Security Flashcards
Explain the principles of data security and control
Confidentiality: Ensuring that data is accessible only to authorized individuals.
Integrity: Maintaining the accuracy, completeness, and consistency of data over its entire lifecycle.
Availability: Ensuring that data is readily available to authorized users when needed.
What are the common security threats to computer systems and data?
Malware (viruses, worms, Trojans).
Phishing and social engineering.
Denial of Service (DoS) attacks.
Unauthorized access.
Physical threats (theft, damage).
Describe different types of malware and their impacts
Viruses: Attach to files and spread between systems, causing damage or data loss.
Worms: Self-replicate and spread without user interaction, often causing network congestion.
Trojans: Disguise as legitimate software to trick users into installing them, leading to data theft or system control.
Spyware: Secretly monitors user activity and collects sensitive information.
Ransomware: Encrypts data and demands a ransom for its release.
What are the control measures to mitigate security threats like phishing and social engineering?
Educate users about recognizing phishing attempts and social engineering tactics.
Implement email filters to detect and block suspicious messages.
Use multi-factor authentication to verify user identity.
Regularly update and patch systems to fix vulnerabilities.
Define and provide examples of different types of computer crimes.
Hacking: Unauthorized access to computer systems (e.g., breaking into a company’s network).
Cyberstalking: Using technology to harass or intimidate individuals (e.g., repeated threatening emails).
Cyber Theft: Stealing data or financial information (e.g., identity theft).
Cyber Terrorism: Using technology to cause disruption for ideological purposes (e.g., attacking critical infrastructure).
Cyber Espionage: Stealing trade secrets or classified information through digital means.
How can firewalls and intrusion detection/prevention systems help in detecting and protecting against computer crimes?
firewalls: Monitor and control incoming and outgoing network traffic based on predetermined security rules.
Intrusion Detection/Prevention Systems (IDS/IPS): Detect and respond to security threats, often by monitoring network traffic for suspicious activity.
Explain the role of penetration testing and incident response planning in cybersecurity.
Penetration Testing: Simulates cyber-attacks to identify and address vulnerabilities in systems and networks.
Incident Response Planning: Develops procedures to respond to and recover from security incidents, minimizing damage and restoring normal operations quickly.
What are the key laws and regulations governing the protection of ICT and data?
Data Protection Laws: Regulate the processing and protection of personal data (e.g., GDPR).
Cybercrime Laws: Criminalize illegal activities related to computer systems and data (e.g., Computer Fraud and Abuse Act).
Intellectual Property Laws: Protect copyrights, trademarks, and patents in the digital realm.
Privacy Laws: Safeguard individuals’ privacy rights in the digital age.
Cybersecurity Laws: Establish standards and guidelines for securing critical infrastructure and systems.
How do data protection laws regulate the processing and protection of personal data?
Regulation: Data protection laws mandate that personal data must be processed lawfully, fairly, and transparently. They require organizations to implement appropriate security measures to protect data, obtain consent for data processing, and allow individuals to access and control their data.
Discuss the importance of cybersecurity laws in securing critical infrastructure and systems.
Importance: Cybersecurity laws establish standards and guidelines for protecting critical infrastructure (e.g., power grids, financial systems) and ensuring the resilience of information systems against cyber threats. These laws help mitigate risks, protect national security, and ensure the continuity of essential services.
Name five types of malware.
Viruses, worms, Trojans, spyware, ransomware.
How can you protect against phishing and social engineering?
Educate users, implement email filters, verify identity.
How can you protect against DoS Denial of Service (DoS) Attacks attacks?
Use intrusion detection/prevention systems, load balancing, redundancy.
How can you protect against unauthorized access?
Implement strong authentication mechanisms, access controls, and audit logs
How can you protect against physical threats?
Use locks, surveillance, access control systems, and environmental controls
What is hacking?
Unauthorized access to computer systems or networks.
