Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Course 001 - Foundations of Cybersecurity > Module 3 - 01-2 > Flashcards

Module 3 - 01-2 Flashcards

Ethics in Cybersecurity

1
Q

Define Security Ethics

A

Guidelines for making appropriate decisions as a security professional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain Ethics as a security professional

A
  • Ethically, as a security professional, your job is to remain unbiased and maintain security and confidentiality.
  • Your responsibility and obligation is to adhere to the policies and protocols you’ve been trained to follow.
  • Security teams are entrusted with greater access to data and information than other employees.
  • Security professionals must respect that privilege and act ethically at all times.
  • You should never abuse the access you’ve been granted and entrusted with.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some Ethical Principles (3)?

A

1) Confidentiality ;
2) Privacy Protections ;
3) Laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Confidentiality

A

Only authorized users can access specific assets or data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does Confidentiality apply to ethics?

A
  • As a security professional, you’ll encounter proprietary or private information, such as PII. It’s your ethical duty to keep that information confidential and safe.
  • There needs to be a high level of respect for privacy to safeguard private assets and data.
  • Ethical violation can result in serious consequences, including reprimands, the loss of your professional reputation, and legal repercussions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Privacy Protection

A

Safeguarding personal information from unauthorized use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does Privacy Protection apply to ethics?

A

As a security analyst, your role is to follow the policies and procedures set by your company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Law

A

Rules that are recognized by a community and enforced by a governing entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does Law apply to ethics?

A

As a security professional, you will have an ethical obligation to protect your organization, its internal infrastructure, and the people involved with the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How to apply Law to Ethics (4)

A
  • You must remain unbiased and conduct your work honestly, responsibly, and with the highest respect for the law.
  • Be transparent and just, and rely on evidence.
  • Ensure that you are consistently invested in the work you are doing, so you can appropriately and ethically address issues that arise.
  • Stay informed and strive to advance your skills, so you can contribute to the betterment of the cyber landscape.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False?
In the U.S., deploying a counterattack on a threat actor is illegal?

A

True

  • In the U.S., deploying a counterattack on a threat actor is illegal because of laws like the Computer Fraud and Abuse Act of 1986 and the Cybersecurity Information Sharing Act of 2015, among others.
  • You can only defend.
  • The act of counterattacking in the U.S. is perceived as an act of vigilantism.
  • Only individuals in the U.S. who are allowed to counterattack are approved employees of the federal government or military personnel.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Vigilante

A

A person who is not a member of law enforcement who decides to stop a crime on their own

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Hacktivist

A

A person who uses hacking to achieve a political goal.
The political goal may be to promote social change or civil disobedience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does ICJ stand for?

A

The International Court of Justice (ICJ)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are ICJ’s standpoint on counterattacks (4)?

A

A person or group can counterattack if:
* The counterattack will only affect the party that attacked first.
* The counterattack is a direct communication asking the initial attacker to stop.
* The counterattack does not escalate the situation.
* The counterattack effects can be reversed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Scenario:
You work for a hospital as a security analyst.
One day, you log into your work computer and see a ransom note displayed on your screen. Access to files and applications is locked.
You realize this is a ransomware attack.

Response:
* Initiate a counter-attack
* Use a self-developed decryptor tool to stop the attack
* Immediately contact your supervisor
* Contact government agencies for assistance

A

Immediately contact your supervisor

Ethical principles dictate that you follow the law as well as the standards and procedures established by your organization.

17
Q

Scenario
A doctor you work with claims to have laptop performance issues, so you try to identify the problem.
As you’re working, you notice the doctor’s laptop has unsecured patient files visible on-screen instead of within the medical practice’s secure software.

Response:
* Immediately secure the patient files
* Submit a formal complaint to Health and Human Services
* Publicly shame the doctor for not following proper procedures
* Assume the doctor knows about the issue and do nothing

A

Immediately secure the patient files

Unsecured patient files violate compliance standards, legal security ethics, and HIPAA regulations.

18
Q

Scenario
You work for a medical device company as an entry-level security analyst.
Your supervisor has asked you to securely dispose of old developer laptops, and tells you they may contain PII (personally identifiable information).

Response:
* Take the laptops home and perform a factory reset
* Dispose of the laptops without properly erasing the data
* Store the laptops in an area designated for old equipment
* Remove the laptop hard drives and irreversibly erase all data

A

Remove the laptop hard drives and irreversibly erase all data

Ethical standards dictate that PII data must be properly removed from decommissioned devices.

19
Q

Scenario
You work as an entry-level analyst for a pharmaceutical company.
You receive SIEM tool alerts about unusual employee activity.
You check their account activity and observe them copying confidential files to an external folder linked to an unknown destination.

Response:
* Confront the user directly regarding non-compliance with internal ethical standards
* Tell your supervisor and take no other action
* Follow provided procedures to address the issue.
* Report the incident to the company’s security personnel

A

Follow provided procedures to address the issue.

The ethical response is to follow the organization’s procedures to address the issue and maintain confidentiality

20
Q

An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.

Privacy protections
Laws
Remaining unbiased
Confidentiality

A

Privacy protections
Laws
Confidentiality

This violates laws, confidentiality, and privacy protections.

21
Q

Privacy protection means safeguarding _____ from unauthorized use.

personal information
compliance processes
documentation
business networks

A

personal information

Privacy protection means safeguarding personal information from unauthorized use. Ensuring user permissions are correct helps prevent individuals from accessing protected information that they are not authorized to access.

22
Q

You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?

  • Request identification from your manager to ensure the text message is authentic; then, provide the birth date.
  • Respectfully decline, then remind your manager of the organization’s guidelines.
  • Give your manager the employee’s birth date; a party is a friendly gesture.
  • Ask your manager to provide proof of their inability to access the database.
A

Respectfully decline, then remind your manager of the organization’s guidelines.

You should respectfully decline and remind your manager of the organization’s guidelines. Your role as a security analyst is to follow the policies and procedures of your company.

23
Q

You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?

  • Escalate the situation by involving other organizations that have been targeted.
  • Target a specific hacktivist group as a warning to the others.
  • Conduct cyberattacks against each hacktivist group that claimed responsibility.
  • Improve the company’s defenses to help prevent future attacks.
A

Improve the company’s defenses to help prevent future attacks.

Defending against future attacks is the most ethical way to approach this situation. Counterattacks are illegal in the U.S. except for by approved employees of the federal government or military personnel.

Course 001 - Foundations of Cybersecurity (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions