LO2

Question 1

Vulnerabilities

Answer 1

Flaws or issues that results in weaknesses in the security of a system. They can be intentional, accidental or a natural phenomenon.

Question 2

System Vulnerabilities

Answer 2

Weaknesses within a network or system.

Examples of this are denial of service, botnet, malware, social engineering

Question 3

Physical threats Vulnerabilities

Answer 3

Weaknesses within a network or system that happen in a physical sense.
Theft, Vandalism and arson etc.

Question 4

Environmental Vulnerabilities

Answer 4

Weaknesses within a network or system that happen due to a environmental impact. Flooding and natural disasters etc.

Question 5

Accidental threats

Answer 5

This is damage that happens to a network/data/system without actually intention of the individual causing harm. For example dropping a device and breaking it, spilling a liquid on a machine which contains information.
Replying to a hoax email without realising what it is.

Question 6

Intentional threats

Answer 6

Criminal activities that have the intention to cause harm to a computer system. Hacking / Social engineering and theft etc.

Question 7

Organised Crime

Answer 7

Cyber dependant and cyber enabled crime, stealing identities, blackmailing. teams of hackers working together to commit fraud and other crimes.

Question 8

State Sponsored Crime

Answer 8

Countries who employ spies to find out state secrets, government polices etc. spying, espionage.

Question 9

Hacktivist

Answer 9

Individuals and groups which use computers and computer systems to promote their own views on a particular issue such as human rights, animal rights or ethics. They hack into computer systems and cause disruption such as DDoS, steal or destroy information and put individuals, organisations and countries at risk.

Question 10

Cyber Criminal

Answer 10

Anyone who commits a cyber-crime by breaking national or international law. They may use the computer in different ways to carry out the crime- as a tool e.g. commit fraud, send spam – to aim crime at a particular copter or system e.g. looking up information they are not allowed to read, installing Trojan horse, spreading Malware, stealing data, altering data

Question 11

Insider

Answer 11

Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has “done them wrong” and feel justified in gaining revenge. An insider threat could be: the introduction ofviruses,worms, orTrojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise.

Question 12

Script Kiddie

Answer 12

is anunskilledindividual who usesscriptsor programs developed by others to attack computer systems and networks anddeface websites. The term, ‘Script kiddies’ does not relate to the actual age of the participant, but they are often young and inexperienced. It is anyone who lacks the ability to write their own sophisticated programs.

Question 13

Scammers

Answer 13

Trying to cheat you by offering goods or opportunities to make some quick money. Scams often come via emails and are activated once clicked on. E.G. ‘click here to try the free trial of XXX’ to register pay £1 that will be refunded. The link will not work and you will not be refunded.

Question 14

Vulnerability Broker

Answer 14

Several companies make money by either finding program bugs themselves or buying them from researchers of hackers to sell the information on – not to the company who created the program.

Question 15

Phishers

Answer 15

Gain access to your personal details (passwords, bank account numbers, NI) normally an email is sent from your e.g. bank or Paypal asking you to click the link and log in. The link takes you to a webpage that looks like ‘Paypal’ but is fake. If data is entered then it will provide access to the phishers.

Question 16

Cyber Terrorists

Answer 16

Use of computer systems to cause fear or intimidation in society through destruction of or damage to people, property and systems.

Question 17

Motivations for hackers

Answer 17

• Espionage
• Righting perceived wrongs
• Publicity
• Fraud
• Score settling
• Public good
• Thrill
• Income generation

Question 18

Targets for Cyber

Answer 18

• People
• Organisations
• Equipment
• Information

Question 19

Money Laundering

Answer 19

The process by which criminals hide the origin if the proceeds of their crime, by transferring money through different bank accounts and countries to make it look as if it comes from a legal source

Question 20

Data Mining

Answer 20

The process of using special software to look at large amounts of computer data in order to find out useful information, for example what types of product a company’s customers buy

Question 21

Cyber enabled crime

Answer 21

which can only be committed by using a computer, computer network or other form of Information Communication Technology (ICT). They are primarily acts directed against computers or network resources and are typically offences under the Computer Misuse Act (CMA)

Question 22

Cyber Dependent crime

Answer 22

Offences that can only be committed using a computer, computer networks or other form of information communications technology (ICT). These acts include the spread of viruses or other malware, hacking and distributed denial of service (DDoS) attacks.

Question 23

Encryption

Answer 23

turning data and information into a format which can only be read by someone with the key.

Question 24

Symmetric Key

Answer 24

where the encryption and decryption codes are the same

Question 25

Asymmetric or public key

Answer 25

Where the encryption key is available to anyone to use and encrypt data but only the person who receives the message receives the decryption key.

Question 26

Surveillance of networks

Answer 26

Traffic on the network is monitored if irregularities are found an alert is issued.

Question 27

Operational Controls

Answer 27

• Encryption

* Surveillance of networks

Question 28

Patch Deployment

Answer 28

The planned installation of software updates to fix bugs or any reported issues. This is needed to be planned in business as it may cause down time to specific systems.

Question 29

Manual Vulnerabilities protection

Answer 29

For a small network rather than used automated tools, a technician or network manager will take steps required to remove or reduce vulnerability.

Question 30

Automated Tools

Answer 30

Remediation tools which engage managers to prioritise risk so they can decide what vulnerabilities can be fixed and when.

Question 31

Vulnerability Cycle

Answer 31

Disover > Prioritise Assets > Assess > Report > Remediate > Verify > Discover

Question 32

Assets in Business

Answer 32

Hardware
Software
Communications Equipment
Information / Data

Question 33

Cost/Benefits

Answer 33

There are varying costs to keeping cyber security up to date, it varies with each asset.

Question 34

Testing and monitoring measures

Answer 34

IDS + IPS

Question 35

Intrusion Prevention Systems

Answer 35

Devices or programs that detect attempts and intrusion and protect them. These systems can be hardware or installed software. It creates alerts and logs attempts of intrusion to the network, it also can BLOCK attempts.

Question 36

Intrusion Detection Systems

Answer 36

Devices or programs that are designed to expose any attempts by attackers for attempts on the network.