B1 - Threats to Data
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/22
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
23 Terms
6 reasons why systems may be attacked
personal fun/ challenge
industrial espionage (business vs business for rival info, plans designs etc)
financial gain (theft of money, goods and services without paying, use of ransomware (computer system infected with malicious software until paid to remove it)
personal attack
disruption for financial, social, environmental, political reasons
data and info theft (of customers)
8 types of external threats
unauthorised access / hacking
malware
denial of service attacks
phishing
pharming
social engineering
shoulder surfing
what is unauthorised access / hacking?
individuals gaining access by guessing a user's log in details or using vulnerabilities in software to gain access
black hat hacker = person accessing system unauthorised
what is a black hat hacker?
break into other people's computer systems and may just look around or may steal and destroy information
how to protect a system from hacking
strong passwords
change passwords regularly
software updated regularly
what is malware
software with malicious intent that install themselves on the user's system without their knowledge to encrypt, steal or delete data
7 examples of malware
virus
worm
botnet
rootkit
trojan
ransomware
spyware
how to protect a computer system from malware
apply operating system updates
update anti malware software
firewalls
security precautions like not opening email attachments from unknown senders
What is a denial of service attack?
floods a website with so many requests that the website is unable to respond to authorised users. harms reputation and loses customers
how to protect from dos attack
firewall
intrusion detection/prevention systems
configure web systems to ignore dos requests
what is phishing
The attempt to gather sensitive information such as usernames, passwords, and credit card information by masquerading as a trustworthy entity
sends spoof email or text, user uses link or replies with login info. enters login info
prevention of phishing
Security awareness training, email filtering, and multi-factor authentication (MFA) help defend against phishing.
what is pharming
Reroutes requests for legitimate websites to false websites to confirm login details
how to prevent pharming
anti malware software and safe computer user habits
what is social engineering
using one's social skills to trick people into revealing access credentials or other information valuable to the attacker by pretending to be somebody trustworthy
how to prevent social engineering
staff training, authenticate people, no password disclosure policies
what is shoulder surfing
Observing someone entering their password or PIN
how to prevent shoulder surfing
-Angle your computer so that other people cannot see what you are typing
-Use a privacy screen to make your screen less visible to others
-If possible, sit or stand with your back to a wall when entering a password on a device in public
-Try to avoid viewing restricted information in public
-Shield forms from viewing when filling out paperwork
-Use strong passwords to make it more difficult for someone to try and guess what you typed
-Remember to lock your computer or device when you leave your desk
what is a man in the middle attack
An attack in which a malicious user is positioned between the two endpoints of a communication's link, like on an open wifi connection
how to prevent a man in the middle attack
Encryption, dont use wifi
what do secure web pages begin with
https://
6 internal threats to data security and digital systems
unintended disclosure of data
stealing or leaking information
overriding of security controls (password on note, unauthorised staff getting access to confidential info, unauthorised family members or friends being given access)
use of portable storage devices
downloads from the internet
visiting untrustworthy websites
6 potential impacts on an organisation from a security breach
data loss -difficult or impossible to retrieve deleted data or decrypting after ransomware
damage to public image - customers pull away
financial loss - cost of resolving issues, cant invest, also from public image=loss of customers
reduced productivity - time wasted, sets workplace off balance, systems affected affects ability to work
downtime - shut down for investigation or to fix things
legal action - fines, payment of damages