Revise terms

Question 1

What does the term “Availability of data” mean?

Answer 1

This is about making sure that data is available when it is needed. Ideally the data will have a 100% availability at the times when it will be needed.

Question 2

What does the term “Cyber Security” mean?

Answer 2

Cyber security is the processes, practices and technologies which are designed to protect networks, computers, programs and data/information from attack, damage or unauthorised access.

Question 3

What does the term “Denial of Service” mean?

Answer 3

An attempt to disrupt a network/business/organisation by issuing more requests than a system is able to cope with, it can be performed with malicious intent or as a protest.

Question 4

What is the difference between cyber- criminals

and cyber terrorists?

Answer 4

A cyber criminal is an individual who commits illegal activities using computers and the Internet.

A cyber terrorist is person who uses computers and the Internet to cause deliberate fear and disruption for political reasons.

Question 5

What is a hacker?

Answer 5

A hacker is a person who gains unauthorised access to a computer system/network, for any reason – good or bad.

Question 6

What is a phisher?

Answer 6

A phisher is an individual that attempts to acquire personal information, often for malicious reasons, such as fraud, by pretending to be a known and
trusted individual or organisation.

Question 7

What is a scammer?

Answer 7

A scammer is someone who uses existing computer scripts or codes to hack into computer systems. They do not have the expertise to write their own code.

Question 8

What does the term “Encryption” mean?

Answer 8

A method that is used to attempt to ensure data security by use of encrypted (secret) code. In order to read the contents of an encrypted message or file, someone must have access to a secret key or password that will enable them to decrypt the message or file.

Question 9

What does the term “impacts of a cyber security incident” mean?

Answer 9

This is the effect that a cyber-attack could have on an individual or organisation. For a business it could mean that customers lose confidence and stop using that business. For individuals it might mean they lose money, if access is gained to their bank account.

Question 10

Describe the importance of cyber security

Answer 10

Cyber security has become an essential part of overall security. It affects individuals, as well as businesses, governments and other organisations. As the use of the internet for communication and data transfer increases, the opportunities for cyber criminals to illegally access data grows. This is why cyber security is so important.

Question 11

What does the term “Integrity of information” mean?

Answer 11

This is all about preventing data from being deleted or modified, so that it will be safely stored for as long as needed.

Question 12

What does the term “Logical protection measures” mean?

Answer 12

These are computer based protections that only exist within IT systems. These are things like antivirus applications, firewalls (hardware and software), encryption, strong passwords, etc.

Question 13

What does the term “Physical protection measures” mean?

Answer 13

These are things that you can physically see and touch: lockable cupboards, key coded locks on doors, fingerprint readers, fire and flood protection methods etc.

Question 14

What does the term “Risk” mean?

Answer 14

A threat to a computer system/network can result in a risk, for example, if a hacker gains access to a person’s computer, there is a risk that data will
be stolen.

Question 15

What does the term “Vulnerabilities” mean?

Answer 15

These are potential weak points in security measures. By knowing what the vulnerabilities of an IT system are, it makes improving cyber security more straightforward.

Question 16

What can Malware affect?

Answer 16

Malware can affect all types of devices, running all types of operating systems

Question 17

Why do people attack IT systems? (List at least 3 reasons)

Answer 17

Show off abilities
Thrill/Adrenaline
As a challenge
Bragging
Identify security breaches
Idealism
Financial gain
Intentions of terrorism
Government/Militant orders

Question 18

What does the term “Malware” mean?

Answer 18

It is malicious software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Question 19

List three different types of malware.

Answer 19

Virus
Adware
Rootkit
Spyware
Ransomware
Trojan Horse
Remote access
Worm
Keylogger

Question 20

What does the malware term “Virus” mean?

Answer 20

A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions. It can self-replicate, inserting itself onto other programs or files, infecting them in the process.

Question 21

What does the malware term “Rootkit” mean?

Answer 21

A set of software tools that enable an unauthorised user to gain control of a computer system without being detected.

Question 22

What does the malware term “Adware” mean?

Answer 22

It is software used by a hacker to gain constant administrator-level access to a computer or network

Question 23

What does the malware term “Spyware” mean?

Answer 23

It is software designed to ‘spy’ on the computer. It can capture information like Web browsing habits, e-mail messages, usernames and passwords, and credit card information.

Question 24

What does the malware term “Ransomware” mean?

Answer 24

It is software designed to hold the computer’s data hostage until a ransom fee has been paid. Often introduced to the computer via a worm or trojan.

Question 25

What does the malware term “Trojan Horse” mean?

Answer 25

It is a type of malware that is often disguised as legitimate software. For example, a virus that looks like an excel spreadsheet.

Question 26

What does the malware term “Remote Access” mean?

Answer 26

A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. This is usually downloaded with a requested file (like a game)

Question 27

What does the malware term “Worm” mean?

Answer 27

It is a standalone malware computer program that replicates itself in order to spread to other computers

Question 28

What does the malware term “Keylogger” mean?

Answer 28

It is a program that records the keystrokes on a computer

Question 29

What does DDOS stand for?

Answer 29

Distributed Denial of Service attack

Question 30

What does a DDOS do?

Answer 30

It is an electronic attack whereby multiple computers send messages to a server with the intention of overwhelming it by rendering it inaccessible for a time.

Question 31

What is a botnet or zombie network?

Answer 31

It is a number of Internet-connected devices (usually infected with a virus) used to attack a website or server through a DDOS

Question 32

What does the term “Social Engineering” mean?

Answer 32

It is the art of manipulating people so they give up confidential information.

It is gaining unauthorised access or obtaining confidential information by taking advantage of the trusting human nature of victims

Question 33

What does the term “blagging” mean?

Answer 33

It is the act of creating an invented scenario to target a victim into performance actions under the pretence of threat

Question 34

What does the term “shouldering” mean?

Answer 34

It is observing people’s private information over their shoulder, for example: at an ATM

Question 35

What does the term “pharming” mean?

Answer 35

It is scamming where malicious code is installed on a client and users are misdirected to fraudulent websites without knowledge / consent

Question 36

What does the term “Data Destruction” mean?

Answer 36

When data has been deleted without authorisation. Usually as a result of a cyber attack.

Question 37

What types of personal data could be stolen during a phishing attack?

Answer 37

Bank Account Details
Date of Birth
Credit / Debit card details

Question 38

What is the purpose of cyber security?

Answer 38

1) To protect information and data
2) to keep information and data confidential
3) to maintain the integrity of information and data
4) to maintain the availability of information and data

Question 39

Describe the importance of cyber security.

Answer 39

1) the need to protect personal data
2) the need to protect an organisations data
3) the need to stay safe online

Question 40

Who are the targets for cyber security attacks?

Answer 40

1) individuals
2) data / information
equipment
organisations

Question 41

What are the types of cyber security incidents?

Answer 41

1) data destruction
2) data manipulation
3) data modification
4) data theft

Question 42

Name the different types of attackers in cyber security incidents.

Answer 42

1) cyber criminals
2) cyber terrorists
3) hackers
4) phishers
5) scammers

Question 43

What are the motivations behind cyber security attacks?

Answer 43

1) financial gain
2) publicity
3) fraud
4) espionage

Question 44

What laws are involved in cyber security?

Answer 44

1) The Data Protection Act 1998

2) The Computer Misuse Act 1990

Question 45

What are the cyber security issues related with fraudulent websites?

Answer 45

1) Stealing personal data - potentially identity theft
2) introduction of malware to the network
3) potential for future spamming

Question 46

What occurs during identity theft?

Answer 46

Identity theft is when a person’s personal details are stolen, and can happen whether that person is alive or dead.
Fraudsters can use your identity details to:

1) open a bank account
2) obtain credit cards, loans and state benefits
3) order goods in your name
4) take over your existing accounts
5) take out a mobile phone contract
6) obtain genuine documents, such as passports and driving licences, in your name.

Question 47

How to protect against identity theft.

Answer 47

1) Do not respond to a request from your bank for your entire PIN or password
2) Create strong passwords for use online, and don’t use the same one for every website you log in to.
3) Protect your internet-connected devices with up-to-date security software, and make sure you install all official software updates and security fixes on such devices.
4) Don’t throw out anything containing your name, address or financial details without shredding it.
5) If you move house, ask Royal Mail to redirect your post for at least a year.

Question 48

What are the difference between accidental and intentional cyber security threats? (Describe both)

Answer 48

1. accidental
   a. organisational i.e. downloading files from unauthorised websites
   b. individual i.e. responding to a fake email/clicking on a hyperlink
2. intentional
   a. organisational i.e. DoS through flooding it with useless traffic
   b. individual i.e. hacking into unsecured wireless internet

Question 49

What vulnerabilities can lead to a cyber security attack?

Answer 49

1) Environmental e.g. natural disasters like flooding
2) physical e.g. theft
3) systematic e.g. DoS, malware etc

Question 50

What are the impacts of a cyber security incident?

Answer 50

1) Loss - financial, data, reputation and intellectual property
2) Disruption - operational, financial and commercial
3) Safety - individuals, equipment and finances

Question 51

Describe the logical protection measure of access rights and permissions

Answer 51

These are the permissions an individual user or a computer application holds to read, write, modify, delete or otherwise access a computer file; change configurations or settings, or add or remove applications.

Question 52

Describe the logical protection measure of anti-virus software

Answer 52

It is software that is designed to detect and destroy computer viruses. It only works when it is run regularly and kept up to date.

Question 53

Describe the logical protection measure of authentication.

Answer 53

Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be

Question 54

Describe the logical protection measure of encryption.

Answer 54

It is the process of converting information or data into a code, especially to prevent unauthorised access by using a key.

Question 55

Describe the logical protection measure of firewalls

Answer 55

A firewall isolates your computer from the Internet using a “wall of code” that inspects each individual packet of data as it arrives at either side of the firewall — inbound to or outbound from your computer — to determine whether it should be allowed to pass or be blocked.

Firewalls need to be able to perform the following tasks:

Defend resources
Validate access
Manage and control network traffic
Record and report on events
Act as an intermediary

Question 56

Describe the logical protection measure of secure backups of data

Answer 56

Data backups that are secure against physical threats (fire, flooding etc) and logical threats (viruses) are essential to ensure that if the primary data has been affected by a cyber security attack, the business can carry on with a limited effect on operations.

Question 57

Describe the logical protection measure of token authentication

Answer 57

A web authentication technique that lets users enter their username and password once and receive a uniquely-generated encrypted token in exchange. This token is then used to access protected pages or resources instead of the login credentials for a designated period of time.

Question 58

Describe the logical protection measure of user name and password

Answer 58

Username is used to authenticate the user exists and has assigned access rights. The password ensures the correct user is accessing the account.

Question 59

Describe some emerging logical protection measures.

Answer 59

1) AI / Machine learning
2) Video Analytics
3) Biometric data

Question 60

Describe the methods for creating a safe password

Answer 60

1) Mixture of upper and lower case, numbers and special characters.
2) Enforce regular updates of passwords

Question 61

Describe eight physical protection measures

Answer 61

1) Biometric Access devices
2) Locks on doors
3) Device locks
4) RFID security badges
5) CCTV
6) Security guards
7) Disabling USB ports to prevent storage device usage
8) Lock all portable equipment to floors / walls

Question 62

Name three organisational policies or agreements relevant to cyber security.

Answer 62

1) Acceptable use policy
2) Clean desk Policy
3) Code of Conduct