VET IT Exam Notes

Glossary and Readings (Cyber Security - Part 3)

Intellectual Property (IP)

  • IP Types:

    • Industrial: Trademarks and patents.

    • Copyright: Covers scientific works, art, literature, music, and computer code.

Patents

  • Key Points:

    • Limited to 20 years, territorial, and must be original and beneficial.

Trademarks

  • Purpose: Identifies goods and services.

Copyright

  • Protection: Automatically granted for original work; includes legal penalties for breaches.

Ethical Issues in ICT

  • IT Professional Ethics (by ITPA):

    • Privacy, fair treatment, communication, system integrity, cooperation, honesty, education, and workplace quality.

Software Development and Code of Ethics

  • Important Practices:

    • No third-party software installations without permission.

    • Avoid conflicts of interest, document borrowed source code.

The Australian Privacy Principles (APPs)

  • Derived from the Privacy Act 1988:

    • Key principles include collection, use, data quality, security, openness, access, identifiers, anonymity, and handling of sensitive information.

Privacy under Victorian Law

  • Extended Privacy Act 1988: Includes government-related or large organizations, and those in health.

IP Protection Importance

  • Main Point: IP may be an organization's most valuable asset; leaks can occur through email, file-sharing, or messaging apps.

Protecting IP from External Attacks

  • Cyber Threats:

    • Malware, phishing, spear-phishing, MitM, Trojans, ransomware, DDoS, IoT attacks, data breaches, and mobile app malware.

Notifiable Data Breaches Scheme

  • Purpose: Requires businesses to report data breaches likely to harm individuals, along with a data breach response plan.

Data Confidentiality, Integrity, and Availability

  • Data Security Measures:

    • Confidentialization through de-identification and indirect identification management.

Password Management

  • Common Password Attacks: Dictionary attacks, social engineering, and password reuse.

  • Best Practices: Use encryption, two-factor authentication, password managers, and avoid dictionary words.

Accessing Public Wi-Fi

  • Security Measures: Use firewalls, VPNs, access secure sites, avoid downloads, and verify links.

Risk Assessment

  • Types of Risk: Rivals, third parties, government, illegal entities, and internal network.

  • Key Assessment Questions: Critical assets, business functions, potential threats.

ICT Risk Assessment Components

  • Four Main Components:

    • Threat: Event causing harm.

    • Vulnerability: Weak point.

    • Impact: Total damage if exploited.

    • Likelihood: Probability of threat occurrence.

Identifying Threats and Vulnerabilities

  • Types of Threats: Disasters, hardware failure, and malicious attacks.

  • Vulnerability Tools: Recommend nmap for automated scanning.

Analyzing Controls

  • Control Types: Differentiate between technical and non-technical security controls.

Documenting Risk Assessment

  • Risk Assessment Reports: Study sample reports as they may be required in exams.

This covers the entire Cyber Security section with key details for easy reference. Let me know if more sections need to be added!

4o

You said:

can you add all 3 sections into one

ChatGPT said:

ChatGPT

Here’s a comprehensive summary covering all three sections of your study notes:

Glossary and Readings (Part 1-3)

Part 1: Role of a System Administrator and Operating Systems

System Administrator Responsibilities

  • Reading: p146

    • Security access recording, software license recording, system backup and restoration, applying security access controls.

Operating Systems

  1. Identifying OS

    • Reading: p148

    • Main OS: Windows, macOS, Linux.

    • Mobile OS: iOS (Apple), Android.

  2. Types of Operating Systems

    • Reading: p150

    • Batch, Multitasking, Real-time, Mobile, Network OS.

Operating System Maintenance

  • Reading: p154-158

    • Windows Updates, Start-up Applications, System Tray, Windows Services, Driver Updates.

Security Access

  • Reading: p159

    • User accounts limit general access; Admin User has full control.

Group Policies

  • Reading: p160

    • Permissions by role: Administrators, Supervisors, Domain Users.

    • Example permissions: printer access, database read-only, folder access.

Creating a New User Account

  • Reading: p161

    • Procedure: Find Local Users, Add User, Set Password, Assign Group.

Software Licenses

  • Reading: p163-165

    • Types: Open Source, Proprietary, User Licensing, Metered Licensing.

Software Management

  • Reading: p166-168

    • Benefits include oversight, ICT spending optimization, compliance, tracking license numbers, and illegal software prevention.

System Backup

  • Reading: p172-178

    • Importance of regular backups, record maintenance, and restoration procedures on Windows 10.

Security Access Controls

  • Reading: p179-181

    • Types of access (READ, MODIFY, CHANGE OWNER, DELETE) and maintaining a Security Access Register.

Part 2: Cyber Security

Intellectual Property (IP)

  • Reading: p188-190

    • Types: Industrial (trademarks, patents), Copyright (includes code).

Patents and Trademarks

  • Reading: p189-190

    • Patents are 20-year, territorial, and original.

    • Trademarks identify goods and services.

Copyright

  • Reading: p190

    • Granted automatically to creators of original work, including software.

Ethical Issues in ICT

  • Reading: p191-192

    • Principles: Privacy, Fair Treatment, Communication, System Integrity, Cooperation, Honesty, Education, Workplace Quality.

    • Avoid conflicts of interest and credit external code.

Australian Privacy Principles (APPs)

  • Reading: p193-194

    • Includes Collection, Data Quality, Security, Openness, Access, Identifiers, and Anonymity.

Privacy under Victorian Law

  • Reading: p195

    • Extends the Privacy Act 1988 to include government and large entities, with Victorian-specific protections.

Importance of IP Protection

  • Reading: p196-199

    • IP is valuable, and leaks often occur via employee negligence or tools like email, file-sharing, or messaging.

Cybersecurity Threats

  • Reading: p201-203

    • Threats: Malware, Phishing, Spear Phishing, MitM, Trojans, Ransomware, DDoS, IoT attacks, Data Breaches, Mobile Malware.

Notifiable Data Breaches Scheme

  • Reading: p203

    • Requires businesses to report breaches likely to cause harm, and have a data breach response plan.

Data Confidentiality, Integrity, and Availability

  • Reading: p205

    • Data should be de-identified, and risk of re-identification managed.

Password Management

  • Reading: p208-209

    • Principles: Password encryption, Two-Factor Authentication, avoid dictionary words, use a password manager, and update regularly.

Public Wi-Fi Security

  • Reading: p211-212

    • Safe browsing practices include using secure sites, avoiding downloads, and verifying links.

Risk Assessment

  • Reading: p215-217

    • Components: Threat, Vulnerability, Impact, Likelihood.

    • Key questions focus on critical assets and potential threats.

Risk Assessment Documentation

  • Reading: p221

    • Complete or interpret risk assessment reports based on sample formats.

Part 3: System Backup and Security Controls

IP Storage and Leakage

  • Reading: p197-199

    • Common storage areas: employee computers, cloud apps, printers.

    • Leakage sources: email, file-sharing, and collaboration tools.

Protecting IP from External Threats

  • Threat Types: Malware, phishing, spear phishing, MitM attacks, Trojans, ransomware, DDoS, IoT vulnerabilities, and data breaches.

Data Breaches and Confidentiality

  • Data Confidentiality: Importance of de-identifying sensitive data.

Access Controls and Security Policies

  • Types of Access: READ, MODIFY, CHANGE OWNER, DELETE.

Risk Assessment Procedures

  • Recognize risks from internal and external sources, identify vulnerabilities, analyze controls, and document findings in risk assessment reports.