LO1

    avatar
    Created by
    Sophie _Xx

    Cards (51)

    • What are the 3 ways to quality of protect information
      • Integrity
      • availability
      • Confidentiality
    • What might a company want to keep secure?
      Personal detail of customers/employees
      Financial information
      Assets like hardware or software
      Intellectual Property
    • What is confidentiality?
      Information that should be only accessible by individuals or groups with the authorisation to do so
    • What logical method can help improve the confidentiality of information?
      CRUD permissions on files and folders
    • Define Integrity
      Information is maintained so that it is up-to-date, correct, accurate and fit for purpose. Therefore it can be trustworthy
    • What is the issue if individuals dont have integrity when an appointment has changed?
      Less organised
      May miss opportunities
      More forgetful
    • What is the impact on Goverments if data doesnt have integrity?

      Disagreements within the country
      Sensitive/confidential information may be released or stolen
    • What are 2 ways of improving data integrity?
      Proof reading
      MFA / 2FA
    • Define Availability
      Information that is available to the individual or group that require it. It should be accessible 24/7 and up-to-date at the time that the user wants to access it
    • What type of attack did a criminal group use against Synnovis?
      Ransomware
      View source
    • What does unauthorized access refer to?
      Gaining access to systems without permission
      View source
    • What was the impact of the ransomware attack on Synnovis?
      They had to delay procedures and operations for patients
      View source
    • How is hacking defined in the context of unauthorized access?
      Gaining access through means other than legitimate credentials
      View source
    • What is vertical escalation of privileges?
      Accessing parts of a system beyond normal access levels
      View source
    • What is horizontal escalation of privileges?
      Accessing other users' normal areas
      View source
    • What is information disclosure?
      When someone with knowledge shares information with unauthorized individuals
      View source
    • What are two types of information that can be disclosed?
      Personal information and government information
      View source
    • What is modification of data?
      Amending, changing, or deleting data by authorized individuals
      View source
    • What is accidental modification of data?
      When security levels are weak and someone alters information unintentionally
      View source
    • What is malicious intent modification of data?
      Illegally modifying data to blackmail or disrupt
      View source
    • What does inaccessible data refer to?
      Data that users cannot access despite having permissions
      View source
    • What is ransomware?
      An attack that makes data inaccessible
      View source
    • What is a denial of service attack?
      Overloading a website to make it inaccessible
      View source
    • What is destruction of data?
      Intentional destruction of data using malware
      View source
    • What are two methods of data theft?
      Identity theft and financial theft
      View source
    • How can cyber incidents occur?
      Through unauthorized access, information disclosure, modification, inaccessible data, and destruction
      View source
    • What is social engineering in the context of cyber incidents?
      Manipulating individuals to gain confidential information
      View source
    • What is an example of unauthorized access?
      Guessing someone's password
      View source
    • What is phishing?
      A method to gain credentials by tricking users
      View source
    • What is privileged account abuse?
      Using credentials to lock a user out of their own account
      View source
    • What is pretexting?
      Posing as an IT administrator to gain login details
      View source
    • What are the main types of cyber incidents and their methods?
      • Unauthorized access: Guessing passwords, exploiting vulnerabilities
      • Information disclosure: Malware, blackmail, industrial espionage
      • Modification: Human error, phishing
      • Inaccessible data: Ransomware attacks
      • Destruction: Malware, physical destruction, industrial espionage
      View source
    • What are the consequences of data theft?
      • Loss of access to original data
      • Potential misuse of stolen information
      • Financial loss and identity theft
      View source
    • What are the methods of data destruction?
      • Using malware
      • Deliberate erasure
      • Physical destruction of servers
      View source
    • What are the types of escalation of privileges?
      • Vertical escalation: Accessing higher-level permissions
      • Horizontal escalation: Accessing other users' areas
      View source
    • What are the types of modification of data?
      • Accidental modification due to weak security
      • Malicious intent modification for blackmail or disruption
      View source
    • What are the types of information that can be disclosed?
      • Personal information
      • Government information
      View source
    • What are the consequences of unauthorized access?
      • Data breaches
      • Loss of sensitive information
      • Disruption of services
      View source
    • What are the impacts of ransomware on organizations?
      • Delays in operations
      • Financial losses
      • Compromised patient or client data
      View source
    • Why is it important to protect personal data?
      To prevent identity theft and misuse of information.
      View source
    See similar decks