LO1

avatar
Created by
Sophie _Xx

Cards (51)

  • What are the 3 ways to quality of protect information
    • Integrity
    • availability
    • Confidentiality
  • What might a company want to keep secure?
    Personal detail of customers/employees
    Financial information
    Assets like hardware or software
    Intellectual Property
  • What is confidentiality?
    Information that should be only accessible by individuals or groups with the authorisation to do so
  • What logical method can help improve the confidentiality of information?
    CRUD permissions on files and folders
  • Define Integrity
    Information is maintained so that it is up-to-date, correct, accurate and fit for purpose. Therefore it can be trustworthy
  • What is the issue if individuals dont have integrity when an appointment has changed?
    Less organised
    May miss opportunities
    More forgetful
  • What is the impact on Goverments if data doesnt have integrity?

    Disagreements within the country
    Sensitive/confidential information may be released or stolen
  • What are 2 ways of improving data integrity?
    Proof reading
    MFA / 2FA
  • Define Availability
    Information that is available to the individual or group that require it. It should be accessible 24/7 and up-to-date at the time that the user wants to access it
  • What type of attack did a criminal group use against Synnovis?
    Ransomware
    View source
  • What does unauthorized access refer to?
    Gaining access to systems without permission
    View source
  • What was the impact of the ransomware attack on Synnovis?
    They had to delay procedures and operations for patients
    View source
  • How is hacking defined in the context of unauthorized access?
    Gaining access through means other than legitimate credentials
    View source
  • What is vertical escalation of privileges?
    Accessing parts of a system beyond normal access levels
    View source
  • What is horizontal escalation of privileges?
    Accessing other users' normal areas
    View source
  • What is information disclosure?
    When someone with knowledge shares information with unauthorized individuals
    View source
  • What are two types of information that can be disclosed?
    Personal information and government information
    View source
  • What is modification of data?
    Amending, changing, or deleting data by authorized individuals
    View source
  • What is accidental modification of data?
    When security levels are weak and someone alters information unintentionally
    View source
  • What is malicious intent modification of data?
    Illegally modifying data to blackmail or disrupt
    View source
  • What does inaccessible data refer to?
    Data that users cannot access despite having permissions
    View source
  • What is ransomware?
    An attack that makes data inaccessible
    View source
  • What is a denial of service attack?
    Overloading a website to make it inaccessible
    View source
  • What is destruction of data?
    Intentional destruction of data using malware
    View source
  • What are two methods of data theft?
    Identity theft and financial theft
    View source
  • How can cyber incidents occur?
    Through unauthorized access, information disclosure, modification, inaccessible data, and destruction
    View source
  • What is social engineering in the context of cyber incidents?
    Manipulating individuals to gain confidential information
    View source
  • What is an example of unauthorized access?
    Guessing someone's password
    View source
  • What is phishing?
    A method to gain credentials by tricking users
    View source
  • What is privileged account abuse?
    Using credentials to lock a user out of their own account
    View source
  • What is pretexting?
    Posing as an IT administrator to gain login details
    View source
  • What are the main types of cyber incidents and their methods?
    • Unauthorized access: Guessing passwords, exploiting vulnerabilities
    • Information disclosure: Malware, blackmail, industrial espionage
    • Modification: Human error, phishing
    • Inaccessible data: Ransomware attacks
    • Destruction: Malware, physical destruction, industrial espionage
    View source
  • What are the consequences of data theft?
    • Loss of access to original data
    • Potential misuse of stolen information
    • Financial loss and identity theft
    View source
  • What are the methods of data destruction?
    • Using malware
    • Deliberate erasure
    • Physical destruction of servers
    View source
  • What are the types of escalation of privileges?
    • Vertical escalation: Accessing higher-level permissions
    • Horizontal escalation: Accessing other users' areas
    View source
  • What are the types of modification of data?
    • Accidental modification due to weak security
    • Malicious intent modification for blackmail or disruption
    View source
  • What are the types of information that can be disclosed?
    • Personal information
    • Government information
    View source
  • What are the consequences of unauthorized access?
    • Data breaches
    • Loss of sensitive information
    • Disruption of services
    View source
  • What are the impacts of ransomware on organizations?
    • Delays in operations
    • Financial losses
    • Compromised patient or client data
    View source
  • Why is it important to protect personal data?
    To prevent identity theft and misuse of information.
    View source