Final Exam Review

What is contextual integrity?

A privacy framework focusing on appropriate information flow based on norms of specific contexts.

Name the four key elements of contextual integrity.

Contexts, actors, attributes, and transmission principles.

What are transmission principles in contextual integrity?

Rules governing how information should flow between parties (e.g., confidentiality).

Give an example of a context where privacy expectations differ.

Workplace monitoring versus private home activities.

What role do actors play in contextual integrity?

They are the participants involved in the information exchange (e.g., sender, receiver).

How does contextual integrity address digital privacy?

It evaluates how new technologies disrupt traditional information norms.

What is a privacy violation under contextual integrity?

Sharing health records without consent outside the healthcare context.

Why is contextual integrity important for designing privacy-preserving systems?

It ensures systems respect existing norms and user expectations.

What is the first step in applying contextual integrity to a privacy issue?

Identifying the relevant context and its norms.

How does contextual integrity differ from traditional privacy approaches?

It focuses on context-specific norms rather than universal rules.

What is an example of a transmission principle in healthcare?

Maintaining confidentiality between doctor and patient.

Can contextual integrity be violated unintentionally? How?

Yes, through ignorance of context-specific norms, such as over-sharing on social media.

How does contextual integrity guide policy-making?

By ensuring laws respect the norms of specific contexts.

What is the impact of social media on contextual integrity?

It blurs traditional contexts, leading to privacy confusion.

Why is contextual integrity relevant in the age of big data?

It helps evaluate ethical information use in large-scale data analytics.

What are folk models in security?

Simplified mental frameworks non-experts use to understand security threats.

How do folk models influence security behavior?

They shape how non-experts identify and respond to threats, often incorrectly.

What is a common folk model of email security?

Believing an email with a trusted sender name is always safe.

Contrast expert and non-expert approaches to security warnings.

Experts analyze technical details, while non-experts rely on surface cues.

What role does usability play in non-expert security tools?

It ensures tools align with non-expert mental models to improve adoption.

What is a key limitation of folk models in security?

Over-reliance on visible signs like padlocks, which attackers can spoof.

Why is it important to study folk models in cybersecurity?

To design more intuitive and effective security systems.

How do non-experts typically evaluate website security?

By looking for visual cues like HTTPS or familiar logos.

What’s an example of a mismatch between expert knowledge and folk models?

Believing antivirus software alone can prevent all cyberattacks.

How can folk models be leveraged in security training?

By using relatable analogies and scenarios to teach best practices.

How does culture influence folk models?

Different cultures may prioritize varying aspects of security, like privacy versus accessibility.

What is a folk model regarding password complexity?

Longer passwords with symbols are always secure (not true if reused).

How do experts view phishing compared to non-experts?

Experts recognize nuanced patterns, while non-experts rely on superficial trust cues.

What is a limitation of using only expert-designed security protocols?

They may be too complex or unintuitive for non-experts to follow.

How can security systems bridge the gap between expert advice and folk models?

By incorporating user-friendly features that reflect folk model expectations.

What is the main goal of usable authentication?

To balance security with ease of use for users.

What is password reuse?

Using the same password across multiple accounts, creating vulnerabilities.

Name three password alternatives.

Biometrics, hardware tokens, and password managers.

Why are biometrics considered an improvement over passwords?

They are harder to replicate and don’t require memory.

What are two-factor authentication (2FA) methods?

A combination of passwords and secondary factors like SMS codes.

How do password managers enhance security?

By generating and storing unique, complex passwords for every account.

What is a challenge of using biometrics?

Potential for theft or misuse of biometric data.

How do authentication systems improve usability?

By reducing cognitive load, such as with single sign-on (SSO).

Why is password expiration problematic?

It encourages weak, predictable password choices.

What is the main drawback of relying solely on passwords?

They are prone to theft and difficult to manage securely.

What is the benefit of multi-factor authentication (MFA)?

It provides an additional layer of security beyond passwords.

What usability issues arise from frequent password changes?

Increased frustration and likelihood of poor practices like writing down passwords.

How does single sign-on (SSO) address usability?

It allows users to access multiple services with one set of credentials.

What is the role of user education in authentication?

To promote the use of secure methods and avoid risky behaviors like password reuse.

Why is device-based authentication growing in popularity?

It integrates seamlessly with smartphones and wearable tech for ease and security.

What is phishing?

A cyberattack that uses deception to steal sensitive information.

Name three common phishing methods.

Email phishing, spear-phishing, and SMiShing.

What makes phishing attacks effective?

Exploitation of human factors like urgency, authority, and trust.

What is spear-phishing?

A targeted phishing attack personalized to a specific individual.

How does vishing differ from traditional phishing?

It uses phone calls or voice messages instead of emails.

Name a human factor that increases phishing susceptibility.

Complacency or lack of awareness.

What is the role of training in phishing defense?

To teach users to recognize and avoid phishing attempts.

Name two phishing awareness tools.

PhishGuru and Anti-Phishing Phil.

What is the Phish Scale?

A framework to evaluate the difficulty of detecting phishing emails.

Why are game-based training tools effective against phishing?

They engage users interactively, improving retention of key concepts.

What is SMiShing?

Phishing via SMS or instant messaging.

How can phishing websites mimic legitimate ones?

By using similar domain names and visual design.

What is a phishing hook?

A tactic like a fake urgency or reward to lure victims.

What is pharming?

Redirecting users to fraudulent websites without their knowledge.

How do attackers personalize spear-phishing emails?

By gathering details about the victim from social media or other sources.

What is a defensive measure against phishing?

Browser plugins that flag suspicious URLs.

Why do phishing simulations improve awareness?

They let users practice identifying and avoiding attacks in a safe environment.

What is the impact of urgency cues in phishing emails?

They pressure users into acting quickly, reducing critical thinking.

What human factor often leads to phishing success?

A lack of digital literacy or security knowledge.

How has phishing evolved during the COVID-19 pandemic?

Increased use of fear and urgency around health and financial issues.