LO2 Flashcards

Understand the issues surrounding cyber security.

1
Q

Vulnerabilities

A

Flaws or issues that results in weaknesses in the security of a system. They can be intentional, accidental or a natural phenomenon.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

System Vulnerabilities

A

Weaknesses within a network or system.

Examples of this are denial of service, botnet, malware, social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Physical threats Vulnerabilities

A

Weaknesses within a network or system that happen in a physical sense.
Theft, Vandalism and arson etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Environmental Vulnerabilities

A

Weaknesses within a network or system that happen due to a environmental impact. Flooding and natural disasters etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Accidental threats

A

This is damage that happens to a network/data/system without actually intention of the individual causing harm. For example dropping a device and breaking it, spilling a liquid on a machine which contains information.
Replying to a hoax email without realising what it is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Intentional threats

A

Criminal activities that have the intention to cause harm to a computer system. Hacking / Social engineering and theft etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Organised Crime

A

Cyber dependant and cyber enabled crime, stealing identities, blackmailing. teams of hackers working together to commit fraud and other crimes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

State Sponsored Crime

A

Countries who employ spies to find out state secrets, government polices etc. spying, espionage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hacktivist

A

Individuals and groups which use computers and computer systems to promote their own views on a particular issue such as human rights, animal rights or ethics. They hack into computer systems and cause disruption such as DDoS, steal or destroy information and put individuals, organisations and countries at risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cyber Criminal

A

Anyone who commits a cyber-crime by breaking national or international law. They may use the computer in different ways to carry out the crime- as a tool e.g. commit fraud, send spam – to aim crime at a particular copter or system e.g. looking up information they are not allowed to read, installing Trojan horse, spreading Malware, stealing data, altering data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Insider

A

Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has “done them wrong” and feel justified in gaining revenge. An insider threat could be: the introduction ofviruses,worms, orTrojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Script Kiddie

A

is anunskilledindividual who usesscriptsor programs developed by others to attack computer systems and networks anddeface websites. The term, ‘Script kiddies’ does not relate to the actual age of the participant, but they are often young and inexperienced. It is anyone who lacks the ability to write their own sophisticated programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Scammers

A

Trying to cheat you by offering goods or opportunities to make some quick money. Scams often come via emails and are activated once clicked on. E.G. ‘click here to try the free trial of XXX’ to register pay £1 that will be refunded. The link will not work and you will not be refunded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vulnerability Broker

A

Several companies make money by either finding program bugs themselves or buying them from researchers of hackers to sell the information on – not to the company who created the program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Phishers

A

Gain access to your personal details (passwords, bank account numbers, NI) normally an email is sent from your e.g. bank or Paypal asking you to click the link and log in. The link takes you to a webpage that looks like ‘Paypal’ but is fake. If data is entered then it will provide access to the phishers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cyber Terrorists

A

Use of computer systems to cause fear or intimidation in society through destruction of or damage to people, property and systems.

17
Q

Motivations for hackers

A
  • Espionage
  • Righting perceived wrongs
  • Publicity
  • Fraud
  • Score settling
  • Public good
  • Thrill
  • Income generation
18
Q

Targets for Cyber

A
  • People
  • Organisations
  • Equipment
  • Information
19
Q

Money Laundering

A

The process by which criminals hide the origin if the proceeds of their crime, by transferring money through different bank accounts and countries to make it look as if it comes from a legal source

20
Q

Data Mining

A

The process of using special software to look at large amounts of computer data in order to find out useful information, for example what types of product a company’s customers buy

21
Q

Cyber enabled crime

A

which can only be committed by using a computer, computer network or other form of Information Communication Technology (ICT). They are primarily acts directed against computers or network resources and are typically offences under the Computer Misuse Act (CMA)

22
Q

Cyber Dependent crime

A

Offences that can only be committed using a computer, computer networks or other form of information communications technology (ICT). These acts include the spread of viruses or other malware, hacking and distributed denial of service (DDoS) attacks.

23
Q

Encryption

A

turning data and information into a format which can only be read by someone with the key.

24
Q

Symmetric Key

A

where the encryption and decryption codes are the same

25
Q

Asymmetric or public key

A

Where the encryption key is available to anyone to use and encrypt data but only the person who receives the message receives the decryption key.

26
Q

Surveillance of networks

A

Traffic on the network is monitored if irregularities are found an alert is issued.

27
Q

Operational Controls

A
  • Encryption

* Surveillance of networks

28
Q

Patch Deployment

A

The planned installation of software updates to fix bugs or any reported issues. This is needed to be planned in business as it may cause down time to specific systems.

29
Q

Manual Vulnerabilities protection

A

For a small network rather than used automated tools, a technician or network manager will take steps required to remove or reduce vulnerability.

30
Q

Automated Tools

A

Remediation tools which engage managers to prioritise risk so they can decide what vulnerabilities can be fixed and when.

31
Q

Vulnerability Cycle

A

Disover > Prioritise Assets > Assess > Report > Remediate > Verify > Discover

32
Q

Assets in Business

A

Hardware
Software
Communications Equipment
Information / Data

33
Q

Cost/Benefits

A

There are varying costs to keeping cyber security up to date, it varies with each asset.

34
Q

Testing and monitoring measures

A

IDS + IPS

35
Q

Intrusion Prevention Systems

A

Devices or programs that detect attempts and intrusion and protect them. These systems can be hardware or installed software. It creates alerts and logs attempts of intrusion to the network, it also can BLOCK attempts.

36
Q

Intrusion Detection Systems

A

Devices or programs that are designed to expose any attempts by attackers for attempts on the network.