LO4

Question 1

Cyber security

Answer 1

Consists of the processes, practices and technologies designed to protect networks computers, programs and data from attack damage or unauthorised access.

Question 2

An asset

Answer 2

An asset is any device, data, or perception that has value to an organisation

Question 3

The goal of cyber security

Answer 3

to protect assets

Question 4

Give one tangible asset and one intangible asset

Answer 4

A server is tangible
Reputation is intangible

Question 5

A cyber attack seeks to what

Answer 5

Damage, steal or destroy an asset.

Question 6

What does a threat have potential for

Answer 6

To harm an asset

Question 7

What is a vunerability

Answer 7

A vulnerability is a weakness in an asset or prevention measure which can be exploited in an attack

Question 8

If we have no vulnerabilities do we have any threats

Answer 8

no but this is unrealistic

Question 9

Prevention measures

Answer 9

A prevention measure aims to reduce the risk of an asset being exploited in an attack

Question 10

Does the prevention measure destroy a threat

Answer 10

The threat will still exist but the prevention measure may prevent it from ever happening

Question 11

Mitigation of risks meaning what

Answer 11

is reducing the risk of an attack happening or reducing its impact if it does

Question 12

What should you do with data once its purpose has run its course

Answer 12

Have it be securely destroyed

Question 13

securely destroyed data definition

Answer 13

The data cannot be retrieved

Question 14

How does a magnetic wipe destroy data

Answer 14

It destroys thew magnetic patterns which store the data, making them random and unreadable.

Question 15

Overwriting advantage + what it is

Answer 15

Allows the device to keep working as normal.

It involves replacing the data which is to be destroyed with random data instead.

Question 16

Morality

Answer 16

Morality generally refers to our personal view

Question 17

Ethics

Answer 17

Ethics generally come from a group or wider society

Question 18

Legalisation

Answer 18

Some immoral or unethical actions are punishable by law, some are not.

Question 19

Defamation of character

Answer 19

Someone says something untrue about you which causes serious damage to your reputation, it may be both immoral and unethical, and also illegal.

Question 20

What law is designed to protect intellectual property (IP) from being stolen

Answer 20

Copyrights, designs and patents Act of (1988)

Question 21

Copyrights, designs and patents Act of (1988)

Answer 21

What law is designed to protect intellectual property (IP) from being stolen

Question 22

Computer misuse act (1990)

Answer 22

Unauthorised access to a computer is illegal and can be punished

Question 23

It can punish and creating malware. Law

Answer 23

Computer misuse act (1990)

Question 24

What makes it illegal to access computer systems without permission

Answer 24

The CMA

Question 25

Health and safety at Work Act (1974)

Answer 25

Ensure employers make the work safe for employees

Question 26

Designed to protect personal data from misuse. Law

Answer 26

Data protection act

Question 27

Data protection act described

Answer 27

Designed to protect personal data from misuse. Law

Question 28

What could the DPA help us with

Answer 28

Especially sensitive data includes data related to bio metrics, health, political or religious beliefs

Question 29

4 principles the DPA implores

Answer 29

• Be fairly and lawfully processed
• Be processed for limited purposes
• Be adequate, relevant and not excessive
• Be accurate and up-to-date.
• Not be kept longer than is necessary

-Be processed in line with your rights

• Be kept secure
• Not be transferred to other countries outside of the European economic area that do not have adequate data protection

Question 30

When collecting information especially from a secondary research method you need to consider what factors

Answer 30

Who or what the source is

Their agenda or point of view
- which could cause bias

The timeliness and how recent it is

How accurate is it
- can I verify with a second source

Question 31

Difference between validity and reliability

Answer 31

Validity is how believable the information is.

Reliability refers to if it can be verified and/or the source has a reputation for accurate information

Question 32

A virus works how (3)

Answer 32

is a type of malware which inserts itself into other computer programs

When the host program is run, the virus code executes too

When this happens, the virus will replicate itself and spread

Question 33

What do you call something that does not require a host program

Answer 33

Stand alone

Question 34

Worms work how (3)

Answer 34

Is stand alone
Replicate very quickly
Network worms are the most common, which spread over networks and slow them down

Question 35

Trojan horse (4)

Answer 35

A Trojan horse is malware which is disguised as a useful program but actually contains malicious code

It make take months for a Trojan horse code to start to act maliciously

Most trojans can’t self-replicate

A trojan horse may provide a backdoor

Question 36

Spyware (1)

Answer 36

Collects information about you without your knowledge

Question 37

Adware (2)

Answer 37

Shows lots of advertisements to the user making the developer money, a lot of popups

Are not usually malicous

Question 38

Ransomware (3)

Answer 38

A ransom money is demanded for the release of something

Ransomware threatens to block access to files or release personal information unless a sum of money is paid

Often access is blocked by encrypting the files, and the ransoms are often demanded in a cryptocurrency

Question 39

Rootkits

Answer 39

are usually a collection of malware

A rootkit can be used by an attacker as a backdoor to remotely control a computer, or access its files

Rootkits often work at lower levels than other malware, infiltrating the OS or hardware drivers

This makes them hard to detect

Question 40

DoS

Answer 40

Denial of service attack seeks to overload a service by flooding a server with malicious requests

A DoS attack comes from once source often

Most servers can cope with a DoS attack, and that computers can be blocked from making requests

Question 41

A DDoS

Answer 41

is where the serve is flooded by requests from multiple sources

Question 42

Botnets

Answer 42

A bot is a type of malware which enables the attacker to control the computer remotely without the owners knowledge

A botnet is a network of all of the individual bots which the attacker can control

The attacker can use the botnet to launch attacks, like phishing emails and disinformation campaigns on social media

Question 43

Botnet used with a DDoS attack how and the effects of it (2)

Answer 43

A botnet can be used to launch a DDoS attack

Is much harder to block and more likely to overload the server

Question 44

Environmental vulnerabilities

Answer 44

Weaknesses related to the surroundings of a computer system, including the effect of external natural disasters

Question 45

Copyright designs and patents Act

Answer 45

• The act makes it illegal to copy a work without the owners permission

-The owner is the copyright holder

• Making unauthorised copies of a work is also illegal

Question 46

Three common ways the CD&P is broken

Answer 46

• Using software without the correct software licenses
• Downloading files from internet websites
• Copying music, DVDs, CDs and software.

Question 47

CMA ACT summary

Answer 47

• The Act aims to protect data and information held on computer systems
• The act does not stop hacking but makes it illegal to do this,
• Hackers that charged can face a prison sentence, a fine or both

Question 48

Social engineering

Answer 48

The act of manipulating humans so that they give up private information or their money (exploiting them as the weak point in the system)

Question 49

pretexting

Answer 49

Using an invented scenario to trick the victim into giving up information

Question 50

How is pretexting done

Answer 50

Usually involves the attacker impersonating someone else who may be real or made up

Question 51

Phishing

Answer 51

Disguising yourself as a trust worthy person or organisation to obtain personal information from a victim

Question 52

How is phishing often done

Answer 52

Usually done over email, and many emails will often be blindly sent

Question 53

Baiting

Answer 53

Involves tempting someone with an offer which is hiding the true consequences

Question 54

Quid pro quo

Answer 54

The attacker will offer something, like a favor in exchange for access to some personal information.

Question 55

Tailgating/piggybacking

Answer 55

When people are authorized are followed by an attacker to gain access to a secure area

Question 56

How may pretexting be used for tailgating

Answer 56

Pretexting might be used to make the tailgaiting less suspicous, like having a fake lanyard or pretending to lose keys

Question 57

Shoulder surfing

Answer 57

Directly observing a person entering their private information, often by looking over their shoulder

Question 58

Pharming

Answer 58

Creates a fake website which impersonates a trusted one

Victims are tricked to enter their information, thinking the website is real

Sophisticated pharming attacks involve redirecting the victim from the legitimate website to the fake website

Question 59

Hacking

Answer 59

Accessing computer systems without using the normal means of access

Question 60

Black hat hackers

Answer 60

Where they hack into systems with malicious intent to steal, exploit and sell data. This is illegal and unethical

Question 61

White hat hackers

Answer 61

Where they are given permission by companies to hack into systems to identify vulnerabilities this is legal and ethical

Question 62

Grey hat hackers

Answer 62

Where they hack into systems for fun or to troll this may be illegal and or unethical, depending on how malicious the hacker is being

Question 63

Environmental vulnerabilities

Answer 63

Weaknesses related to the surroundings of a computer system, including the effect of external natural disasters

Question 64

Physical vulnerabilities

Answer 64

Weaknesses related to how the physical computer systems can be interacted with in real life

Question 65

System vulnerabilities

Answer 65

Weaknesses related to the running if a computer system

Question 66

System vulnerabilities e.gs

Answer 66

Weak passwords can be easily guessed by brute force attack

insecure modems
A modem converts data so that it can be sent over a network. A design flaw in the modem might allow an attacker to intercept all of the data

Question 67

Impacts of a cyber security attack

Answer 67

Impacts of cyber security attacks consider the immediate effects on individuals and organisations

Question 68

Data theft

Answer 68

When a attacker extracts private data in an attack this is data theft

Question 69

Identity theft

Answer 69

If the data is personal information, then it is considered identity theft

Question 70

Fraud

Answer 70

If the hacker uses personal information it is considered fraud

Question 71

Data destruction

Answer 71

If an attacker permanently deleted data, this is called data destruction

Question 72

Data manipulation

Answer 72

is when an attacker indirectly changes data to meet their needs

Question 73

Data modification

Answer 73

Is an attacker directly changes data to meet their needs

Question 74

3 Consequences of a cyber attack

Answer 74

Loss

Disruption

Safety

Question 75

Cyber attack consequences
Loss:

Answer 75

loss: Financial, data, reputation

Disruption: operational, financial, commercial

Safety: Individuals, equipment, finance

Question 76

Loss impact of a cyber attack

Answer 76

Having none or less of both tangible and intangible assets following an attack

Question 77

consequences of cyber attack

Financial loss

Answer 77

Money may be stolen in attack,

fines may be imposed

may cost money to recover from the attack

Question 78

Loss of data

Answer 78

Data is often the most important asset an organisation has. Data may be destroyed or manipulated/modified to a point which can’t be recovered

Question 79

Loss of reputation

Answer 79

An organisations reputation is how they are perceived by the public. Good reputations are hard to grow but easy to destroy

Question 80

Operational disruption

Answer 80

The delay of responding and recovering from a cyber security attack may affect day to day business

Question 81

Financial disruption

Answer 81

A loss of customers can mean businesses have to restructure their financial commitments

Question 82

Commercial disruption

Answer 82

Businesses may not be able to sell their product or service for a period of time

Question 83

Cyber attack safety section e.gs

Answer 83

A cyber attack could target critical national infrastructure. like healthcare or power plants

Question 84

Equipment after cyber attack

Answer 84

Critical equipment could fail life support machines

Question 85

Finance

Answer 85

Individuals and business may be unable to access their money, and so can no longer pay for essentials, like food and rent

Question 86

A physical prevention measure is what

Answer 86

Protects the surroundings of a computer system

Question 87

A physical prevention measure e.gs

Answer 87

fingerprint
facial scan
iris
voice recognition

Question 88

A logical prevention measure

Answer 88

Protects the running of the computer system

Question 89

logical prevention measures e.gs

Answer 89

2fa

getting an antivirus which updates regular to mitigate against that updates malware

Question 90

Access rights

Answer 90

Are given to user accounts to determine what they can access

Question 91

Encryption

Answer 91

Encryption doesn’t stop unauthorized users intercepting the data but it stops them understanding it. Only the intended recipient and you can understand it because you have the recipient have the key

Question 92

read

Back ups need to be kept as secure as the primary source and should be kept separate from each-other

Answer 92

read

Back ups need to be kept as secure as the primary source and should be kept separate from each-othe

Question 93

Factors when doing secondary research you need to consider

Answer 93

Their agenda or point of view this may cause bias

The time of it how recent it is

How accurate it is are u able to verify with a second source

Question 94

Characteristics of information

Answer 94

Validity, reliability, bias

Question 95

Validity

Answer 95

This refers to how believable the information is

Question 96

Reliability

Answer 96

This refers to if it can be verified and the source has a reputation for accurate information

Question 97

Bias

Answer 97

Information is biased when the source is only giving one perspective or letting their agenda influence the information

Question 98

Consequences of a cyber attack
Disruption (OFC/ of course)

Answer 98

Disruption: operational, financial, commercial

Question 99

Consequences of a cyber attack
Safety: (Fie)

Answer 99

Safety: finance,individuals, equipment