Lesson 6: Digital Security, Ethics, and Privacy: Avoiding and Recognizing Threats Flashcards
Protection from hostile forces that intend to compromise the normal state of being of something
Security
Computer Security and Cybersecurity aims to preserve these three things (CIA):
Confidentiality of Data
Integrity of Data
Availability of Data
The state of being safe from malicious actors
Security
Any event or action that could cause a loss of or damage to computer or mobile device hardware, software, data, information, or processing ability
Risk
______ is meant to be taken, while ________ is the holistic goal of every computer administrator / owner.
Risk…security
An intentional breach of digital security often involves a deliberate act that is against the law
Cybercrime
A formal and umbrella term for anyone who maliciously acts upon a computer system
Threat actors
Individuals who want to attack computers but lack the knowledge and networks needed to do so
Script Kiddies
Usually downloads pre-made hacking tools coded by other hackers
Script Kiddies
A threat actor that breaks through a computer security without required permission
Hacker
Someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions
Cracker
Attacks a nation’s national computer systems, mostly power grids and tech infrastructure that comprises national security, to instill fear and insecurity
Cyberterrorists
Threaten to expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization’s network - if they are not paid a sum of money
Cyberextortionist
A common way to trick people to entering their passwords and other info to websites controlled by threat actors
Phishing
An Act Defining Cybercrime, Providing for the Prevention, Investigation, Suppression and the Imposition of Penalties Therefor and for Other Purposes
RA 10175 - Anti-Cybercrime Act of 2012
Is the discovery, collection, and analysis of evidence found on computers and networks
Digital Forensics
Involves the examination of media, program, data, and log files on computers, mobile devices, servers, and networks
Digital Forensics
A contraction of the words “malicious” and “software”
Malware
A general term for software that is intended to disrupt computer security
Malware
Also called a zombie army
Botnets
A group of compromised computers or mobile devices connected to a network, often used to attack other networks
Botnets
Usually being used in:
• Automated Troll Farms
• Illegal Crypto Mining
• DDoS Attacks
• and many more that require intensive computing resources
Botnets
A type of attack, usually on a server, that is meant to overload the server with network traffic so that it cannot provide necessary services
Denial of Server (DoS)
When executed via botnets, DoS is called
Distributed DoS (DDoS)
A program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network
Backdoor
A technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network
Spoofing
Make it look like a user uses a website safely, but deep inside the computer, malicious code is running that compromises the user’s network and information security
Spoofing
Is a category of attacks that attempts to trick the victim into giving valuable information to the attacker
Social Engineering
Relies on an attacker’s clever manipulation of human nature in order to persuade the victim to provide information or take actions
Social Engineering
Detects and automatically takes action against malicious code that attempts to run through a computer
Antivirus
Default Antivirus for Windows OS
Windows Defender
Protects network resources from outsiders and to restrict employee’s access to sensitive data
Firewall
Stop malicious intrusions before they attempt to affect your computer or network
Firewall
A private, secure path across a public network that allows authorized users secure access to a company or other network
Virtual Private Networks (VPN)
Help ensure that data is safe from being intercepted by unauthorized people by encrypting data as it transmits from a laptop, smartphone, or other mobile device
Virtual Private Networks (VPN)
Prevent other users from accessing your computer by implementing access controls
Proper Access Controls
Remove Guest User Profiles from your computer which could be a way in for an unknown user to upload malicious code in person/manually
Proper Access Controls
If your data is backed up, threats of a cyberextortionist/cracker deleting the data won’t be a huge deal
Data Backups
Perform backups regularly – a healthy frequency is 1 to 2 months
Data Backups
Having a synced cloud storage even reduces the risk of data not being backed up
Data Backups
A WiFi access point of the same name as the one existing in public
Avoid Evil Twins
A period of time during which an individual refrains from using technology
Digital Detox
- Strong Passwords
- Two-Factor Authentication
- Biometrics
- Captcha
- Encryptions
Information Privacy