study

Question 1

Define big data

Answer 1

Big data is data that contains greater variety arriving in increasing volumes and with ever-higher velocity.

Question 2

Define open data

Answer 2

Digital information licensed in a way available to anyone, with few stipulations.

Question 3

Define linked data

Answer 3

Structured data which is interlinked with other data to become more useful in semantic queries.

Question 4

Define digital inclusion

Answer 4

Everyone should be able to make full use of digital technologies and the benefits they bring, while avoiding their potential negative consequences.

Question 5

Define a digital threat

Answer 5

Either intentional or accidental activities compromising an information system’s security by breaching the CIA Triad.

Question 6

Explain Moore’s Law

Answer 6

A prediction made in 1965 by Gordon Moore, that computing power will double every 1.5-2 years, due to the doubling of the number of transistors in each chip.

Question 7

Is Moore’s Law expected to remain true in the near future? Why/ why not?

Answer 7

Likely not. The law is starting to plateau because not as many transistors can fit on the chip as needed. However, the law could become true again in the future with quantum computing.

Question 8

Who was Tim Berners Lee

Answer 8

Inventor of HTML and CSS who successfully advocated for open data

Question 9

Define data privacy

Answer 9

Principle that a person should have control over their personal data, including the ability to decide how organizations collect, store and use their data.

Question 10

What is the ‘C’ in the CIA Triad

Answer 10

Refers to protecting CONFIDENTIALITY. Breaches in confidentiality occur when an unauthorised person sees data during transit, and can lead to reputational damage and legal issues.

Question 11

What is the ‘I’ in the CIA Triad

Answer 11

Refers to maintaining INTEGRITY. Breaches in integrity occur when someone intercepts and maliciously modifies data. e.g. hacking

Question 12

What is the ‘A’ in the CIA Triad

Answer 12

Refers to assuring AVAILABILITY. Breaches in availability occur when someone interferes with transmission to prevent data form reaching final destination e.g. through DDoS.

Question 13

What is the purpose of malware

Answer 13

Malware is used to disrupt, disable and take control of digital applications through exploiting technical flaws.

Question 14

What are the three types of cyber threats?

Answer 14

Digital Threats, Human and insider threats, Physical and environmental threats,

Question 15

Explain the four types of Digital Threats

Answer 15

1. Cybersecurity (e.g. malware, phishing, data breaches etc.)
2. Technological (e.g. IoT vulnerabilities, weak encryption etc.)
3. Emerging tech (e.g. deepfakes, quantum computing etc.)
4. AI and Automation (e.g. Automated data processing, AI bias etc.)

Question 16

What are some countermeasures against digital threats

Answer 16

Countermeasures include:
- Use robust cybersecurity tools
- Regularly update software
- Apply security patches
- Implement strong encryption
- Stay informed

Question 17

Explain Human and Insider threats, giving examples of each

Answer 17

Human threats are posed by humans, and include social engineering and data theft. Insider threats are posed by people who are part of the organisation at risk e.g. malicious or negligent employees.

Question 18

What are some countermeasures to prevent Human and Insider threats?

Answer 18

• Sufficiently training employees (preventing human/ insider threats)
• Authorisation - employees only have access to the information they need
• Monitoring user activities, password policies etc.

Question 19

Explain Physical and Environmental threats, giving examples of each

Answer 19

Physical Threats are when the physical machinery fails (e.g. hardware failures, device theft, accidental damage, vandalism). Environmental threats are posed by the environment (e.g. natural disasters, dust and contaminants, temperature variations).

Question 20

What are some countermeasures against Human and Environmental threats?

Answer 20

• Secure physical access to data centers and storage facilities
  * Disaster recovery and backup solutions
  * Cloud-based data storage with redundancy for resilience

Question 21

What is personal data and why does it need to be protected

Answer 21

An information relating to an identified or identifiable person e.g. name, date of birth, email address, phone number, address, physical characteristics etc. This information needs to be protected, because if it is not crimes like identity theft are much more likely and easier to be committed.

Question 22

What is a DDoS attack

Answer 22

DDoS stands for Distributed Denial of Service. It is an online attack which involves hacking groups flooding systems to prevent them from working. This impacts the availability of data (CIA Triad)

Question 23

Explain the purpose of the 1998 Federal Privacy Act

Answer 23

Promoting individuals privacy with obligations about collecting and handling personal information.

Question 24

Who does the Federal Privacy Act apply to?

Answer 24

Any businesses with an annual turnover of $3 million +/year, any organisation that collect and handle personal or health information, media, politicians and some schools. You can opt in to follow the Act (even if not obligated to), to gain client trust.

Question 25

Encryption

Answer 25

The scrambling or changing of a message to hide original text. Converting plaintext to ciphertext.

Question 26

Decryption

Answer 26

Unscrambling cipher text to make it readable (plain text)

Question 27

Key

Answer 27

The way to decrypt a message only known by sender and receiver

Question 28

Random substitution encryption

Answer 28

A form of encryption where every letter in the message is shifted by a different amount. The key is usually 10 digits long.

Question 29

Symmetric encryption

Answer 29

A form of encryption where two parties agree on the key ahead of time (both sides have the same key). It is less secure, however faster to use.

Question 30

Conditionally Secure

Answer 30

Encryption schemes in which the cost of breaking the cipher exceeds the value of the information (e.g. time taken to decipher is longer than the time the information is relevant for).

Question 31

Unconditionally secure

Answer 31

When an encryption scheme is impossible to decrypt because the necessary information is not available to the cryptanalyst. There are currently no unconditionally secure encryption schemes.

Question 32

Brute-force attack

Answer 32

An attempt to hack an information system, where the attacker has not information, but attempts every possible combination key.

Question 33

Plain text

Answer 33

An original message

Question 34

Ciphertext

Answer 34

The coded message

Question 35

Cryptography

Answer 35

The area of study of the many schemes used for encryption

Question 36

Cryptographic system

Answer 36

A scheme e.g. Caesar’s cipher

Question 37

Cryptanalysis

Answer 37

Techniques used for deciphering a message without any knowledge of the enciphering details. Hacking ciphertext.

Question 38

Cryptology

Answer 38

The areas of cryptography and cryptanalysis

Question 39

Caesar’s Cipher

Answer 39

The first encryption scheme, where every letter in the original message is shifted by the same amount (the key is one number long)

Question 40

Asymmetric encryption

Answer 40

Uses two keys: a public key for encrypting messages and a private key for decrypting them. The public key is openly shared, while the private key remains confidential, ensuring that only the intended recipient can decrypt the message.

Question 41

Bits

Answer 41

Bits are binary digits, or combinations of eight 1 and 0’s to represent every caracter

Question 42

Byte

Answer 42

8 bits are a byte

Question 43

Data Encryption Standard (DES)

Answer 43

This is a symmetric encryption scheme which as surpassed (became insecure) in 2001. It was used by the US National Security Agency. Data was encrypted in 64-bit blocks using a 64-bit key.

After being surpassed, Triple DES was made where each block of data was encrypted 3 times, substantially slowing down the encryption process whilst increasing the security.

Question 44

Advanced Encryption Standard (AES)

Answer 44

The gold standard of symmetric encryption, made in 2001 involving multiple rounds of permutation, substitution and transposition. Each round has it’s own key and is encrypted in blocks of varying size i.e. 128, 192, 256 bits.

Question 45

Rivest-Shamir-Adleman (RSA)

Answer 45

Made in 1977, it is an extremely secure asymmetric encryption system using two massive prime numbers multiplied by each other.

Question 46

Monoalphabetic Ciphers

Answer 46

Substitution cipher where each letter in the plaintext is replaced by a corresponding letter in the cipher alphabet (which is jumbled). The key remains fixed, so every occurrence of a specific letter is consistently replaced with the same letter, making it more vulnerable to frequency analysis. e.g. basic scramble and Playfair cipher (using a grid with a special word then following letters)

Question 47

Polyalphabetic Ciphers

Answer 47

Uses multiple substitution alphabets to encode the message, making it harder to break with frequency analysis. Each letter in the plaintext may be substituted differently depending on its position or a key. e.g. Vigenère cipher (adding numerical values of word and cipher text)

Question 48

Transposition Cipher

Answer 48

A transposition cipher is an encryption method where the order of letters in the plaintext is rearranged according to a certain system to create the ciphertext, without altering the letters themselves. SYMMETRIC SYSTEM

Question 49

APP 1

Answer 49

Open and transparent management of personal information. To follow APP 1, organisations must provide users with a short privacy policy, written in English which is freely and easily available.

Question 50

APP 6

Answer 50

Regarding the use or disclosure of personal information - how businesses use information. Information must only be used/ disclosed for the purpose for which it was collected (primary purpose). This purpose must be listed in the privacy policy.

Question 51

APP 11

Answer 51

Regarding the security of information. Organisations must take reasonable steps to protect personal information they hold from misuse, interference and loss, or use against the CIA Triad by deleting/ de-identifying information that is no longer relevant/ useful.

Question 52

Vigenere Cipher

Answer 52

A polyalphabetic substitution symmetric cipher, where each letter has it’s own number and is shifted that number form the letter corresponding in the key. Fixes the double letter issue, so harder to decipher

Question 53

Playfair Cipher

Answer 53

A monoalphabetic symmetric cipher which is based on a 5x5 grid with a key word. Does not completely hide the structure of plaintext.

Question 54

Railfence cipher

Answer 54

Transposition cipher, using a grid and ascending/ descending diagonals. The depth of the grid is the encryption key.