PIC9-13

Question 1

IBM’s Resource Access Control Facility (RACF)

Answer 1

very powerful main mainframe security utility available before remote access era

Question 2

Cybercrime

Answer 2

criminal activity in which computers or computer networks are a tool, a target or a place of criminal activity

Question 3

Computers as targets of cybercrime

Answer 3

• information acquisition
• control the system without authorization or payment
• alter integrity of data
• interfere with system availability (hacking or denial of service)

Question 4

Computer as a storage device in cybercrime

Answer 4

use of computer as a passive storage medium

Question 5

Computers as communication tools in cybercrime

Answer 5

traditional crimes committed online, e.g.:
illegal sales of drugs and arms online

Question 6

Advanced fee fraud

Answer 6

promise of large sums of money if they provide relatively small payments upfront

Question 7

Bots

Answer 7

piece of malware that carries out certain actions on receiving a command

Question 8

DOS

Answer 8

denial of service attack

Question 9

Hack

Answer 9

unauthorised entry to a computer, network or website

Question 10

Phishing

Answer 10

trick to elicit confidential information

Question 11

Social engineering

Answer 11

use of social factors to persuade a victims to reveal information of give money

Question 12

Spam

Answer 12

bulk sending of emails ot other messages to users

commercial misuse

“black hat marketing”

Question 13

Malware

Answer 13

program covertly inserted into another program:
- destroy data
- run malicious programs
- compromise confidentiality, integrity or availability of system, data, applications

classified by method of spread and payload (actions).

Question 14

Trojan

Answer 14

malware that facilitates unauthorised access to system

Question 15

Rootkit

Answer 15

malware that enables access while hiding its presence

Question 16

Virus

Answer 16

malware that infects a host program and propagates

Question 17

Worm

Answer 17

Malware that does not need a host program to propagate. infects via network, usb stick, etc…)

Question 18

Zombie

Answer 18

Computer that has been compromised and is used to perform malicious tasks under remote control

Question 19

Ransomware

Answer 19

criminal activity where a victim is held to ransom by cybercriminals:
- hacker asks for money in exchange of removing a malware

Question 20

WannaCry

Answer 20

Ransomware attack to NHS in 2017 targeting Windows computers

Question 21

Virus components

Answer 21

• infection mechanism
• trigger
• payload

Question 22

Virus lifetime phases

Answer 22

• dormant
• propagation
• triggering
• execution

Question 23

Cross site request forgery

Answer 23

sea surf

third party cookie setting, usually without the user being aware of it

Question 24

Cloaking

Answer 24

SEO technique in which the content presented to the search engine spider is different to that presented to the user browser

Question 25

Advanced Persistent Threat

Answer 25

• usually part of state security
• systematic and repeated cybercrime
• political or economic motivation

Question 26

Sandworm

Answer 26

Russian Advanced Persistent Threat group responsible for hacker attack to Ukraine power grid in 2017

Question 27

Stuxnet

Answer 27

Advanced Persistent Threat Attack to Iran’s nuclear plant

Question 28

Computer Misuse Act 1990

Answer 28

Offences:
- Unauthorised access to computer material
- Unauthorised access with intent of further offences
- Unauthorised modification of computer material

Question 29

EU Directive on Security of Network and Information Systems (2016)

Answer 29

first EU rules on cybersecurity

• improved cybersecurity capabilities
• increased EU-level cooperation
• risk management

Question 30

Challenges in combatting cybercrime

Answer 30

• technology evolves fast and legislation becomes out of date
• malware evolved quickly
• individuals poor security practice
• Limitation of legislations on
  cybercrime coming from abroad
• difficulty to link anti-cybercrime initiatives across jurisdictions
• complexity of tech
• cooperation of law enforcement agencies internationally
• low investment in preventive tech
• unreported cybercrime to avoid bad publicity and liability

Question 31

Digital Forensic Evidence

Answer 31

• evidence that results from digital investigation
• must be preserved
• used for trials
• investigation should not modify the state of the computer

Question 32

IS contracts

Answer 32

• build bespoke software
• licence agreement
• consulting
• outsourcing

Question 33

Fixed Price contract

Answer 33

• fixed amount agreed for the complete work
• supplier takes most of the risk
• functional specs and change control very important

Question 34

Time and materials contract

Answer 34

• Payment based on hours of work and expenses
• More typical for consultancy than software development
• Risks shared between client and supplier

Question 35

Typical software contract structure

Answer 35

• Short agreement
• Standard terms and conditions
• Schedules or annexes (Statement of Work)

Question 36

Bespoke Software Contract - Schedule of Work

Answer 36

• parties and context agreement
• deliverables definition
• who will do what
• timescales
• payment schedules
• User Acceptance Testing definition
• Change control definitions
• Exclusions

Question 37

Bespoke Software Contract - Governance

Answer 37

• Design and delivery methodology
• QA methods
• Meetings and reporting
• Project managers and client contracts
• Escalation procedures

Question 38

Bespoke Software Contract - Deliverables

Answer 38

• usually an installed system
• documentation and code
• design, testing, training

Question 39

Bespoke Software Contract – Requirements and Change Control

Answer 39

• Functional Specs or Prioritised Requirements List
• Non-functional requirements: performance, security, availability
• Change control mechanism

Question 40

Bespoke Software Contract - Ownership

Answer 40

• Contract should state legal rights of parties at the end of project
• Intellectual property usually assigned to the client
• Exception for open source or proprietary software used in the solution
• IP for specific methodology/process used in development retained by the supplier

Question 41

Bespoke Software Contract - Confidentiality

Answer 41

• may include NDA
• may include clauses on promotional purposes

Question 42

Bespoke Software Contract - Payment

Answer 42

• Typically within 30 days of invoice
• termination or surcharge upon delay
• staged payment usual

Question 43

Bespoke Software Contract - Penalties

Answer 43

• may specify penalty charges for delay on delivery schedule
• suppliers often inflate costs to cover for potential penalty costs
• serious delays can lead supplier to walk away
• over-runs reduce profit margins
• clients can fail to meet obligations on time
• extra charges usually agreed at progress meetings. Disagreements lead to legal disputes

Question 44

Bespoke Software Contract – Customer Obligations

Answer 44

• documentation of project activities
• access to relevant staff
• machine facilities, network links, etc.
• on site facilities and support
• timely sign-off of deliverables
• specs and execution of user acceptance tests

Question 45

Bespoke Software Contract – Acceptance and Warranty

Answer 45

• usually defined at the outset
• client should provide fixed set of UAT and expected results from the start. can’t add test later
• warranty period usually 90 days, within which errors corrected free of charge
• subsequent maintenance on a time and material basis

Question 46

Bespoke Software Contract – Other Clauses

Answer 46

• indemnity of parties against liability of for infringing third party rights
• termination rules set in advance
• arbitration decisions
• applicable law citation

Question 47

IT consultancy contact

Answer 47

• Contact Hire involves supplying staff to client
• consultancy involves to assignment to complete a specific engagement
• contracts terms can be similar to bespoke contracts
• delivery is often a report or presentation
• payment usually on time and material

Question 48

IT Outsourcing contract

Answer 48

• services to be provided
• SLA
• Payments
• demarcation of responsibilities between client and supplier
• may involve transfer of staff and assets from client to supplier
• specify termination conditions

Question 49

Why defects occurr

Answer 49

• complexity of systems
• subsystems come from different suppliers

Question 50

number of software defects in code

Answer 50

15-50 errors per 1000 lives of code (defects/KLOC)

Microsoft:
- 10-20 defects/KLOC in-house testing
- 0.5 defects/KLOC in production

Question 51

Types of software defects

Answer 51

• functionality fail
• performance fail
• incompatibility
• difficulty to maintain
• hidden bugs

Question 52

Impact of software defects

Answer 52

• can be life threatening
• can present security risks
• can have large economic implications

Question 53

Liability for software failure

Answer 53

topics of discussion:
- increased liability stifles software products?
- increased liability discourage development in high risk fields?
- programmers subject to malpractice suits?
- should IS professionals be obliged to buy professional indemnity insurance?

Question 54

Legislation for software defects

Answer 54

Under UK/EU law, software is categories as a product

Question 55

Consumer Rights Act 2015

Answer 55

• give rights to a repair or replacement of digital products
• first time consumers have rights for digital content (films, games, music)

Question 56

Limitation to liability for computer software

Answer 56

• contracts may contain clauses limiting liability for defective software
• floodgate risk: if software is faulty, it can lead to u limited liability through widespread use

Question 57

Liability for AI

Answer 57

proposed by EU

assigns application of AI to three risk categories:

• applications that create unacceptable risk are banned (social scoring of the type used in China)
• high-risk applications like cv scanner are subject to specific legal requirements
• non banned nor high risk apps are left unregulated

Question 58

Open source software - limit of liability

Answer 58

developer not liable for any damage, except when someone is hurt or killed

Question 59

Intellectual Property

Answer 59

• creative works, inventions and commercial goodwill
• has value
• intangible
• can be stolen
• law for protecting it is different from physical property

Question 60

Why do we need protection fo Intellectual Propery

Answer 60

• reward creators
• allow creators to control use
• to encourage creativity

Question 61

Intellectual Property Rights

Answer 61

• IPO (Intellectual Property Officer) in UK
• Copyright (protects creative work)
• Patent (protects inventions)
• Trademark (protects product names, logos, symbols)

Question 62

Copyright

Answer 62

• work must be original
• Idea must be expressed

Question 63

Copyright - international applications

Answer 63

• Berne Convention (basic definition of copyright
• World Trade Organisation
• World International Property Office (digital environment)

Question 64

EU and UK legislations

Answer 64

EU various directives
- term (duration)
- infosoc (online, e.g.: downloads)
- software
- database

UK Copyright, Design and Patents Act 1998

Question 65

Rights of Copyright Owner

Answer 65

• Give copies of work to public
• Give permissions to make copies
• Give permissions to adapt a work
• Make variations or derivatives of a work
• Sell or licence rights

Question 66

Duration of Copyright

Answer 66

• 70 years after death of last author (principal autor, director, composer for film)
• radio: 50 years after first broadcast
• Crown: 125 after work created

Question 67

Fair Dealing (exceptions, Infosoc)

Answer 67

include:

• Research
• criticism, review, quotation, news reporting
• caricature, parody
• teaching
• library, archives, museums can make copies

Question 68

EU Directive 2019 (DSM Copyright Directive)

Answer 68

• access subscriptions across borders
• improves rules on research, education and inclusion of disabled people
• sustainable marketplace for content creators and press

Question 69

Software and Copyright

Answer 69

• In most countries software is protected as literary work. Includes source code, object code
• non-literal elements are not protected: UI, calculations, functions

Question 70

Software copyrights - Author

Answer 70

• in a company, the employer owns the copyright
• independent contractors can pass copyrights to employer in formal agreement
• author can assign copyright to third parties

Question 71

Software Copyright - commercial software

Answer 71

• customer buys licence to use, not the actual software
• owner retains copyright
• tailor made software: fist owner is the creator
• customer gets the copyright
• except for elements that are proprietary, open source or belong to third party

Question 72

Software copyright - rights of others

Answer 72

• can’t prevent other to come up with the same code without copying
• legal to keep a back-up copy
• legal to decompile to find errors or determine interface

Question 73

Open Source

Answer 73

• free in terms of freedom, not price
• Open Source Initiative: motivation is reliability and flexibility
• Free Software Foundation: freedom for computer users
• allow to:
  Study and modify program
  Redistribute copies
  Distribute modified versions

Question 74

Copyleft

Answer 74

method for making a program free and requiring all modified and extended versions to be free as well

Question 75

Database directive

Answer 75

• Database is defined as a collection of independent work arranged in a systematically way
• rights apply if there has been a substantial investment in obtaining, verifying or presenting the content
• rights last 15 years
• rights allow creators to prohibit extraction and re-use of content
• applies to extraction of substantial quantities