Managing IS/IT Security Behaviour

Question 1

Identity theft

Answer 1

Identity theft is a form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or obtain credit and other benefits in that person’s name. The victim can suffer adverse consequences if they are held accountable for the perpetrator’s actions.

Question 2

Internet troll

Answer 2

Someone who posts inflammatory, extraneous, or off-topic messages in an online community, such as a forum, chat room, or blog, with the primary intent of provoking readers into an emotional response or of otherwise disrupting normal on-topic discussion.

Question 3

commercial computer security breach?

Answer 3

A commercial computer security breach is a security incident in which sensitive, protected or confidential data/information is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so. This may involve financial information such as credit card or bank details.

Question 4

Two types of security control

Answer 4

Physical

Logical

Question 5

Physical

Answer 5

Physical security control (e.g. restrict access to the computer room, locks, alarms, guards)

Question 6

Logical

Answer 6

Logical security control (e.g. control access to data through passwords, control access to networks with firewalls, protect data from malicious damage with virus protection)

Question 7

How can transactions, that must be secure, be conducted over an insecure network like the Internet?

Answer 7

Authentication
Authorisation
Verification
Encryption
Malicious Attacks

Question 8

Authentication

Answer 8

The process by which a person accessing a system proves who they are
A strong authentication protocol usually requires two means of identification (e.g. password + security token)

Question 9

Good password practice

Answer 9

Use passwords that are:

Easy to remember BUT Hard to guess

Question 10

Security token

Answer 10

e.g. A small electronic device that displays numbers on a small screen (e-banking devices)
The number changes periodically, the sequence of which is only known to the authenticating server
These may also be combined with biometric data (e.g. the user’s fingerprint)

Question 11

Authorisation

Answer 11

Processes whereby a person gains access only to the resources they are entitled to use:
Can be achieved with:
Access control lists
Computer system permissions

Question 12

Verification

Answer 12

Processes to ensure data is not changed without authorisation

Question 13

Encryption

Answer 13

Protection against unauthorised invasion/interception

Encryption systems
Symmetric (Shared) Key Encryption
e.g. The Advance Encryption Standard (AES)

Public Key Encryption
Private key decryption

Question 14

Malicious attacks

Answer 14

Denial of service

Malicious damage (Viruses, hackers)

Question 15

Denial of service

Answer 15

Activities that deny authenticated users access to resources to which they should have authorised access

Question 16

Malicious damage

Answer 16

Virus: A program that infects other programs and is designed to cause damage to the computer system when activated
Hacker: A person who spends time learning and using computer systems with ill intent
Protection:
Virus protection systems
Network firewalls

Question 17

Viruses

Answer 17

A Computer Virus is a man-made program designed
to damage your data and software
reproduce itself, slowly growing and spreading, usually without the knowledge of the computer user

Question 18

Protecting against viruses

Answer 18

Backup data on a regular basis
Increase use of write-protect functionality on external storage devices
Avoid use of software/computer games from bulletin board services
Be cautious about who you share software with
MOST IMPORTANT: Install anti-viral software (and update this on a regular basis)

Question 19

Most computer security systems are based on a two-step process – authentication and authorisation. Which of the following statements best explains the difference between Authentication and Authorization?

Answer 19

The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on their identity

Question 20

Recovery Measures: Backup

Answer 20

What should you back up?
Data always
Software sometimes
Back up generations of files
Backups should be regular and automated
Tape, Disk/USB Drive, Another computer
File server, Zip disk, Removable hard disks
Back up off-site

Question 21

How to formulate an organisational security plan

Answer 21

Identify the threats to which your organisation is exposed IDENTIFY

Assess the probability of each particular threat occurring, and the consequences which would result from its occurrence PROBABILITY

Select countermeasures, usually on the basis of cost-effectiveness COUNTERMEASURES

Draw-up contingency measures to deal with events which do occur CONTINGENCY

Monitor, and periodically review, these arrangements
MONITOR

Question 22

How does identity theft occur

Answer 22

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.