Computer science internal threats

    Cards (38)

    • What is the intent of understanding internal threats within an organization?
      To understand internal threats to digital systems and data security.
    • What is the purpose of analyzing different types of internal threats?
      To understand the impact of security breaches.
    • What should students recall regarding internal threats?
      Students should recall the different types of internal threats and the consequences of security breaches.
    • What are some potential threats to a school's IT systems and data?
      Threats can come from teachers, students, admin, support staff, and outside the school.
    • What is malware and what are two types of examples?
      • Malware is malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.
      • Examples: Viruses, Ransomware.
    • How do viruses and ransomware disrupt a computer system?
      Viruses replicate and spread, while ransomware encrypts files and demands payment for access.
    • What is a rootkit designed to do?
      A rootkit is designed to gain unauthorized access to a computer and hide its presence.
    • What are the steps of a DDOS/DOS attack and its impact on a computer system?
      Steps of a DDOS/DOS attack:
      1. Attackers flood the target with traffic.
      2. The system becomes overwhelmed and unavailable.
      3. Legitimate users cannot access the system.
      Impact:
      • Service disruption.
      • Financial loss.
    • What are two tricks used for social engineering?
      Phishing and pretexting.
    • What is a "Man In The Middle" attack?
      A "Man In The Middle" attack involves an attacker intercepting communication between two parties.
    • Give an example of where a "Man In The Middle" attack might be used.
      In unsecured Wi-Fi networks where attackers intercept data between users and the network.
    • What is unintentional disclosure of data?
      It occurs when too much or confidential information is given to an employee or customer.
    • How can unintentional disclosure of data happen?
      It can happen through leaving data on paper or removable media in unsecured locations.
    • What should companies do with sensitive or confidential documents?
      They should securely dispose of them to prevent unauthorized access.
    • What is dumpster diving?
      It is when attackers go through bins to find data.
    • What happened in the Dyson corporate spy case?
      • In 2012, Dyson accused engineer Yong Pang of industrial espionage.
      • Pang allegedly shared Dyson's ideas with Bosch and a Chinese motor developer.
    • How do companies try to reduce corporate espionage?
      • Implementing strict access controls.
      • Conducting regular security audits.
      • Training employees on security protocols.
    • What did Edward Snowden do in 2012?
      • Snowden downloaded over 1 million documents from the CIA and Department of Defence.
      • He revealed secret government spying programs.
    • What charges does Edward Snowden face?
      He faces charges of theft of government property and espionage.
    • What are two ways the leak by Edward Snowden could have been limited?
      Implementing stricter access controls and monitoring data downloads.
    • What are the four categories of security controls?
      1. Physical – fences, gates, locks
      2. Technical – firewalls, settings, antivirus
      3. Procedural – incident processes
      4. Legal – laws
    • Name one further example for each category of security controls.
      Physical: Security cameras; Technical: Intrusion detection systems; Procedural: Security training; Legal: GDPR compliance.
    • How do portable storage devices pose a risk?
      • They allow people to steal large amounts of data quickly.
      • They can be lost or stolen easily.
    • How can organizations prevent data theft via portable storage devices?
      By disabling access to USB ports and logging file downloads.
    • What are three points that show a website is trustworthy?
      Secure HTTPS connection, clear contact information, and positive user reviews.
    • What are the financial impacts of a cyber attack?
      • Direct financial loss from theft.
      • Costs associated with recovery and repairs.
      • Potential loss of business due to reputational damage.
    • How can a cyber attack damage a company's public image?
      By causing loss of trust when personal data is stolen or systems are compromised.
    • What incident occurred with Sony in 2005?
      Sony installed software on CDs that created security vulnerabilities on computers.
    • Name three examples of information a company could lose due to data loss.
      Customer data, financial records, and intellectual property.
    • What else could cause data to be lost besides accidental deletion?
      Hardware failure, cyber attacks, or natural disasters.
    • What needs to be in place to recover data?
      Regular backups and a disaster recovery plan.
    • What happened in the Dixons Carphone data breach?
      • In 2018, information from around 10 million customers was breached.
      • Data included names, addresses, email addresses, and payment card details.
    • What are the consequences of cyber attacks on productivity?
      They require time to remove malware, repair damage, and investigate problems, reducing productivity.
    • What does the Computer Misuse Act (1990) prevent?
      • Creation of malware including viruses.
      • Gaining unauthorized access to a computer.
      • Modifying or deleting computer software or data.
    • What does the Data Protection Act (2018) require?
      • Prevents unnecessary processing or storing of data.
      • Requires greater consent to process or store personal data.
      • Mandates notification of data breaches.
    • What could be the implications if a rootkit takes control of a company's systems?

      It could lead to data breaches, loss of sensitive information, and operational disruptions.
    • What threat does a bank employee create by forgetting to lock their computer?
      Unauthorized access to sensitive information.
    • What are two impacts resulting from a bank employee forgetting to lock their computer?
      Data breaches and potential financial loss.
    See similar decks