Topic 5: Security policies

Question 1

Name three types of security threat.

Answer 1

Criminal vandalism/sabotage
Hacking or theft
White collar crime
Natural disasters (eg flooding) and fire
Accidents and errors
State-sponsored hacking
Politically-motivated attacks or data breaches
Terrorism

Question 2

What is hacking? Give an example.

Answer 2

Hacking is when an individual or criminal gang finds a way to break into a company’s ICT systems. They may steal customers’ information, especially their bank account details. Or hackers may use ransomware to encrypt a company’s files. They then demand the company pays a ransom to unencrypt the files.

Question 3

What is an example of white collar cybersecurity crime?

Answer 3

White collar cybersecurity crime is when an employee uses their access to ICT systems to steal information from their company, or misuses the network for criminal activity. For example, an employee in a bank might steal customers’ account details. Or they might sell confidential information to a rival company.

Question 4

Why are natural disasters a security threat?

Answer 4

A natural disaster such as flooding could damage a company’s data centre. The company could lose important information and would need to replace equipment.

Question 5

What is an example of a security threat due to misuse or accidents?

Answer 5

Common mistakes that employees make include accidentally deleting important data, or sending confidential information by email to the wrong people.

Question 6

What is state-sponsored hacking?

Answer 6

State-sponsored hacking is when a country uses its cybersecurity expertise to attack another country’s ICT, or a specific company that it doesn’t approve of.

Question 7

Give an example of state-sponsored hacking involving the entertainment industry.

Answer 7

When Sony Pictures launched a comedy film about the leader of North Korea in 2014, a hacker group allegedly backed by the government attacked Sony’s ICT systems. It posted on the Internet copies of their films and confidential emails about film stars. Sony initially withdrew the film, but later changed its mind.

Question 8

Give an example of state-sponsored hacking involving an industrial target.

Answer 8

Allegedly, the Stuxnet virus was created by the US and Israeli governments to attack Iran’s nuclear facility in 2010. The virus caused equipment at the plant to run out of control. Stuxnet has been described as the most dangerous virus ever released.

Question 9

Give an example of a politically-motivated data breach.

Answer 9

Edward Snowden was an IT security contractor employed by the National Security Agency in the US. In 2013, he leaked thousands of documents to journalists in protest at the US government’s secret mass surveillance of American citizens.

Question 10

How can physical access security protect companies?

Answer 10

Doors, locks, keypad codes, swipe cards, voice recognition, facial recognition, and CCTV are examples of physical access security. They protect data centres and server rooms so that only authorised people can enter.

Question 11

What operational procedures can protect companies from security threats?

Answer 11

Operational procedures include:
A schedule for regular data back-ups;
Regular updates of anti-virus software and firewalls to protect against latest threats;
Have a plan for responding to natural or other disasters;
Store data in different geographic locations;
Have a recovery plan for restoring data if it is corrupted or lost;
Test back-up power supplies, batteries and diesel generators;
Enforce an employee code of conduct to protect company data and equipment;
Regular training for IT staff
Monitor network traffic for unusual activity
Configure routers to detect and filter DDoS attacks

Question 12

How can an employee Code of Conduct protect companies against security threats?

Answer 12

A Code of Conduct ensures staff know how to avoid taking risks that could expose the company to viruses or other threats. Employees should never click on email attachments from people they don’t know, for example.

Question 13

What is an uninterruptable power supply?

Answer 13

An uninterruptable power supply is a large battery and diesel generator that keeps equipment running for a few hours or days if the normal power supply is lost.

Question 14

What is a BYOD policy?

Answer 14

A Bring Your Own Device (BYOD) policy restricts the type of devices (phones and laptops etc) that employees can use on the company network.

Question 15

Name 3 potential consequences for a company if hackers breach its security systems and steal customer data.

Answer 15

If customer data is stolen or posted online then the company’s reputation would be damaged.
Customers may leave and the company could have difficulty winning new customers.
The company might be sued by customers and it would need to pay legal fees to defend itself.
Regulators may impose a fine.
Competitors may gain access to confidential information.
Production, distribution and delivery may be delayed.
The company is likely to lose business and cash-flow.
The company’s share price could fall if investors lose confidence in it.

Question 16

Describe 3 factors a company should consider in order to minimise security risks.

Answer 16

1. Understand the threat landscape - what types of threat could impact the company?
2. Calculate the likelihood of a breach - what is the likelihood of different types of threat occurring?
3. Understand the consequences - what are the short-term and long-term consequences if a security breach occurs?
4. Security procedures - what procedures does the company have in place? For example, back-ups, anti-virus updates, disaster recovery plans etc.

Question 17

What is risk management? (or ‘risk analysis’)

Answer 17

Risk management is the process of 1) assessing the threat landscape 2) estimating the likelihood of any potential threat occurring 3) estimating the cost of the consequences and of recovering lost data 4) assessing how well prepared the company is to respond to or avoid the threat.

Question 18

What is a proxy server?

Answer 18

A proxy server is an intermediary server between a client computer and a resource, such as access to the Internet.

Question 19

How is a proxy server used to protect computers on a company network?

Answer 19

A proxy server protects computers on a network by relaying requests for access to network services. For example, a proxy server intercepts requests to a web server from a client computer in order to provide indirect access to the Internet. This means the client’s IP address is not visible to the web server and so protects the user’s privacy.

Question 20

How do user accounts help to keep data secure?

Answer 20

The IT Administrator gives a username and password to each user and allocates a level of access appropriate to their role. For example, a student only has access to their own files, whereas a teacher has access to their own files and those of their students. A superuser in IT has access to everyone’s account.

Question 21

How do user logs help to keep data secure?

Answer 21

User logs provide an audit trail of activity on the network. Logs are a record of who logged on and off and when. They also show what computer they were on, what programs they used, the files they accessed and any changes made to data.
Authorised IT staff can analyse the logs to identify abuses of the system, for example if an employee tried to guess a password for a database they shouldn’t be able to access.

Question 22

Define disaster recovery

Answer 22

A plan to restore data and systems as quickly as possible and to minimise disruption following a loss of data, network or IT system.

Question 23

Name 3 types of back-up media

Answer 23

Optical disk drive, magnetic tape, solid state drives (SSD), USB memory stick

Question 24

Method to prevent loss of data due to disk failure

Answer 24

Redundant Array of Independent Disks (RAID)