LO1 Flashcards
Understand what is meant by cyber security.
Confidentiality
Information that is protected against unintended or unauthorised access. Rules which restrict access only to those who need to know.
Availability
The level of assurance that the data will be available to those who need it, when they want it.
E.g. Patients medical records are available if they are to come into A & E and need treatment.
Integrity
The level of assurance that the data available is accurate and up to date
Cyber security incident
An unwanted/unexpected event, such as an intrusion into a computer system/network, such as the spread of malware.
Unauthorised access
Activity intended to gain access to data, networks, computer system hardware or software without the permission of the owner or other responsible individuals or organisations.
Information Disclosure
Allowing information to pass to any person or organisation without permission from the owner.
Modification of Data
Data is entered, amended, stored and deleted by those with authorisation. Done by accident or on purpose.
Unauthorised inspection
Reviewing or reading data without permission from the appropriate owner.
Data destruction
Data is intentionally destroyed
Hacking
Gaining access to systems/data that you are not allowed to have access to. Any way that is possible rather than being given a legitimate username and password.
Escalation of privileges (Vertical)
The invader obtains or legally obtains access to a system (low level access). By finding a flaw in the system they are able to increase their access level and therefore access to data.
Escalation of privileges (Horizontal)
The invader does not add higher levels of access but gains access through normal users areas.
For example a stolen username and password.
Inaccessible data
This is restricting the access to data.
Most accounts will have an automatic lock out feature meaning after multiple attempts of username and password combinations will result automatic account lockout.
Disclosure of Government Information
The regulation on what and how information from the government can be shared.
We have both the Official Secrets Act and the Freedom of information legislation which both impact how we gain access to information.
Official Secrets Act
States it is illegal to disclose government information that is in the interests of security within the country
Freedom of Information Act
Allows access by the general public to data held by any state funded organisation. Although Charities are exempt.
Account lockout
The account lockout policy “locks” the user’s account after a defined number of failed password attempts. The account lockout prevents the user from logging onto the network for a period of time even if the correct password is entered.
Deliberate Erasure
The deliberate attempt to destroy or remove all data from a storage device.
Military Secrets
Military secrecy is the concealing of information about martial affairs that is purposely not made available to the general public and hence to any enemy, in order to gain an advantage or to not reveal a weakness, to avoid embarrassment, or to help in propaganda efforts.
Identify Theft
Fraudsters access enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud.
This can lead to fraud that can have a direct impact on finances, taking out loans or stealing of money. It could also impact the victims future banking prospects.
Financial Theft
The monetary gain that is by a fraudster from a victim’s assets.
Protection of Personal Data(Health)
Health record theft may result in: Loss of job opportunities, altering records, using the record to obtain benefits illegally, refusal of specific insurance
Protection of Personal Data(Financial)
Financial record theft may result in: Creation of mortgages, loans, other debts. Withdrawal of funds, closure of legitimate accounts
Protection of Personal Data
Any personal data theft can often lead to more data theft as the fraudster gathers more and more information about the person.
Protection of Organisations Data
If an organisations data is stolen this can not only lead to the theft of Intellectual property but also loss of details about employees, suppliers and even customers meaning more people are effected and often impacted.
Protection of the States Data
If the states data is stolen it may lead to information not authorised for the public to view being leaked, information about political persons and economic secrets being shared.
