, USB storage.

Question 7

What is MFA?

Answer 7

Multi-factor authentication: Multi-factor authentication is an authentication method in which a computer user is granted access only
after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
Something you know (e.g. password) have (e.g. a token, bank card) and are (e.g. fingerprint, iris, facial recognition).

• Upside: increased security - Downside: often a bit more fuss

Question 8

What is a VPN?

Answer 8

VPN: A virtual private network extends a private network across a public network, and enables users to send and receive data across
shared or public networks as if their computing devices were directly connected to the private network. It is a secure connection over
an insecure network. When would you want one? What might the dangers be? (e.g. your data can be sold).V

Question 9

What is Encryption?

Answer 9

is the process of encoding a message or information in such a way that only authorised parties can access it and those who
are not authorised cannot. Encryption itself does not prevent interference but denies the intelligible content to a would-be interceptor.
Not just messages, but files as well. Helps with the CIA triad. Also helps in starting a cyber attack(!).

Question 10

What is End to End encryption?

Answer 10

End-to-end encryption is a system of communication where only the communicating users can read the
messages. An example can be found within WhatsApp. But do we want it? Think about the issue with the FBI.

Question 11

What is PKI?

Answer 11

Public-key encryption: a cryptographic system that uses two pairs of keys: 1) public keys which may be disseminated widely, and 2)
private keys only for the owner. Share the public key, keep your private key secret! Used to encrypt/ decrypt messages.

Question 12

What is ARPANET?

Answer 12

he Advanced Research Projects Agency Network (ARPANET) was an early packet-switching network and the first network to
implement the TCP/IP protocol. It was created to make it easier for people to access computers and to have a more effective
communication method for the military as a response to Sputnik I (1957). Also for the protection of critical infrastructure. ARPA’s goal
was to link different computers together, both to increase overall computer power and to decentralise information storage. As the
network development progressed, protocols for inter-networking were developed by which multiple separate networks could be joined
into a network of networks

Question 13

What are the three aspects of ARPANET?

Answer 13

1. Formulating technological problems and solutions
2. Sense of relevance of community of users
3. Open architecture of system, so that anyone can build on this

Question 14

Explain the “Architecture and First Steps” phase of the internet

Answer 14

Packet switching versus circuit switching (Leonard Kleinrock) -

Joseph Licklider envisioned a network in three ways:
1. Combination of hardware and software
2. Interaction between man and machine
3. Network of people (everyone can bring their expertise to the table) - 1965: packet switching used for first message between two computers

Question 15

What were the first long distance connections?

Answer 15

‘Long’ distance connections: End of 60’s, most of the technology had been invented, but no centralisation — 1969: first link between
UCLA and SRI. They tried to send a message, this message came to be “LO” (they tried to say login, but the system crashed).

Question 16

When did mainstream usage of the internet start?

Answer 16

Mainstream use of Internet
- 1991: First webpage (CERN)
— 1993: Mosaic, first popular browser, UN/US websites
- Cambridge develops webcam for critical process supervision as early as in 1991 (coffee machine)
- Hotmail starts in 1996, Google starts in 1998

Question 17

What are the Pro’s and Con’s of the internet?

Answer 17

Pro’s:
- Faster services
- Connectivity
- Availibility of information

Con’s:
- Privacy
- Accumulation of Data
- Dark Web

Question 18

What are the layers of the TCP/IP model (IMPORTANT)

Answer 18

Question 19

What is the Case Study: Cambridge Analytica about?

Answer 19

Case study: Cambridge Analytica was a British political consulting firm which combined misappropriation of digital assets, data
mining, data brokerage, and data analysis with strategic communication during the electoral processes. The Facebook–Cambridge
Analytica data scandal was a major political scandal in early 2018 when it was revealed that Cambridge Analytica had harvested the
personal data of millions of people’s Facebook profiles without their consent and used it for political advertising purposes.

• Made Brexit /Trump happen
• Targeted advertising
• Facebook personality test
• Data of 50,000,000 users

Question 20

What is the OCEAN acronym in the Cambridge Analytica Case Study

Answer 20

Big five personality traits
1. Openness to new experiences
2. Conscientiousness
3. Extraversion
4. Agreeableness
5. Neuroticism

Question 21

What did camrbidge analytica do with the collected data?

Answer 21

After data collection -Machine learning
*Using computers to detect patterns in data -For example weather predictions, possible risks or mapping spreading of
diseases
*Use these patterns to create algorithms
*Algorithms to make predictions on ‘new’ data
*Training and testing the algorithm -Divide data in ‘training data’ and ‘test data’ to assess the quality of algorithm
-Creating algorithms to predict
*Demographics, personality, interests, etc.
-More data collection and algorithm improvement/ extension

Question 22

What were the consequences of Cambridge Analytica’s actions

Answer 22

Consequences
-Anything you do online is tracked, collected and stored
-Just because you don’t actively share data, doesn’t mean your friends don’t either
-Algorithms allow for prediction of ‘hidden’ information
-Targeted advertising, but who knows?
-How much would you charge for your data?
-What about future technology that is applied to current data?

Question 23

What happened to Cambridge Analytica after the controversy?

Answer 23

What happened to Cambridge Analytica?

Question 24

What is Cybersecurity?

Answer 24

Cybersecurity is both cause and target-related security:
Security = protection against intentional harm caused by
human(s) or object of harm is non-human,

Question 25

What are examples of intentional and accidental harm in cyberspace?

Answer 25

Attack, exploit, disruption, theft (Intentional)
Error, failure, outage (Accidental)

Question 26

How can harm be done through cyberspace?

Answer 26

Harm to society via cyberspace (4 Ways)

• Intentional physical harm: sabotage, critical infrastructure (e.g.
  hacking Rijkswaterstaat).
• Intentional informational harm: crime, espionage, privacy,
  disinformation (e.g. Brexit, Trump election 2016).
• Accidental physical harm: critical infrastructure (e.g. the problem
  with the matrix signs at the highway)
• Accidental informational harm: privacy, misinformation (e.g.

Question 27

How can someone analyse a cyber incident?

Answer 27

The Cyber Accidents model.
1. Actor
Somebody or something instigates a chain of event
2. Cause
Then there is the actual cause
3. Effect

Question 28

Name the 4 main examples of actors in the Cyber Accidents Model

Answer 28

1. Human Being
2. Animals
3. Nature
4. System

Question 29

What errors can a Human Being cause according to the Cyber Accidents Model

Answer 29

1. Execution Errors
   a. Slips: Not paying enough attention
   b. Lapse: you do not remember something but usually you do
2. Planning Error
   a. Rule-based mistakes: it worked in other situations, so i can apply it now
   b. Knowledge-based mistakes: we simply do not get it

Question 30

What errors can a Animal cause according to the Cyber Accidents Model

Answer 30

Mainly disruption of physical infrastructure

Question 31

What errors can Nature cause according to the Cyber Accidents Model

Answer 31

Flooding, Overheating,

Question 32

What errors can a System cause according to the Cyber Accidents Model

Answer 32

Complexity and inadequate procedures can cause incidents.

Question 33

What are the 6 causes of an accident in the Cyber Accidents Model?

Answer 33

1. Design Error
   a. A mistake that is
   waiting to happen
   because of a poor
   design.
   b. e.g.: seen in
   aviation.
2. Programming Error
   a. Coding error/
   software error.
   b. e.g.: bugs
3. Configuration Error
   a. This occurs when
   somebody changes
   or updates the
   settings.
4. Use Error
   a. Using hard/software
   in the wrong way
   (badly or with
   wrong purposes).
   b. e.g. email to the
   wrong person or
   persons.
5. Breakage
   a. Something breaks
   (it no longer
   functions) or broken
   by someone or
   something.
   b. e.g.: something
   breaks.
6. Removal Error
   a. The process of
   eliminating the
   causes of error in a
   manufacturing
   process.
   b. e.g.: discard
   computer without
   wiping the disk.

Question 34

What are the effects of a accident in the Cyber Accidents Model

Answer 34

1. Outage
   a. Internet outage can occur due
   to censorship, cyberattacks,
   disasters or errors.
2. Misinformation
   a. False or inaccurate
   information, especially that
   which is deliberately intended
   to deceive.
3. Data Leak
   a. A data breach is the intentional
   or unintentional release of
   secure or private/confidential
   information to an untrusted
   environment.
4. Malfunction
   a. (of a piece of equipment or
   machinery) fail to function
   normally.

Question 35

What is the Internet?

Answer 35

Internet
-Globally distributed computer network
-Voluntary connected autonomous networks
-Decentralised architecture

Question 36

What are the three layers of Internet Governance?

Answer 36

1. Economic / Societal (the users)
2. Logical (The software)
3. Infrastructure (The hardware)

Question 37

How was the internet governed in the early days?

Answer 37

Origins and Evolution:
The Internet began as a government project, and by the mid-1970s, it evolved into a distributed network with the invention of TCP/IP.
Data packets could take various paths, bypassing traditional barriers and control mechanisms.

Early Governance:
The Internet Engineering Task Force (IETF), established in 1986, played a key role in its development.
There was no central government or grand design initially.

Why Governance?:
Since 1969 (during ARPANET and NSFNET), governance was necessary for:
Establishing standards for device interoperability.
Coordinating unique Internet addresses.
Addressing security issues

Question 38

What does the IETF do?

Answer 38

• Internet Engineering Task Force (IETF): organisation that develops the core internet standards since the early days of the Internet - Standards are developed via Request for Comments (RFCs) practice - For the first time in history, IETF made standard-making process public and open — at first out of sheer necessity, subsequently
  strongly re-enacted for accountability purposes. - This set the governance standard: the open model of IETF was emulated, pushing for the open participation of stakeholders across
  the board in Internet governance

Question 39

What is internet governance?

Answer 39

Emergence and Interpretations:
Since the early 2000s, ongoing debate has been about the term “governance.”
Some mistakenly equate governance with government, but this is not accurate.
During the United Nations World Summit on the Information Society (WSIS), certain national delegations viewed governance as solely a government matter.
This clashed with a broader understanding of governance that encompasses all institutions, including non-governmental ones.

Internet Governance Defined:
According to WSIS, Internet governance involves the collaborative efforts of governments, the private sector, and civil society.
It focuses on developing and applying shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet1.

Question 40

What is the difference between governance on and of the internet?

Answer 40

• Governance of the Internet –- what technical bodies such as ICANN, RIRs, and IETF do that affects the running and development of
  the Internet?
• Governance on the Internet -– the issues relevant to the Internet’s utility and development, such as privacy and data protection,
  cybersecurity and cybercrime, child protection, jurisdiction, net neutrality, resilience of critical information infrastructure (…and many
  others).

Question 41

Who governs? Who controls? Who oversees the internet?

Answer 41

There is no unilateral system — some policies and tasks performed by private industry,
some by new institutions such ICANN and IETF, some by nation states

Question 42

What is the difference between multistakeholder and multilateral governance?

Answer 42

Multistakeholder model of governance:
Non-hierarchical, cooperation, consensus-driven, decentralised,
equal footing, open participation for various stakeholder groups.
Narrow approach
Focuses on Internet infrastructure (DNS, IP numbers, and root
servers) and on the position of the Internet Corporation for
Assigned Names and Numbers as the key governance actor
(technical layer)

Multilateral model of governance:
Discussion or agreements between multiple governments.
Broad approach
Internet governance goes beyond infrastructural issues and
address other legal, economic, developmental, and sociocultural
aspects of the Internet (technical+societal/ economical layer)

Question 43

Where is the balance of power (BoP) in the governance of the Internet?

Answer 43

Point of contention: balance of power - One of the most significant questions in the internet governance: government vs governance - Balance of power between sovereign nation-state governance and non- territorial and privatised mechanisms - Has internet governance created new global institutions and what are the implications for traditional political/governance
structures?
—> Is the government just another stakeholder? Think of the leviathan and Thomas Hobbes.

Question 44

How does the state govern the internet?

Answer 44

State: a nation or territory considered as an organised political community under one government. Governance model competes and
conflicts with multistakeholder model. States have monopoly on the use of (legitimate) power and force on a (particular) given territory.
State and control goes through territorial sovereignty and state borders. However, cybersecurity is challenging this sovereignty.

Software-defined virtual space — a network of networks —> No territorial sovereignty? State regulation and (tele)communications: - State-owned monopolies: post, telegraph, telephone - Multilateral governance through Intergovernmental treaty organisation: International Telecommunications Union - TV: state-owned channels, national broadcast authorities - Control through regulation and licensing

Question 45

What is ICANN?

Answer 45

Internet Corporation for Assigned Names and Numbers (ICANN): Coordination the Internet’s systems of unique identifiers including domain names
and IP addresses

Question 46

What is the DNS war?

Answer 46

DNS war (1994-1998): The early days decentralised approach to Internet governance began to change as soon as governments and
the business sector realised the importance of Internet. In 1994: US National Science Foundation, which managed the key
infrastructure of the Internet, decided to subcontract the management of the domain name system (DNS) to a private US company
called Network Solutions Inc. (NSI). This was not well received by the Internet community and led to the so-called DNS war. This war brought new players into the picture: international organisations and nation states. It ended in 1998 with the establishment of a new
organisation, the Internet Corporation for Assigned Names and Numbers (ICANN)

ITU, USA AND ICANN: Domain name system in early 1990s: in the hands of the US Government. US Government faced with a choice,
continue its unique role or internationalise core functions. ITU said “no thank you” (and not wanted!). A middle road chosen - a
significant leap of faith = creation of Internet Corporation for Assigned Names and Numbers (ICANN). Some DNS responsibilities
remained linked to US Government (till 2016).

Question 47

What is IANA?

Answer 47

IANA, the Internet Assigned Numbers Authority, is a set of functions housed and operated within ICANN: top-level allocator for blocks of IP
addresses and AS numbers

Question 48

What is IETF?

Answer 48

Internet Engineering Task Force (IETF): Development and promotion of Internet standards dealing in particular with standards of the Internet
protocols

Question 49

What is ISO?

Answer 49

Standardisation the official names and postal codes of countries, dependent territories, special
areas of geographic significance

Question 50

What is NRO?

Answer 50

Number Resource Organisation (NRO) A coordinating body for the five Regional Internet Registries, which manage the distribution of IP addresses
and Autonomous System Numbers in their regions of the world

Question 51

What is TLDO?

Answer 51

Top Level Domain Operators (TLD Operators): Organisations which have been assigned the management of Top-Level Domains such as: Generic
TLDs (.com, .edu, .info, .name etc …), Country Code TLDs (.fr, .us, .gh, .cn etc…) and non-ASCII alphabet TLDs (in language such as Chinese, Arabic,
Russian, French etc…)

Question 52

What is W3C?

Answer 52

The World Wide Web Consortium (W3C): international community developing Web standards

Question 53

What is internet governance and the difference with national governance?

Answer 53

Question 54

What controls did the US have on the internet?

Answer 54

1. The so-called IANA (Internet Assigned Numbers Authority) contract: contract between the US government and ICANN that to
   perform technical functions on the IANA. Any changes in the root zone file must be audited and approved by the US
   Department of Commerce
2. Memorandum of Understanding between ICANN and the US government on policy functions ICANN was supposed to
   perform. Specific priorities did reflect US government interests.
3. Contract between US Department of Commerce and VeriSign Inc. (US company) to master root zone servers.

Question 55

How is ICANN governed now?

Answer 55

ICANN — ending the US oversight: From the inception of ICANN, US promised to give the oversight to the community. 2014: US
oversight and possible dominance became problematic (Snowden revelation, mass surveillance debates, governments seeking control
over technical layer of the Internet via multilateral fora such as the ITU). 14 March 2014: U.S. Government announces intent to
transition its stewardship of the IANA (Internet Assigned Numbers Authority) functions to the global multistakeholder community.

Transition to be complete by the 30th of September 2016. Transition proposal must have broad community backing and:
- Support and enhance the multistakeholder model;
- Maintain the security, stability, and resiliency of the Internet DNS; - Meet the needs and expectations of the global customers and partners of the IANA (Internet Assigned Numbers Authority)
services; and
- Maintain the openness of the Internet.
- (IMPORTANT) in addition, NTIA (National Telecommunications and Information) administration also said it would not accept a
plan that replaces NTIA’s role with a government-led or intergovernmental organisation solution.

Question 56

What is Internet governance: decentralised vs. centralised:

Answer 56

Question 57

What is WSIS?

Answer 57

World Summit on the Information Society (WSIS):
WSIS Overview:
The WSIS was a two-phase United Nations summit held in Geneva (2003) and Tunis (2005).
It aimed to build an inclusive and development-oriented Information Society where everyone can create and share information.
The WSIS recognized that Internet governance involves not only governments but also all stakeholders.
It set targets, recommendations, and commitments for an inclusive Information Society.
Internet Governance:
The term “Internet governance” was introduced during the WSIS process in February 2003.
After the Geneva summit, it became a key issue in WSIS negotiations.
The Working Group on Internet Governance (WGIG) was established during the Geneva summit.
WGIG’s report served as the basis for negotiations at the second WSIS summit in Tunis.
The WSIS Tunis Agenda elaborated on Internet governance issues and established the Internet Governance Forum (IGF).

Question 58

What is IGF?

Answer 58

Internet Governance Forum (IGF), a multistakeholder body conveyed by the UN Secretary General

Internet governance forum (IGF) — From Athens (2006) to Berlin (2019) - First IGF: in many respects, an experiment in multilateral diplomacy - Truly a multistakeholder event with participation of states, business, and civil society - Interesting organisational structure for its main events and workshops - First IGF: journalists moderated the discussions: different from the usual UN-style meeting format. - Critics: IGF was only a ‘talk show’ without any tangible results in the form of a final document or plan of action - Truth: IGF doesn’t really produce tangible outcomes

Question 59

What is WCIT 2012?

Answer 59

• The World Conference on International Telecommunications (WCIT): Dubai in December 2012
• Aim: amend the International Telecommunication Regulations (ITRs) for the first time since 1988
• Debates on the impact of a new regulation on the future of Internet - Ended in a stalemate: the participants failed to reach a consensus on the amended text, leaving the debate open for upcoming
  meetings
• Main contentious point: a non-binding resolution on fostering the role of the ITU in Internet governance
• Countries polarised participating into two blocks: western countries favoured the current multistakeholder model while supporters
  of the resolution, including states like China, Russia, and Arab countries, wanted an intergovernmental model

Question 60

What is Netmundial?

Answer 60

NETMUNDIAL: partially reaction to Snowden revelations, but reflects all the issues boiling over the years: who governs? Who controls? - Innovative approach: equal number of slots for the four groups stakeholders (government, business, technical and academic, and
civil society) in the plenary discussions
- Stakeholders negotiated final statement containing IG principles and a roadmap for further actions - Problems: statement recognised evolving roles and responsibilities of stakeholders (contentious debate post-WSIS)
- Post-NetMundial: NetMundial initiative, no outcomes

Question 61

What is Regulation?

Answer 61

The sustained and focused attempt to alter the behaviour of others according
to defined standards or purposes with the intention of producing a broadly
identified outcome or outcomes, which may involve mechanisms of standard
setting, information-gathering and behaviour-modification

Question 62

What are the two ways in which you can regulate:

Answer 62

1. Restrain people from doing certain things: restrict (red light)
   e.g. commanding control measures.
2. Give people the opportunity to do more: facilitate (green light)
   Broadest
   e.g. abide rules that are set by society
   e.g. factors which stimulate, provide, or promote, a fertile environment for public education.

Question 62

What is the main problem with the internet?

Answer 62

The problem: people do things on the internet that are undesirable or illegal
Some questions: - Do the same laws apply to these cyber activities as for comparable activities in the offline world? - If that is the case, which country has jurisdiction? - If not, which laws apply?

Question 63

What are the three fundemantal issues of regulation in cyberspace?

Answer 63

1. Jurisdiction, sovereignty: who sets the standards? Who enforces them?
2. Legitimacy: who makes the rules? Who enforces them?
3. Attribution: defining the action (cyber crime? Cyber terrorism? Cyber war?) & who committed the crime?

Question 64

What are the Four perspectives on regulation:

Answer 64

1.Cyber-libertarianism - Aka separatists [-] or utopians [+] - Regulating the Internet is impossible and undesirable - If any, then self-regulation
2.Techno-regulation - Technologies are built from scratch so why not use them? - Regulation is desirable and necessary
3.Territorialism - Use traditional legal means - Regulation is necessary
4.Walled gardens: - Separate ecosystems of the internet with many interests - Rethink current regulatory practices - Regulation is necessary

Question 65

How can someone regulate beyond their borders?

Answer 65

Comparison: counterfeit products
Target local parties: intermediaries - Intermediaries in cyberspace: 1) owners of infrastructure, 2) service providers, 3) banks,
4) businesses within borders

Question 66

What are the three points of control for cyber regulation?

Answer 66

1. Source
2. Intermediaries
   a. ISP’S
   b. Banks
3. Target

Question 67

What is Lessig’s (1998) opinion on techno-regulation

Answer 67

• “Architecture is a kind of law: it determines what people can and cannot do”
• East coast code (law) vs. West coast code (companies regulate) - “As the world is now, code writers are increasingly lawmakers” -

Regulation by design = techno-regulation
* “A locked door is not a command ‘do not enter’ backed up with the threat of
punishment by the state. A locked door is a physical constraint on the liberty of
someone to enter some space”

Question 68

What is structural and substantive regulation in cyberspace?

Answer 68

Structural
Constitution:
Structure of government, checks and balances
Internet: Architecture

Substantive
Constitution:
values to uphold

internet:
privacy, freedom of speech etc.

Question 69

What are the strengths and weaknesses of techno-regulation?

Answer 69

Strengths
- Effective
- Fool-proof
- Cheap
- Fair

Weaknesses
- Not legitimate
- Not democratic
- Opaque
- Unfair

Question 70

What is techno regulation?

Answer 70

Techno-regulation refers to the use of digital tools and machine learning techniques to safeguard legally protected interests, such as protecting individuals from online threats, breaches of law, or harmful interactions with technology¹.

Question 71

What is the psychological approach to cybersecurity?

Answer 71

• “Why people feel what they feel, think what they think, and do what they do?
• Trying to make sense of human behaviour
• “Black swan approach” in philosophy and psychology

Question 72

Which factors influence behaviour?

Answer 72

Think about education, environment, money, culture, etc.

Question 73

What is the confirmation bias?

Answer 73

Confirmation bias: we seek to confirm existing beliefs/ choices: - Search bias - Biased interpretation - Memory - We also tend to have a truth bias: wanting to believe someone

Question 74

What is cognitive dissonance?

Answer 74

“If a person held to cognitions that were psychologically inconsistent, he would experience dissonance and would attempt to reduce
dissonance much like one would attempt to reduce hunger, thirst or any drive.” Resolved by: - Changing the behaviour (e.g. stop smoking) - Justifying the behaviour by changing the conflicting cognition (e.g. smoking is not that bad) - Justifying the behaviour by adding new cognitions (e.g. smoking is bad but I already exercise etc.)

Question 75

What is the Just-world hypothesis?

Answer 75

Just-world hypothesis. The just-world hypothesis or just-world fallacy is the cognitive bias (or assumption) that
a person’s actions are inherently inclined to bring morally fair and fitting consequences to that person, to the end of all noble actions
being eventually rewarded and all evil actions eventually punished. Kind of like ’karma’. Wanting to believe good people have good
lives and all is good in the world. Bad things only happen to bad people.

Question 76

What is Fundamental Attribution Error?

Answer 76

The fundamental attribution error is the tendency people have to overemphasise personal
characteristics and ignore situational factors in judging others’ behaviour.

Question 77

What is Loss Aversion?

Answer 77

In cognitive psychology and decision theory, loss aversion refers to people’s tendency to prefer avoiding losses to
acquiring equivalent gains: it is better to not lose $5 than to find $5. Also a reason why quizzers quit. The endowment effect is the
finding that people are more likely to retain an object they own than acquire that same object when they do not own it.

Question 78

What is the Asch Experiment?

Answer 78

The Asch Experiment: a series of studies directed by Solomon Asch studying if and how individuals
yielded to or defied a majority group and the effect of such influences on beliefs and opinions.

Question 79

What is Conformity?

Answer 79

Conformity: - We are guided by social pressure. - Group think: a mode of thinking that people engage in when they are deeply involved in a cohesive
in-group, when the members’ strivings for unanimity overrides their motivation to realistically
appraise alternative courses of action (Janis).

Question 80

What is Representativeness heuristic?

Answer 80

• Representativeness heuristic:
  Assessing the similarity of objects and organising them based around the category prototype.

Question 81

What is availability heuristic?

Answer 81

A mental shortcut that relies on immediate examples that come to a given person’s mind when evaluating a specific topic, concept,
method or decision.

Question 82

What is Naive diversification?

Answer 82

A strategy whereby an investor simply invests in a number of different assets in the hope that the variance of the expected return on
the portfolio is lowered. In contrast, mathematical programming can be used to select the best possible investment weights.

Question 83

What is the Anchoring Heuristic?

Answer 83

Anchoring and adjustment is a psychological heuristic that influences the way people intuitively assess probabilities. According to
this heuristic, people start with an implicitly suggested reference point (the “anchor”) and make adjustments to it to reach their
estimate.

Question 84

What is the Theory of Planned Behaviour?

Answer 84

1. Theory of planned behaviour: A theory that links one’s beliefs and behaviour.
   The theory states that intention toward behaviour, subjective norms, and
   perceived behavioural control, together shape an individual’s behavioural
   intentions and behaviours.
   * Attitude
   * Subjective norm: what are the people around you doing?
   * Perceived behavioural control

Question 85

What is the Protection motivation theory

Answer 85

The protection motivation theory proposes that
people protect themselves based on four factors: the perceived severity of a
threatening event, the perceived probability of the occurrence, or vulnerability,
the efficacy of the recommended preventive behaviour, and the perceived self
efficacy.

Question 86

What is the Health Belief Model?

Answer 86

Health belief model: The health belief model (HBM) is a social psychological
health behaviour change model developed to explain and predict health
related behaviours, particularly in regard to the uptake of health services.

Question 87

What is the COM-B model?

Answer 87

the COM-B model proposes that people need sufficient
Capability, Opportunity, and Motivation to perform a desired behaviour. If even
a single component is lacking, then people will be less likely to perform the
desired behaviour

Question 88

What are Heuristics?

Answer 88

Heuristics are mental shortcuts that allow people to solve problems and make judgments quickly and efficiently. These rule-of-thumb strategies shorten decision-making time and enable individuals to function without constantly pausing to deliberate their next course of action

Question 89

What are common factors in human errors?

Answer 89

Behaviour as an interplay between attitudes, emotions, cognitions and the environment - Not just ‘wanting’ to act, but being able to as well - Still no certainty over actual changes in behaviour

Question 90

What are the key elements in the psychology of scams?

Answer 90

Psychology of scams:
- Distraction: attention biases/ change blindness
- Social compliance: authority/ norms
- Herd principle: conformity
- Dishonesty: encourage illegal behaviour
- Deception - Need and greed (scarcity) - Time (limitation): e.g. you have to act now
- Need for consistency

Question 91

What is the Barnum Effect?

Answer 91

The Barnum Effect is when people believe that vague statements about their personality are actually accurate for them. For example, reading a horoscope that seems specific but could apply to almost anyone