LAB2 - Prevention and management of threats to data

Question 1

5 user access restrictions

Answer 1

Physical security measures, passwords, using correct settings and levels of permitted access, biometrics, 2-factor authentication

Question 2

1 advantage of physical security measures

Answer 2

Prevents attackers from gaining direct and physical access to locations where data is stored

Question 3

2 disadvantages of physical security measures

Answer 3

Expensive, some methods (CCTV) do not stop data being stolen

Question 4

3 security techniques for physical security measures

Answer 4

Electronic swipe lock, secured device (steel cable and lock), CCTV camera

Question 5

2 advantages of passwords

Answer 5

Simple and easy, no costs involved - no specialist hardware required

Question 6

3 disadvantages of passwords

Answer 6

Only effective if passwords are kept secret, strong or frequently changed passowords may be hard to remember, specialist software may be used to work out passwords

Question 7

Advantage of using correct settings and levels of permitted access

Answer 7

No problems caused by unauthorised changes

Question 8

2 disadvantages of using correct settings and levels of permitted access

Answer 8

Technical staff required to set up permissions, access levels need to be set at the right level

Question 9

5 biometric examples

Answer 9

Voice recognition, retina scan, iris recognition, fingerprint scan, facial recognition

Question 10

2 advantages of biometrics

Answer 10

Users do not need to remember passwords or update them regularly, cannot be guessed/lost/forgotten

Question 11

2 disadvantages of biometrics

Answer 11

Expensive - specialist hardware required, some users may feel storing theiir biometric data is an invasion of privacy

Question 12

3 factors of 2-factor authentication

Answer 12

What you know (PIN/password), what you have (swipe card/mobile phone), who you are (biometric example)

Question 13

Advantage of 2-factor authentication

Answer 13

Provides a higher level of security

Question 14

3 disadvantages of 2-factor authentication

Answer 14

Some factors may get lost, take longer to gain access, requires hardware/software

Question 15

6 data level protection techniques

Answer 15

Firewall, software/interface design, anti-virus software, device hardening, procedures for backing up and recovering data, encryption

Question 16

Define software firewall

Answer 16

runs on an individual PC or laptop to reject unwanted internet traffic.

Question 17

Define hardware firewall

Answer 17

a dedicated computer set up to run firewall software that monitors all traffic flowing between the internet and organisation’s network.

Question 18

3 software/interface design techniques

Answer 18

Obscuring data entry (protects against shoulder surfing), autocomplete (avoids remembering, display other user’s inputs), “stay logged in” (speeds up process, security risk if different user gains access)

Question 19

Advantage of anti-virus software

Answer 19

Protects computers from known malware

Question 20

Disadvantage of anti-virus software

Answer 20

Virus signatures must be updated regularly as new malware appears all the time

Question 21

8 device hardening techniques

Answer 21

Install firewall, install anti-virus software, Uninstall programs/services that are no longer required, remove old user accounts, use strong passwords, ensure default passwords are changed, restrict user access, ensure security patches are up to date

Question 22

Advantage of device hardening

Answer 22

Protects a system from a range of attacks

Question 23

Disadvantage of device hardening

Answer 23

Requires technical staff to stay up to date with the latest security threats and apply measures correctly

Question 24

4 procedures for backing up and recovering data

Answer 24

Backup done daily or weekly (outside working hours), carried out automatically or manually, physical backups stored in a fireproof box on site or off site, restoring data on the backup into the repaired/new computer

Question 25

2 disadvantages of encrypting stored data

Answer 25

If the encryption key is lost, data may be unrecoverable, encrypting a large amount of data can take time

Question 26

Disadvantage of encrypting transmitted data

Answer 26

Encrypted data can still be stolen and is possible to crack if a weak encryption technique is used

Question 27

3 ways to find weaknesses and improve system security

Answer 27

Ethical hacking, penetration testing, analyse system data/behaviours

Question 28

Define ethical hacking

Answer 28

When an attack is stimulated on an organisation’s IT systems to highlight weaknesses and vulnerabilities.

Question 29

Define white/grey hat hacker

Answer 29

White - authorised by an organisation to test systems. Grey - discover vulnerabilities without an invitation, may alert organisation and break laws but do not hack for personal gain.

Question 30

Advantage of ethical hacking

Answer 30

Helps to find insecure areas (loopholes) in network security

Question 31

3 disadvantages of ethical hacking

Answer 31

Expensive, trustworthiness of ethical hacker, may view as an invasion of privacy

Question 32

What are the 5 stages of penetration testing?

Answer 32

1. Discuss and agree. 2. Studies organisation on public domain. 3. Carries out pen test (social engineering and cyberattack techniques). 4. Results and data is collected and analysed. 5. Reports back with results and recommendations.