This is a presentation of the fundamentals of cybersecurity. It is well planned and presented. It offers a great deal of information to both the novice and the professional.
I strongly advise those who want to learn about Cybersecurity to view this work. It is done with a professional accuracy and with a touch of good learning objectives.
This document discusses network security and protocols. It covers internal and external threats to networks like unauthorized access, data destruction, and hacking. It also discusses ways to protect networks from these threats, including passwords, firewalls, encryption, authentication protocols, and virtual local area networks (VLANs). The document outlines concepts like cryptography, digital signatures, and authentication protocols. It also discusses firewalls, storage technologies like RAID, NAS, and SAN for fault tolerance, and tape backups.
Classify information and supporting assets (e.g., sensitivity, criticality), Determine and maintain ownership (e.g., data owners, system owners, business/mission
owners), Protect privacy, Ensure appropriate retention (e.g., media, hardware, personnel), Determine data security controls (e.g., data at rest, data in transit), Establish handling requirements (markings, labels, storage, destruction of sensitive
information)
This document provides an overview of security fundamentals including the CIA triad of confidentiality, integrity and availability. It discusses common security threats and countermeasures for each component. Additional concepts covered include identification, authentication, authorization, auditing, accountability, non-repudiation, data classification, roles in security management, due care/diligence, security policies, standards/guidelines, threat modeling and prioritization. The document is intended as a high-level introduction to fundamental security concepts.
Unethical practices on the internet include media piracy, ransomware attacks, identity theft, financial theft, and intellectual property theft. To stay safe online, users should use unique passwords, limit social media to personal use, avoid mentioning work details, be wary of links and downloads, and ensure devices have antivirus software. A digital footprint refers to a person's online activities and digital contributions that are recorded and can be retrieved, including both passive web browsing data and active information deliberately shared on social media.
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
The document summarizes the seven layers of the OSI model and security threats that can occur at each layer. It describes the functions of each layer and common attacks such as IP spoofing at the network layer, ARP spoofing at the data link layer, and viruses/worms at the application layer. The document provides examples of security measures that can be implemented to mitigate threats at different OSI layers.
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
This document discusses network security and protocols. It covers internal and external threats to networks like unauthorized access, data destruction, and hacking. It also discusses ways to protect networks from these threats, including passwords, firewalls, encryption, authentication protocols, and virtual local area networks (VLANs). The document outlines concepts like cryptography, digital signatures, and authentication protocols. It also discusses firewalls, storage technologies like RAID, NAS, and SAN for fault tolerance, and tape backups.
Classify information and supporting assets (e.g., sensitivity, criticality), Determine and maintain ownership (e.g., data owners, system owners, business/mission
owners), Protect privacy, Ensure appropriate retention (e.g., media, hardware, personnel), Determine data security controls (e.g., data at rest, data in transit), Establish handling requirements (markings, labels, storage, destruction of sensitive
information)
This document provides an overview of security fundamentals including the CIA triad of confidentiality, integrity and availability. It discusses common security threats and countermeasures for each component. Additional concepts covered include identification, authentication, authorization, auditing, accountability, non-repudiation, data classification, roles in security management, due care/diligence, security policies, standards/guidelines, threat modeling and prioritization. The document is intended as a high-level introduction to fundamental security concepts.
Unethical practices on the internet include media piracy, ransomware attacks, identity theft, financial theft, and intellectual property theft. To stay safe online, users should use unique passwords, limit social media to personal use, avoid mentioning work details, be wary of links and downloads, and ensure devices have antivirus software. A digital footprint refers to a person's online activities and digital contributions that are recorded and can be retrieved, including both passive web browsing data and active information deliberately shared on social media.
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
The document summarizes the seven layers of the OSI model and security threats that can occur at each layer. It describes the functions of each layer and common attacks such as IP spoofing at the network layer, ARP spoofing at the data link layer, and viruses/worms at the application layer. The document provides examples of security measures that can be implemented to mitigate threats at different OSI layers.
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
This document outlines the phases of a penetration testing execution, with a focus on the reconnaissance phase. It discusses the reconnaissance phase in depth, including levels of information gathering, goals of information gathering through open source intelligence (OSINT), and types of corporate and target details that should be collected. The key aspects covered are the importance of gathering information before launching attacks, doing so in a legal and ethical manner according to the rules of engagement, and focusing reconnaissance efforts on information directly relevant to the goals of the penetration test. The overall goal of the reconnaissance phase is to safely and effectively collect intelligence on the target to inform subsequent phases of testing.
This document discusses cybersecurity risks and challenges for banks. It notes that banks hold sensitive financial and customer data, making them attractive targets for sophisticated cyber attacks seeking monetary rewards. The document outlines key cybersecurity issues banks face such as regulatory compliance pressures, consumerization trends, emerging attack types like APTs, and the sophistication of threats. It provides examples of past attacks on banks and discusses security challenges from e-banking, mobile banking, outsourcing, and PSD2 regulations. The document advocates for strategies like threat intelligence, compliance with standards like PCI DSS and ISO 27001, and information security maturity to help banks mitigate cybersecurity risks.
This document discusses the process of conducting an information security audit. It begins by defining an information security audit and explaining that it assesses how an organization's security policies protect information. It then describes the general methodology, which involves assessing general controls at the entity, application, and technical levels. The document outlines the planning, internal control, testing, and reporting phases of an audit. It provides details on tasks like developing audit scopes and checklists, assessing policies and documentation, and writing the final audit report. The overall purpose is to explain the end-to-end process of performing an information security audit.
The document discusses data security and the evolution of threats over time. It covers definitions of data security, common threats like tampering, eavesdropping, and different types of attacks. The document also discusses security solutions like antivirus software, firewalls, and encryption. Emerging threats are discussed like mobile computing risks, BYOD risks, and social media privacy risks. Future directions are mentioned around managing personal data access and authentication.
Varun Nair gave a presentation on memory forensics. He discussed forensic fundamentals like digital forensics involving recovering data from digital devices. He outlined an action plan for responding to incidents, noting the differences between live and dead forensics approaches. For dead forensics, an exact copy is made of storage media with the least chance of modifying data but live data is lost. Live forensics focuses on extracting volatile data and uses the system, but may impact the machine state. He demonstrated collecting memory dumps using DUMPIT and analyzing them using WinHex and Volatility Framework.
This presentation was provided by Dylan Gilbert of The National Institute of Standards and Technology (NIST), during the NISO event "Privacy in the Age of Surveillance: Everyone's Concern." The virtual conference was held on September 16, 2020.
This document provides an overview of cybersecurity basics and tips for online safety. It discusses how cybersecurity refers to protecting online activities from risks like malware, cyberbullying, and phishing scams. The document emphasizes that education is key to combating cybercrime and stresses priorities like training on security risks, protecting personal information, and keeping software updated. It concludes by listing some quick tips for online users, such as password protecting accounts and devices, monitoring children's online activities, and thinking before sharing information online.
This document provides an overview of chapter 1 of the CNIT 125 course on information security and CISSP preparation. It covers key security terms like confidentiality, integrity, and availability that make up the CIA triad. It also discusses security governance principles such as strategic planning, change management, data classification, and defining security roles and responsibilities. Finally, it introduces several common security control frameworks and standards like ISO 27000, NIST 800 series, and COSO that are used to implement controls and ensure compliance.
This document discusses ethical hacking and provides information on various types of hackers, why people hack, and the hacking process. It defines ethical hacking as legal hacking done with permission to identify vulnerabilities. The hacking process involves preparation, footprinting, enumeration and fingerprinting, vulnerability identification, gaining access, escalating privileges, covering tracks, and creating backdoors. It also discusses how to protect systems and what to do if hacked, such as restoring from backups and patching security holes.
Your adversaries continue to attack and get into companies. You can no longer rely solely on alerts from point solutions to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
This document summarizes a security awareness training presentation that covered topics such as why security training is important, 21st century security threats, PCI compliance, security objectives and challenges, data classification, and security responsibilities. It provided examples of security incidents, the costs of data breaches, PCI DSS requirements, and outlined the company's security framework including defenses, controls, and challenges around excessive data retention, vulnerable infrastructure, lack of documentation and logging.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
This document provides an overview of information security and related concepts. It discusses different types of networks including computer networks, phone networks, and satellite networks. It then defines security as protecting people, property, or organizations from attacks. Various security attacks are classified such as interception, modification, and fabrication. Corresponding security services like confidentiality, authentication, and integrity are introduced to prevent different types of attacks. Cryptography and its applications to provide secure communication over insecure networks are explained through concepts like encryption, decryption, and use of public and private keys. The document concludes with discussions about firewalls and their role in controlling access between networks and providing security for online transactions through digital signatures.
An IT security audit involves independently examining an organization's IT systems, controls, policies and procedures. The document outlines the key steps in an IT audit including planning, testing and reporting. It also discusses defining auditors and their roles, preparing for an audit, and how audits are conducted at the application level to assess controls related to administration, security, disaster recovery and more. The goal of an audit is to evaluate security adequacy and recommend improvements.
This document provides an overview and agenda for a Data Loss Prevention presentation. It discusses trends in data loss, how DLP works to discover, monitor and protect data, and case studies of how DLP helps different types of insider and outsider threats. It highlights the advantages of the Symantec DLP solution, including its accuracy, sophisticated workflow for incident response, ability to identify sensitive data with Data Insight, and zero-day content detection through machine learning. The appendix discusses Symantec's leadership in the DLP market and new features of the latest DLP product version.
The document discusses information life cycle and asset security. It covers the following key points:
1. Information goes through a 4 phase life cycle of acquisition, use, archival, and disposal. Controls are needed at each phase to protect the information.
2. Data classification and categorization help determine the appropriate security controls for different types of sensitive data based on their value, sensitivity, and criticality.
3. Roles such as data owner, data custodian, and system owner are defined along with their responsibilities to ensure proper management and protection of data throughout its life cycle.
Security & Privacy of Information TechnologyAshish Mathew
This document lists the group members for a project on security and then provides information on various topics related to security including: definitions of security, computer security, and information security; risks and threats such as fraud, denial of service attacks, malicious software, and computer criminals; and technical countermeasures like firewalls, encryption, and VPNs. It also discusses the CIA triad of security and the five pillars of security.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
Topics Covered In Webinar
Basics of PCI DSS
Lifecycle changes to PCI DSS
Evolution of PCI DSS Version 1.1 to version 3.21
Introduction of PCI DSS 4.0
PCI DSS 4.0 Implementation Timeline
Upgrading from PCI DSS 3.21 to PCI DSS 4.0
Key changes anticipated in the latest pci dss 4.0
This document discusses internet security. It begins by defining the internet and its types such as dial up, DSL, cable, wireless, satellite, and cellular. It then defines internet security and its objective to establish rules and measures against attacks over the internet. The document outlines the history of internet security from 1960 to 2000. It discusses common internet security threats like viruses, trojan horses, worms, hacking, phishing, and spyware. Finally, it recommends techniques to improve security such as using strong passwords, antivirus software, firewalls, authenticating data, unlinking accounts, and blocking cookies.
The document discusses various topics related to computer ethics. It begins by defining computer ethics as enforcing ethical implementation and use of computing resources through avoiding copyright infringement and unauthorized distribution of digital content. It then lists 10 commandments of computer ethics established by the Computer Ethics Institute in 1992. Some concepts that can lead to unethical computer use discussed include data stealing, cybercrime, hacking, and embezzlement. Cybercrime refers to criminal acts involving computers or networks. Common types of cybercrime are hacking, stealing software/data, and identity theft. Data theft is also common using devices like USB drives to copy large amounts of data. Hacking involves exploiting security weaknesses for unauthorized access, while social engineering and malware attacks are other risks.
This document outlines the phases of a penetration testing execution, with a focus on the reconnaissance phase. It discusses the reconnaissance phase in depth, including levels of information gathering, goals of information gathering through open source intelligence (OSINT), and types of corporate and target details that should be collected. The key aspects covered are the importance of gathering information before launching attacks, doing so in a legal and ethical manner according to the rules of engagement, and focusing reconnaissance efforts on information directly relevant to the goals of the penetration test. The overall goal of the reconnaissance phase is to safely and effectively collect intelligence on the target to inform subsequent phases of testing.
This document discusses cybersecurity risks and challenges for banks. It notes that banks hold sensitive financial and customer data, making them attractive targets for sophisticated cyber attacks seeking monetary rewards. The document outlines key cybersecurity issues banks face such as regulatory compliance pressures, consumerization trends, emerging attack types like APTs, and the sophistication of threats. It provides examples of past attacks on banks and discusses security challenges from e-banking, mobile banking, outsourcing, and PSD2 regulations. The document advocates for strategies like threat intelligence, compliance with standards like PCI DSS and ISO 27001, and information security maturity to help banks mitigate cybersecurity risks.
This document discusses the process of conducting an information security audit. It begins by defining an information security audit and explaining that it assesses how an organization's security policies protect information. It then describes the general methodology, which involves assessing general controls at the entity, application, and technical levels. The document outlines the planning, internal control, testing, and reporting phases of an audit. It provides details on tasks like developing audit scopes and checklists, assessing policies and documentation, and writing the final audit report. The overall purpose is to explain the end-to-end process of performing an information security audit.
The document discusses data security and the evolution of threats over time. It covers definitions of data security, common threats like tampering, eavesdropping, and different types of attacks. The document also discusses security solutions like antivirus software, firewalls, and encryption. Emerging threats are discussed like mobile computing risks, BYOD risks, and social media privacy risks. Future directions are mentioned around managing personal data access and authentication.
Varun Nair gave a presentation on memory forensics. He discussed forensic fundamentals like digital forensics involving recovering data from digital devices. He outlined an action plan for responding to incidents, noting the differences between live and dead forensics approaches. For dead forensics, an exact copy is made of storage media with the least chance of modifying data but live data is lost. Live forensics focuses on extracting volatile data and uses the system, but may impact the machine state. He demonstrated collecting memory dumps using DUMPIT and analyzing them using WinHex and Volatility Framework.
This presentation was provided by Dylan Gilbert of The National Institute of Standards and Technology (NIST), during the NISO event "Privacy in the Age of Surveillance: Everyone's Concern." The virtual conference was held on September 16, 2020.
This document provides an overview of cybersecurity basics and tips for online safety. It discusses how cybersecurity refers to protecting online activities from risks like malware, cyberbullying, and phishing scams. The document emphasizes that education is key to combating cybercrime and stresses priorities like training on security risks, protecting personal information, and keeping software updated. It concludes by listing some quick tips for online users, such as password protecting accounts and devices, monitoring children's online activities, and thinking before sharing information online.
This document provides an overview of chapter 1 of the CNIT 125 course on information security and CISSP preparation. It covers key security terms like confidentiality, integrity, and availability that make up the CIA triad. It also discusses security governance principles such as strategic planning, change management, data classification, and defining security roles and responsibilities. Finally, it introduces several common security control frameworks and standards like ISO 27000, NIST 800 series, and COSO that are used to implement controls and ensure compliance.
This document discusses ethical hacking and provides information on various types of hackers, why people hack, and the hacking process. It defines ethical hacking as legal hacking done with permission to identify vulnerabilities. The hacking process involves preparation, footprinting, enumeration and fingerprinting, vulnerability identification, gaining access, escalating privileges, covering tracks, and creating backdoors. It also discusses how to protect systems and what to do if hacked, such as restoring from backups and patching security holes.
Your adversaries continue to attack and get into companies. You can no longer rely solely on alerts from point solutions to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
This document summarizes a security awareness training presentation that covered topics such as why security training is important, 21st century security threats, PCI compliance, security objectives and challenges, data classification, and security responsibilities. It provided examples of security incidents, the costs of data breaches, PCI DSS requirements, and outlined the company's security framework including defenses, controls, and challenges around excessive data retention, vulnerable infrastructure, lack of documentation and logging.
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
This webinar gives an idea of what is the relation of ISO 27032 with ISO 55001, and how these two standards cover one another. Get more information on Cybersecurity as the importance is given more to the security industry nowadays.
Main points covered:
• Protection assets in Cyberspace
• Covering ISO 27032 in ISO 55001 and ISO 55001 in ISO 27032
• Sample of Cybersecurity Risks in Assets
• Highlights of the Implementation of the Cyber Security program Framework
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Claude Essomba, who is a Managing Director at GETSEC SARL, and has more than 9 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/_280jG77iKY
This document provides an overview of information security and related concepts. It discusses different types of networks including computer networks, phone networks, and satellite networks. It then defines security as protecting people, property, or organizations from attacks. Various security attacks are classified such as interception, modification, and fabrication. Corresponding security services like confidentiality, authentication, and integrity are introduced to prevent different types of attacks. Cryptography and its applications to provide secure communication over insecure networks are explained through concepts like encryption, decryption, and use of public and private keys. The document concludes with discussions about firewalls and their role in controlling access between networks and providing security for online transactions through digital signatures.
An IT security audit involves independently examining an organization's IT systems, controls, policies and procedures. The document outlines the key steps in an IT audit including planning, testing and reporting. It also discusses defining auditors and their roles, preparing for an audit, and how audits are conducted at the application level to assess controls related to administration, security, disaster recovery and more. The goal of an audit is to evaluate security adequacy and recommend improvements.
This document provides an overview and agenda for a Data Loss Prevention presentation. It discusses trends in data loss, how DLP works to discover, monitor and protect data, and case studies of how DLP helps different types of insider and outsider threats. It highlights the advantages of the Symantec DLP solution, including its accuracy, sophisticated workflow for incident response, ability to identify sensitive data with Data Insight, and zero-day content detection through machine learning. The appendix discusses Symantec's leadership in the DLP market and new features of the latest DLP product version.
The document discusses information life cycle and asset security. It covers the following key points:
1. Information goes through a 4 phase life cycle of acquisition, use, archival, and disposal. Controls are needed at each phase to protect the information.
2. Data classification and categorization help determine the appropriate security controls for different types of sensitive data based on their value, sensitivity, and criticality.
3. Roles such as data owner, data custodian, and system owner are defined along with their responsibilities to ensure proper management and protection of data throughout its life cycle.
Security & Privacy of Information TechnologyAshish Mathew
This document lists the group members for a project on security and then provides information on various topics related to security including: definitions of security, computer security, and information security; risks and threats such as fraud, denial of service attacks, malicious software, and computer criminals; and technical countermeasures like firewalls, encryption, and VPNs. It also discusses the CIA triad of security and the five pillars of security.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
Topics Covered In Webinar
Basics of PCI DSS
Lifecycle changes to PCI DSS
Evolution of PCI DSS Version 1.1 to version 3.21
Introduction of PCI DSS 4.0
PCI DSS 4.0 Implementation Timeline
Upgrading from PCI DSS 3.21 to PCI DSS 4.0
Key changes anticipated in the latest pci dss 4.0
This document discusses internet security. It begins by defining the internet and its types such as dial up, DSL, cable, wireless, satellite, and cellular. It then defines internet security and its objective to establish rules and measures against attacks over the internet. The document outlines the history of internet security from 1960 to 2000. It discusses common internet security threats like viruses, trojan horses, worms, hacking, phishing, and spyware. Finally, it recommends techniques to improve security such as using strong passwords, antivirus software, firewalls, authenticating data, unlinking accounts, and blocking cookies.
The document discusses various topics related to computer ethics. It begins by defining computer ethics as enforcing ethical implementation and use of computing resources through avoiding copyright infringement and unauthorized distribution of digital content. It then lists 10 commandments of computer ethics established by the Computer Ethics Institute in 1992. Some concepts that can lead to unethical computer use discussed include data stealing, cybercrime, hacking, and embezzlement. Cybercrime refers to criminal acts involving computers or networks. Common types of cybercrime are hacking, stealing software/data, and identity theft. Data theft is also common using devices like USB drives to copy large amounts of data. Hacking involves exploiting security weaknesses for unauthorized access, while social engineering and malware attacks are other risks.
This document discusses cyber crimes and how to secure computers from cyber threats. It is divided into several sections that cover the definition of cyber crimes, types of cyber crimes such as against persons and property, and types of hackers such as black hats and white hats. The document also provides tips for securing computers, including choosing a secure operating system, internet browser, and security software like firewalls, antivirus programs, and using safe internet practices.
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...PavanKumarSurala
This document provides an overview of hacking, including definitions of key terms like hacker, cracking, and cracker. It discusses different types of hackers like white hat, black hat, and grey hat hackers. It also covers computer security, computer crimes, cyber terrorism, and the top 10 intelligence agencies in the world. The document is an introductory guide to hacking that defines common terms and concepts.
Hacking involves gaining unauthorized access to computer systems or networks. There are three main types of hackers: white hats who hack for security testing, black hats who hack maliciously, and grey hats who may hack to expose vulnerabilities but also for profit. Common hacking targets include passwords, emails, websites, and credit card numbers. While hacking can be used to recover lost passwords or test security, it is illegal and poses disadvantages like enabling criminals to steal data, violating privacy, and allowing competitors to destroy work.
Hacking involves gaining unauthorized access to computer systems or networks. There are three main types of hackers: white hats who hack for security testing, black hats who hack maliciously, and grey hats who may hack to expose vulnerabilities but also for profit. Common hacking targets include passwords, emails, websites, and credit card numbers. While hacking can be used to recover lost passwords or test security, it is illegal and poses disadvantages like enabling criminals, harming privacy, and allowing destruction of work.
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
This document discusses computer security and various cyber threats. It begins by explaining how computer security became increasingly important with the development of modems and personal computers in the late 20th century. It then discusses different methods used to protect computer systems and information, including serial numbers, locks, alarms, and various security strategies to address threats like data theft, vandalism, fraud, and privacy invasion. The document also provides definitions and examples of cryptography, encryption, malware, and other cyber attacks like phishing, watering hole attacks, and cybercrime. It concludes by listing some common reasons for web threats and tips to protect against web service attacks, such as backups, multi-factor authentication, malware scanning, and keeping software updated.
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
James A. O'Brien, and George Marakas. Management Information Systems with MISource 2007, 8th ed. Boston, MA: McGraw-Hill, Inc., 2007. ISBN: 13 9780073323091
Type of Security Threats and its Preventionijsrd.com
Security is a branch of computer technology known as information security as applied to computers and networks. The objective of online security includes protection of information and property from theft, corruption, or threats attack, while allowing the information and property to remain accessible and productive to its intended users. The term online system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The basic aim of this article is to Prevention against unauthorized security Attack and Threats.
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources
Computer and network security helps protect data and equipment from internal and external threats. Internal threats come from inside an organization from users and employees, while external threats come from outside the organization from unauthorized users. Security threats can physically damage equipment or steal and corrupt data. Malware like viruses, worms, Trojans, and spyware are common security threats that can be installed without user knowledge and harm computers. Organizations implement security policies, passwords, and other measures to protect against these threats.
The document provides an overview of computer hacking including its history, types of hackers and their motivations, common hacking tools, and ways to prevent hacking. It discusses how hacking involves illegally accessing private information from computer systems and networks with malicious intent. Hacking is considered a serious crime under federal and international law. The document also explores debates around the definition of "hacker" and whether all forms of hacking should be considered unethical.
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Cyber safety refers to the safe and responsible use of the internet to protect personal information and privacy. It involves practices like using firewalls and private browsing, being careful about what information is shared online, and protecting devices from viruses and hackers. Cybercrimes like bullying, stalking, and spreading rumors are illegal and should be reported. Users should manage privacy settings, be cautious of what they post, and avoid online arguments. Computer security relies on firewalls, antivirus software, and safe browsing habits to prevent issues like viruses, spyware, intrusions, and identity theft.
Download DOC Word file from below links
Link 1: http://gestyy.com/eiT4zZ
Link 2: http://fumacrom.com/RQRL
Disclaimer: Above doc file is only for education purpose only
Contains some important questions on information security/cyber security
Q1) When you want to authenticate yourself to your computer, most likely you type in your username and password. The username is considered public knowledge, so it is the password that authenticates you. Your password is something you know.
1.1 It is also possible to authenticate based on something you are, that is, a physical characteristic. Such a characteristic is known as a biometric. Give an example of biometric-based authentication.
1.2 It is also possible to authenticate based on something you have, that is, something in your possession. Give an example of authentication based on something you have.
1.3 Two-factor authentication requires that two of the three authentication methods (something you know, something you have, something you are) be used. Give an example from everyday life where two-factor authentication is used. Which two of the three are used?
Q2) Malware is software that is intentionally malicious, in the sense that it is designed to do damage or break the security of a system. Malware comes in many familiar varieties, including viruses, worms, and Trojans.
2.1 Has your computer ever been infected with malware? If so, what did the malware do and how did you get rid of the problem? If not, why have you been so lucky?
2.2 In the past, most malware was designed to annoy users. Today, it is often claimed that most malware is written for profit. How could malware possibly be profitable?
Q3) What is war dialling and war driving?
Q4) Suppose that we have a computer that can test 240 keys each second.
4.1 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 288?
4.2 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 2112?
4.3 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 2256?
Q5) What kind of attacks are possible on mobile/cell phones? Explain with example.
Q6) Explain the countermeasures to be practiced for possible attacks on mobile/cell phones.
Norbert Wiener's work during World War II laid the foundations for the field of computer ethics. His book discussed the purpose of human life, principles of justice, applied ethics methods, and key computer ethics topics and issues. One of the largest early computer crimes occurred from 1970-1973 when a bank teller embezzled over $1.5 million by hacking hundreds of customer accounts. In 2013, hackers briefly crashed stock prices by tweeting a false report that President Obama had been injured in an attack. Professional organizations have established ethics codes to guide computing professionals and users. Common computer crimes include financial fraud, hacking, software and hardware piracy, and computer viruses. Data security relies on physical safeguards, access controls,
Get cyber defense security topics & protection from cyber crime only at homecyberdefense.net and subscribe us for cyber security issues.
Get online cyber security, online safety, malware, adware, social media and computer security; also check to see how it is safe from cybercrime.
How to win friends and influence people Arabic.pdfssuser2209e8
Six ways to Make People Like You
Become genuinely interested in other people.
Smile.
Remember that a person's name is to that person the sweetest and most important sound in any language.
Be a good listener. ...
Talk in terms of the other person's interests.
Make the other person feel important – and do it sincerely.
We’ve all heard it: leaders who just love to hear themselves talk…and talk and talk…never landing on a point or delivering a clear message. If you’ve ever been told you’re an “over talker” or that people don’t understand you, try a couple of these tips:
Think about the “headline” of what you want to say – and say that first.
Include a few specifics, but keep your points crisp – edit yourself.
Pay attention to your listeners – respond to their interests.
Target your message to your audience – it’s not about you.
Ditch the filler words – they keep your mouth moving but add no value.
If you are an introvert, starting a conversation may be difficult, but it’s a skill that can and should be developed. Social conversations can be a great foundation to nurture and develop work relationships. And, through the simple art of conversation, you can begin building enough social capital to address tough issues when you have to.
Here are a few tips to think about:
Think ahead…have a story, a question or a news item to share for any occasion…a hallway conversation, meeting or event.
Listen more than you talk…ask interesting questions; be genuine; focus on others.
Tailor your conversation…a political topic with a like-minded politico is okay; but don’t say “how are those Vikings” if your listener doesn’t watch football.
Take your turn…a conversation is a group project with no room for monologues even if you think you are clever, funny and engaging.
Be authentic…don’t use a phony politeness; drop any affectations or phrases that you think are cool or trendy. Be you.
If you have problem of not knowing how to build a foundation for information security, if you are faced with questions such as where to start and how to start then this white paper may have the solutions and answers for you. In this paper you learn how to build the foundation step by step. It is written by the expert but in a simple language that is easy to understand. I have seen many papers that addressed this issue but none in the style of this paper.
This white paper provides an introduction to information system risk management. It defines risk as a function of the likelihood and impact of threats exploiting vulnerabilities. The paper discusses why risk management is important, and describes common methods for assessing and managing risks, including qualitative analysis, quantitative scoring, and frameworks from NIST, OCTAVE, and others. The goal is to help organizations prioritize and address risks in a cost-effective manner to support their missions.
This 4-day Information Security Training course provides foundational knowledge and skills to analyze network risks and select appropriate countermeasures. Through hands-on exercises, students will learn to evaluate strong authentication methods, search for operating system vulnerabilities, and protect systems and data using firewalls and encryption. The training covers topics such as cryptography, user and host identity verification, system and network intrusion prevention, and ensuring network confidentiality. There are no prerequisites for the course.
This document summarizes a self-awareness workshop that included exercises on understanding oneself, self-esteem, and effective group processes. Participants introduced themselves and discussed qualities of self-managed individuals. Exercises explored self-awareness using questionnaires and the Johari window model of personal awareness. The group also took part in a survival simulation ranking necessary items and reflecting on roles within the team. The workshop aimed to help participants develop greater self-awareness, establish goals, and improve their effectiveness through ongoing introspection.
Theories behind Gamification of Learning and Instruction.pptxssuser2209e8
This document outlines several theories related to motivation and gamification of learning. It discusses intrinsic and external motivation, the ARCS model of motivation which focuses on attention, relevance, confidence and satisfaction. It also covers Malone's theory of intrinsically motivating instruction related to challenge, fantasy and curiosity. Additionally, it summarizes operant conditioning, cognitive apprenticeship, social learning theory, and the concept of flow as they relate to gamification and motivating learning.
This document outlines a negotiation course that teaches a four-stage process: 1) prepare a strategy, 2) negotiate using key tactics like understanding power and psychological tools, 3) close with a contract, and 4) perform and evaluate. Stage 2 focuses on getting to know the other side, understanding your relative power by considering your Best Alternative To a Negotiated Agreement (BATNA), and using psychological tactics while avoiding traps.
1) The document outlines a course on negotiation and alternative dispute resolution. It covers preparing for negotiation, negotiation tactics, creating agreements, and evaluating outcomes.
2) It also discusses how to prevent disputes, different ADR concepts and tools like arbitration and mediation, and examples of successful ADR programs that improved outcomes for clients.
3) Examples show how open communication, apologizing for mistakes, and focusing on reasonable resolutions can improve client satisfaction compared to traditional defensive legal responses.
This document outlines the key elements needed to create a valid contract: an agreement between two parties, consideration (exchange of value), legality of the agreement, and whether the agreement must be in writing. It discusses consideration and legality as two important factors when creating contracts.
The document outlines a 4-stage negotiation process: 1) prepare a strategy, 2) use key negotiation tactics like understanding the other side and your power, 3) create a contract to close the negotiation, and 4) perform and evaluate the results. It also provides tips for conversational intelligence, including asking questions, listening, and summarizing the other person's perspective.
How to design a leadership program.pdfssuser2209e8
This document provides guidance on designing leadership development programs. It discusses why organizations should invest in leadership development to drive better business results, respond to change, and foster organizational agility. It also outlines several opportunities for leadership development programs, such as developing high-potential employees, supporting continuous learning, onboarding senior leaders, succession planning, innovation/change management, and strengthening organizational culture. Sample outlines are provided for how leadership development programs could support the specific needs of two example organizations.
This document is a training manual for a workshop on assertiveness and self-confidence. The workshop consists of 12 modules that cover topics such as defining assertiveness and self-confidence, overcoming negative thinking, communication skills like listening and body language, goal setting, building self-worth, and dealing with difficult situations. The objectives of the workshop are to define key terms, understand obstacles to goals, improve communication abilities, learn the importance of goal setting, and develop coping techniques. Participants will engage in case studies and review questions to help apply the concepts.
The Ipsos - AI - Monitor 2024 Report.pdfSocial Samosa
According to Ipsos AI Monitor's 2024 report, 65% Indians said that products and services using AI have profoundly changed their daily life in the past 3-5 years.
State of Artificial intelligence Report 2023kuntobimo2016
Artificial intelligence (AI) is a multidisciplinary field of science and engineering whose goal is to create intelligent machines.
We believe that AI will be a force multiplier on technological progress in our increasingly digital, data-driven world. This is because everything around us today, ranging from culture to consumer products, is a product of intelligence.
The State of AI Report is now in its sixth year. Consider this report as a compilation of the most interesting things we’ve seen with a goal of triggering an informed conversation about the state of AI and its implication for the future.
We consider the following key dimensions in our report:
Research: Technology breakthroughs and their capabilities.
Industry: Areas of commercial application for AI and its business impact.
Politics: Regulation of AI, its economic implications and the evolving geopolitics of AI.
Safety: Identifying and mitigating catastrophic risks that highly-capable future AI systems could pose to us.
Predictions: What we believe will happen in the next 12 months and a 2022 performance review to keep us honest.
Natural Language Processing (NLP), RAG and its applications .pptxfkyes25
1. In the realm of Natural Language Processing (NLP), knowledge-intensive tasks such as question answering, fact verification, and open-domain dialogue generation require the integration of vast and up-to-date information. Traditional neural models, though powerful, struggle with encoding all necessary knowledge within their parameters, leading to limitations in generalization and scalability. The paper "Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks" introduces RAG (Retrieval-Augmented Generation), a novel framework that synergizes retrieval mechanisms with generative models, enhancing performance by dynamically incorporating external knowledge during inference.
Learn SQL from basic queries to Advance queriesmanishkhaire30
Dive into the world of data analysis with our comprehensive guide on mastering SQL! This presentation offers a practical approach to learning SQL, focusing on real-world applications and hands-on practice. Whether you're a beginner or looking to sharpen your skills, this guide provides the tools you need to extract, analyze, and interpret data effectively.
Key Highlights:
Foundations of SQL: Understand the basics of SQL, including data retrieval, filtering, and aggregation.
Advanced Queries: Learn to craft complex queries to uncover deep insights from your data.
Data Trends and Patterns: Discover how to identify and interpret trends and patterns in your datasets.
Practical Examples: Follow step-by-step examples to apply SQL techniques in real-world scenarios.
Actionable Insights: Gain the skills to derive actionable insights that drive informed decision-making.
Join us on this journey to enhance your data analysis capabilities and unlock the full potential of SQL. Perfect for data enthusiasts, analysts, and anyone eager to harness the power of data!
#DataAnalysis #SQL #LearningSQL #DataInsights #DataScience #Analytics
End-to-end pipeline agility - Berlin Buzzwords 2024Lars Albertsson
We describe how we achieve high change agility in data engineering by eliminating the fear of breaking downstream data pipelines through end-to-end pipeline testing, and by using schema metaprogramming to safely eliminate boilerplate involved in changes that affect whole pipelines.
A quick poll on agility in changing pipelines from end to end indicated a huge span in capabilities. For the question "How long time does it take for all downstream pipelines to be adapted to an upstream change," the median response was 6 months, but some respondents could do it in less than a day. When quantitative data engineering differences between the best and worst are measured, the span is often 100x-1000x, sometimes even more.
A long time ago, we suffered at Spotify from fear of changing pipelines due to not knowing what the impact might be downstream. We made plans for a technical solution to test pipelines end-to-end to mitigate that fear, but the effort failed for cultural reasons. We eventually solved this challenge, but in a different context. In this presentation we will describe how we test full pipelines effectively by manipulating workflow orchestration, which enables us to make changes in pipelines without fear of breaking downstream.
Making schema changes that affect many jobs also involves a lot of toil and boilerplate. Using schema-on-read mitigates some of it, but has drawbacks since it makes it more difficult to detect errors early. We will describe how we have rejected this tradeoff by applying schema metaprogramming, eliminating boilerplate but keeping the protection of static typing, thereby further improving agility to quickly modify data pipelines without fear.
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Discussion on Vector Databases, Unstructured Data and AI
https://www.meetup.com/unstructured-data-meetup-new-york/
This meetup is for people working in unstructured data. Speakers will come present about related topics such as vector databases, LLMs, and managing data at scale. The intended audience of this group includes roles like machine learning engineers, data scientists, data engineers, software engineers, and PMs.This meetup was formerly Milvus Meetup, and is sponsored by Zilliz maintainers of Milvus.
2. Module One: Getting
Started
Every organization is responsible
for ensuring cybersecurity. The
ability to protect its information
systems from impairment or
even theft is essential to success.
At the end of the
day, the goals
are simple:
safety and
security.
Jodi Rell
4. Module Two: Cybersecurity
Fundamentals
Before developing and implementing
security measures to prevent
cyberattacks, you must understand
basic concepts associated with
cybersecurity and what cyberattacks
are.
U.S. computer
networks and
databases are
under daily
cyber-attack by
nation states,
international
crime
organizations,
subnational
groups, and
individual
hackers.
John O. Brennan
9. Case Study
Patrick and Willow are opening answering service
business
Patrick says security is not necessary
Willow says hackers can break in
This will disrupt business
10. Module Two: Review Questions
1. Cyberspace refers to which of the following?
a) Computer-to-computer activity.
b) Individual-to-individual activity.
c) Supervisor-to-employee activity.
d) Computer-to-physical location activity.
Cyberspace is not a physical location. It is an environment where computer transaction take
place.
2. What is an item that is included in cyberspace?
a) Network.
b) Software.
c) Application.
d) All of the above.
In addition to the above, devices, processes, and information storage are a part of cyberspace.
11. Module Two: Review Questions
3. Why is cybersecurity implemented?
a) To speed up the network of a company’s computers.
b) To avoid the disruption of a company’s business.
c) To increase the number of clients a company has.
d) To lessen the number of employees a company employs.
Cybersecurity helps companies avoid disruption inflicted by hackers, thus
not slowing down the company’s productivity.
4. Cybersecurity helps control physical access to and prevents danger that
may come in from:
a) Hardware.
b) Network access.
c) Code injection.
d) All of the above.
This helps prevent damage to the company’s entire information systems.
12. Module Two: Review Questions
5. What type of information is NOT secure information that is likely to be compromised in a data
security breach?
a) Intellectual property.
b) Credit card information.
c) The name of a company’s CEO.
d) Social security numbers.
The name of a company’s CEO is public information. Information that is not considered public, such as
names and social security numbers and bank details could fall victim to a data security breach.
6. What is the main purpose of computer sabotage?
a) To disable a company’s computers or networks to prevent it from conducting business.
b) To disable a company’s computers or networks to prevent it from being able to obtain a business
license.
c) To disable a company’s computers or networks to prevent it from being able to hire employees.
d) To disable a company’s computers or networks to prevent it from being able to give its employees
raises.
Data security breaches and sabotage can both have dire effects on a company and/or its clients.
13. Module Two: Review Questions
7. Why do “grey hat” hackers typically hack into computers?
a) To steal data for monetary gain.
b) For the fun of it.
c) To find vulnerabilities in a computer system so the company can fix them before hackers with
bad intentions can exploit them.
d) To sell data for monetary gain.
There are three types of hacker:
Grey hats: These hackers do so “for the fun of it”.
Black hats: These hackers have malevolent reasons for doing so, such as stealing and/or selling
data for monetary gain.
White hats: These hackers are employed by companies to hack into systems to find where the
company is vulnerable, with the intention of ensuring the safety of the data from hackers
with ill intentions.
14. Module Two: Review Questions
8. Why do “white hat” hackers typically hack into computers?
a) To steal data for monetary gain.
b) For the fun of it.
c) To find vulnerabilities in a computer system so the company can fix them before hackers with
bad intentions can exploit them.
d) To sell data for monetary gain.
There are three types of hacker:
Grey hats: These hackers do so “for the fun of it”.
Black hats: These hackers have malevolent reasons for doing so, such as stealing and/or selling
data for monetary gain.
White hats: These hackers are employed by companies to hack into systems to find where the
company is vulnerable, with the intention of ensuring the safety of the data from hackers
with ill intentions.
15. Module Two: Review Questions
9. What type of business are Patrick and Willow opening?
a) Restaurant.
b) Flower shop.
c) Answering service.
d) Bike shop.
Patrick and Willow are in the process of opening an answering service business, and they are
trying to decide whether or not they need security for their computer systems.
10. Does Willow think they need security for their computers? What is her reasoning?
a) No, because their business is small.
b) Yes, because they are vulnerable to hackers.
c) No, because the type of business they run doesn’t require it.
d) Yes, because federal law requires them to have it.
Willow believes they need security for their systems because she recognizes their vulnerability
to hackers. Patrick doesn’t believe it’s necessary because they have a small business.
16. Module Three: Types of
Malware
”Malware” is the shortened form for
malicious software, which is intrusive
software, used to perform actions
such as interrupting computer
operations and obtaining sensitive
information.
Cyber bullies can
hide behind a
mask of
anonymity
online, and do
not need direct
physical access
to their victims
to do
unimaginable
harm.
Anna Maria
Chavez
21. Case Study
Employees notice their computers are moving slowly
Harry’s computer settings have changed
Tom’s files have been deleted
Jerry’s computer has similar issues
22. Module Three: Review Questions
1. How do worms work?
a) They are always downloaded as email attachments.
b) They are automatically installed on every computer.
c) They must attach themselves to existing programs in order to spread.
d) They reproduce themselves to infect other computers.
Worms are independent malware programs that can spread to other computers.
2. Which of the following does the lesson NOT list as damage that worms can cause?
a) Bandwidth consumption.
b) Immobilizing Safe Mode.
c) Corrupting files.
d) Stopping active anti-malware service.
In addition to the above, worms can hindering Windows auto update.
23. Module Three: Review Questions
3. When can infected files infect other computers?
a) When the file is shared with other computers.
b) Whether or not the file is shared with other computers.
c) They automatically infect other computers within the same network of the originally infected
computer
d) Never.
It can infect files and when the file is opened, spread the virus throughout your computer. The virus
will further spread if the infected file is shared with others.
4. Which of the following does the lesson NOT list as damage that viruses can cause?
a) Computer slowdown.
b) Corrupting files.
c) Taking over basic functions of the operating system.
d) Bandwidth consumption.
A computer virus is a program that hides within a harmless program that reproduces itself to perform
actions such as destroying data.
24. Module Three: Review Questions
5. Spyware is commonly used to bombard the user with:
a) Emails without attachments.
b) Unsolicited text messages.
c) Emails with attachments.
d) Pop-up ads.
Spyware is also used to obtain information about an individual or company without their
knowledge or consent. The data gathered from this act of “spying” is sometimes sent to
another entity. It can also be used to gain control over one’s computer without the user
realizing it.
6. Which of the following does the lesson NOT list as damage that Spyware can cause?
a) Crashing the computer.
b) Collecting personal information.
c) Installing unsolicited software.
d) Redirecting web browsers.
In addition to the above, the lesson mentions that Spyware can change computer settings and
slow down the Internet connection.
25. Module Three: Review Questions
7. How do Trojans gain access to computers?
a) By being installed via a disk.
b) By misleading the user of its true intention.
c) By spreading via legitimate email attachments.
d) None of the above.
They spread in sneaky ways. For example, a user may receive an email attachment that appears to be
legitimate, but when he/she opens it, it in fact gives the attacker the opportunity to obtain the
user’s personal information, such as banking details and passwords.
8. Which of the following does the lesson NOT list as damage that Trojans can cause?
a) Crashing the computer.
b) Deleting files.
c) Corrupting data.
d) Redirecting web browsers.
In addition to the above, the lesson mentions that Trojans can log keystrokes.
26. Module Three: Review Questions
9. What do many employees at XYZ Company notice about their computers?
a) That they are running slowly.
b) That they have crashed.
c) That their files have become corrupt.
d) That Safe Mode is no longer working.
Many employees at XYZ Company have noticed that their computers are moving slowly. In
addition, Harry has noticed changes to the settings of his computer and the redirecting of
his browser. Files that are supposed to be on Tom’s computer have been deleted.
10. What does Harry say has happened to his computer?
a) Computer setting changes and web browser redirecting.
b) Deleted files.
c) Bandwidth consumption.
d) Computer crashed.
Many employees at XYZ Company have noticed that their computers are moving slowly. In
addition, Harry has noticed changes to the settings of his computer and the redirecting of
his browser. Files that are supposed to be on Tom’s computer have been deleted.
27. Module Four: Cyber Security
Breaches
Cyber security breaches are the
result of secure information being
released to a treacherous
environment.
Choosing a
hard-to-guess,
but easy-to-
remember
password is
important!
Kevin Mitnick
32. Case Study
Paula banks and works for 123 Bank
She received “unauthorized transaction” email
Paula asked Emily if she should click on link in
email
Emily said company would not send that email
33. Module Four: Review Questions
1. How do phishing scam criminals attract their victims?
a) By appearing to be a legitimate source.
b) By threatening them.
c) Both of the above.
d) None of the above.
Phishing scams are typically carried out by the perpetrator appearing to be helpful. Once the
victim has been lured in, the attack takes place.
2. What is not one of the ways phishing uses individuals’ information?
a) To obtain identifying information such as social security number, for malicious purposes.
b) To commit crimes in the person’s name.
c) To steal banking details for personal gain.
d) To keep the person’s information safe.
The intention of the phishing scammer is never to do anything that benefits the victim.
34. Module Four: Review Questions
3. What quote is mentioned in the “Identity Theft” lesson?
a) Identity theft is a serious crime that affects millions of Americans each year.
b) I don’t need to worry about identity theft because no one wants to be me.
c) An ounce of prevention is worth a pound of cure.
d) If we don’t act now to safeguard our privacy, we could all become victims of identity theft.
This quote basically means taking steps beforehand to prevent identity theft from taking place
can save the headache of recovering from falling victim to identity theft.
4. Of the following, which is not mentioned in the “Identity Theft” lesson as a way to help
prevent identity theft?
a) Be mindful of phishing websites.
b) Protect your passwords.
c) Utilize an Anti-Virus / Anti-Malware program.
d) Don’t respond to unsolicited requests for secure information.
Those who seek to steal another’s identity typically do so and move on quickly, making it
difficult to track and prosecute the perpetrator, so it is best to work to prevent it from
happening in the first place.
35. Module Four: Review Questions
5. What is the first thing to do when you discover you have been a victim of cyberbullying?
a) Respond immediately.
b) Compose yourself before responding.
c) Call the police.
d) Shut down your computer.
Immediately responding to a cyberbully attack may worsen the situation because the response
will most likely come from a place of emotion. It is best to respond once you gather your
thoughts and the things you want to say.
6. What is a characteristic of cyber bullying?
a) Can affect companies as well as individuals.
b) Is limited to adults.
c) Is limited to teenagers.
d) Only affects companies.
Although cyberbullying is most commonly seen as an issue that teenagers deal with, it can also
affect individual adults and companies.
.
36. Module Four: Review Questions
7. What does the lesson mention on how cyberstalking is punishable?
a) Monetary penalties only.
b) Monetary penalties and jail time.
c) Restraining order and monetary penalties.
d) Restraining order and jail time.
There are many ways to be punished when found guilty of cyberstalking. However, the lesson only
mentions a restraining order and jail time.
8. What is not mentioned in the “Cyberstalking” lesson as an anti-stalking tip?
a) Log out of programs before stepping away from your desk.
b) Do not leave on your computer through the night.
c) Protect passwords.
d) Keep security software updated.
Although not leaving on the computer through the night may be helpful, the lesson does not mention
this.
37. Module Four: Review Questions
9. Receiving an email that says, “We suspect an unauthorized transaction on your account. To
ensure that your account is not compromised, please click the link below and confirm your
identity”, is MOST likely characteristic of what?
a) Cyberbullying.
b) Cyberstalking.
c) Harassment.
d) Phishing.
With phishing, cyber thieves may send emails that appear to be from legitimate sources,
requesting that the user click on a link to confirm information. Clicking on the link allows the
thieves to steal some of the user’s information, which could ultimately lead to identity
theft.
10. What does Emily tell Paula about the email she received?
a) Their company does that all of the time and she should click the link.
b) Their company does that sometimes, but she should confirm with their supervisor.
c) Their company doesn’t do that, and most companies don’t.
d) She is not sure what Paula should do.
Emily doesn’t believe it is wise for Paula to click on the link.
38. Module Five: Types of Cyber
Attacks
Cyber attacks are orchestrated by
individuals or groups to destroy the
information systems, networks, etc.
of others.
Love is great,
but not as a
password.
Matt
Mullenweg
43. Case Study
Kurt and Jeff are setting up passwords
Kurt wants to create password with various
characters
Jeff wants to create password with letters only
Jeff has to call technical support
44. Module Five: Review Questions
1. You should create a password that is:
a) Easy for you to remember and easy for others to figure out.
b) Difficult for you to remember but easy for others to figure out.
c) Easy for you to remember but difficult for others to figure out.
d) Difficult for you to remember and difficult for others to figure out.
One of the purposes of creating a strong password is to prevent unauthorized users from having
access to it. Because of this, the password should be something that only you can easily
remember.
2. What should your password include?
a) Upper and lower case letters.
b) Upper and lower case letters, numbers, and symbols.
c) Numbers and symbols.
d) Upper case letters, numbers, and symbols.
Part of creating a strong password, is crafting one that is difficult for others to figure out. Using a
variety of characters such as upper and lower case letters, numbers, and symbols should help
accomplish that.
45. Module Five: Review Questions
3. What is a denial of service attack?
a) An attack that prevents unintended users from being able to access a network.
b) An attack that prevents users from being able to access a network in the early morning hours
only.
c) An attack that prevents users from being able to access a network in the late night hours
only.
d) An attack that prevents intended users from being able to access a network.
This can manifest as although the user puts in the correct password, the system says it’s
incorrect and after a certain number of times locks out the user. It can also overload the
network so that no one can get in.
46. Module Five: Review Questions
4. Which of the following is not mentioned in the “Denial of Service Attack” lesson as damage
that denial of service attacks can cause?
a) Network performs slowly.
b) A particular website is inaccessible.
c) Receiving a large amount of spam emails.
d) None of the above.
In addition to the above, the lesson mentions that this type of attack could make it so no
website is accessible.
5. What is the purpose of a passive attack?
a) To find network vulnerabilities and immediately change data.
b) To warn the network user of an impending active attack.
c) To find network vulnerabilities but not change data at the time.
d) To warn the network user of vulnerabilities so the user can fix them.
Although it may seem like a harmless act at the time, if the intruder is able to obtain the “right”
information, he/she can use that in the future to cause irreparable damage.
47. Module Five: Review Questions
6. In the lesson, passive attacks are likened to:
a) Eavesdropping.
b) Murder.
c) Downloading.
d) Overloading.
Although in this type of attack, the goal is not to cause immediate damage, if the intruder happens to
hear significant information, it will likely be employed against the user in the future.
7. What is penetration testing used for?
a) In a controlled environment, to find vulnerabilities in the network, but not exploit them.
b) In a controlled environment, to find vulnerabilities in the network and exploit those vulnerabilities
to see what impact an actual attack would have.
c) In an uncontrolled environment, to find vulnerabilities in the network and exploit those
vulnerabilities to see what impact an actual attack would have.
d) In an uncontrolled environment, to find vulnerabilities in the network, but not exploit them.
Companies use penetration testing within their organization to determine if there are vulnerabilities in
their network system, and if there are some, what impact would occur as a result of an attack
against it.
48. Module Five: Review Questions
8. Which of these is discussed in the “Penetration Testing” lesson as a reason that companies
implement such testing?
a) Establish the likelihood of a specific attack occurring.
b) Detect high risk vulnerabilities that can result from a grouping of low risk vulnerabilities that take
place in a particular pattern.
c) Determine the bearing an attack will have on a company.
d) All of the above.
In addition to the above, a company would implement penetration testing to assess the company’s
network risk management capabilities.
9. Kurt’s password will consist of:
a) Numbers, letters, and symbols.
b) Numbers only.
c) Letters only.
d) Symbols only.
Kurt’s logic behind creating a password with numbers, letters, and symbols is that doing so will make
it harder for others to figure it out.
49. Module Five: Review Questions
10. Receiving a large amount of spam mail and being locked out of the system after putting in the
correct password, but not given access are characteristic of which of the following?
a) Password attack.
b) Denial of service.
c) Denial of service and password attack.
d) None of the above.
Additionally, denial of service can manifest as the network performing slowly, the inability to access a
particular website, and the inability to access the Internet as a whole.
50. Module Six: Prevention Tips
Although it may not be possible to
completely avoid falling victim to
cybercrime, having a tool kit of
prevention methods could help your
organization minimize the risk of
such crimes damaging the reputation
of your company or faith of your
clients/customers.
Identity theft is
one of the
fastest-growing
crimes in the
nation -
especially in the
suburbs.
Melissa Bean
51. Crafting a Strong Password
Unique
Various
characters
No common
words
No consecutive
characters
54. Question Legitimacy of Websites
Type URL
Question
sender’s
intention
Anti-Virus and
Anti-Spyware
55. Case Study
Ann is discussing security tips with trainees
She says to create a strong password
Ann talks about Two-Step Verification
Carl is curious about policy for opening
attachments
56. Module Six: Review Questions
1. What is the best way to store a password?
a) On a sticky note on your desk.
b) In your memory.
c) In your phone.
d) In a notebook located in an unlocked desk.
When it comes to storing a password, the ideal scenario would be to memorize it. If
that is not possible, store it in a secure location that few people have access to.
2. When is it best to use one password for all of your accounts?
a) If you have no more than two accounts.
b) If you have no more than three accounts.
c) Never.
d) If you have no more than four accounts.
Using different passwords for each of your accounts is the most effective way to keep
your accounts safe.
57. Module Six: Review Questions
3. In the “Two-Step Verification” lesson, which of these is mentioned as something that may be
used for authentication purposes?
a) Token.
b) Key.
c) Password.
d) All of the above.
This lesson states that a token, key, password, pin, fingerprint, and voice recognition can be
used to authenticate an individual’s identity.
4. The “Two-Step Verification” lesson states that which of these can be used to confirm an
individual’s identity?
a) Pin.
b) Fingerprint.
c) Voice recognition.
d) All of the above.
This lesson states that a token, key, password, pin, fingerprint, and voice recognition can be
used to authenticate an individual’s identity.
58. Module Six: Review Questions
5. What is true of an email attachment with an extension of .doc?
a) It could be a Trojan.
b) It should never be downloaded.
c) It will always be a legitimate attachment.
d) It should only be downloaded if it is sent from a co-worker.
Email attachments should always be opened with caution. Even if it appears to come
from someone you know and has a legitimate extension, it could still be
something that will attack your computer.
6. What is a way to protect yourself when it comes to opening attachments?
a) Regularly update software patches.
b) Go with your gut.
c) Save and scan the true sender of the attachment.
d) All of the above.
These are just a few of the many ways to protect yourself when deciding whether or
not you should open an attachment.
59. Module Six: Review Questions
7. Opening a website that appears to be legitimate but is a spoof can do all of the following, except:
a) Slow down the speed of your computer.
b) Cause a loss of files.
c) Increase the speed of your computer.
d) Cause a stolen identity.
The purpose of spoof sites is to steal the user’s information or damage their computer in some way.
8. Which of these is not mentioned as a precautionary measure to avoid opening a spoof website?
a) Type the complete URL in the browser.
b) Question the intention of the sender of an unsolicited request to visit a website.
c) Ensure your Anti-Virus / Anti-Spyware is up-to-date.
d) Visit the website from at least two different computers to make sure it is legitimate.
60. Module Six: Review Questions
9. What does Ann tell the trainees about why the company has a two-step verification process?
a) Because the federal law requires it.
b) Because the state law requires it.
c) So that only the authorized user can access the account.
d) So they can weed out the employees who are not serious about computer security.
Two-step verification is an extra measure of security that can make the difference between only
authorized users having access to a system and unauthorized users having access to it.
10. Who asks about the company’s policy on opening email attachments?
a) Carl.
b) Ann.
c) An unnamed trainee.
d) Sybil.
Carl asks about the company’s policy on opening email attachments and is likely doing so
because he understands the importance of downloading attachments with care and would
could happen as a result if unsafe attachments are opened.
61. Module Seven: Mobile Protection
It is just as important to protect your
Smartphone as it is your computer.
With phones having many of the
same capabilities as computers, they
are open to many of the same
vulnerabilities that computers face.
The beginnings
of the hacker
culture as we
know it today
can be
conveniently
dated to 1961,
the year MIT
acquired the
first PDP-1.
Eric S. Raymond
65. No Personalized Contacts
Listed
You’ve created a lock on your phone and regularly lock it when
it’s not in use. You quickly step away from your desk with your
phone on it, and forget to lock it. Someone who doesn’t have
permission to touch your phone, decides to go through your
contact list.
66. Case Study
Delores and Earl have cell phones to conduct business
Their manager told them to lock their phones
Delores wants to save credit card data on
phone
Earl says that’s not a good idea
67. Module Seven: Review Questions
1. Credit card numbers:
a) Should only be stored in your phone if you have less than three credit cards.
b) Should only be stored in your phone if you have less than two credit cards.
c) Should always be stored in your phone.
d) Should not be stored in your phone, if possible.
The easy access you have to credit card numbers stored in your phone can unfortunately also be
available to unauthorized users.
2. What is a way to safeguard credit card information that you must store on your phone?
a) Encryption.
b) Tokenization.
c) Both of the above.
d) None of the above.
If possible, it is best to avoid storing credit card information on your phone. If you must,
safeguard the data with tokenization and/or encryption.
68. Module Seven: Review Questions
3. When setting up a lock on your phone that can be opened with a password:
a) Use a password that is the same as all of your other passwords.
b) Use a password that is different from all of your other passwords.
c) Use a password that has no more than five characters.
d) Use a password that has no more than three characters.
It may be tempting to set up your phone with the same password you use for another
account, but to help ensure the security of your phone, it is best to use something
different.
4. To create a strong password, it should have:
a) Letters and numbers.
b) Numbers and symbols.
c) Letters, numbers, and symbols.
d) Letters and symbols.
A strong password includes various types of characters, such as letters, numbers, symbols,
and emoticons.
69. Module Seven: Review Questions
5. What should be your back-up method if you cannot remember your password?
a) Write down and place in a secure location.
b) Save it on your phone.
c) Write it down and leave it with a person you trust.
d) Any of the above.
The ideal situation is to remember your password, but if that is not possible, write it down and
store securely. Never share your passwords with anyone and do not save it in your phone, in
case you lose it or an unauthorized person uses it.
6. The “Don’t Save Passwords” lesson states that passwords should be secured where?
a) In a co-worker’s files.
b) On the main screen of your phone.
c) In a closet.
d) In a safe.
If you must write down your password, secure it in a safe or locked drawer.
70. Module Seven: Review Questions
7. What is the name of the person in the contact list?
a) Bill Johnson.
b) John Taylor.
c) Jim Smith.
d) Bob Jones.
Bob Jones, the manager of ABC Company was in the contact list.
8. What was the job title of the person in the contact list?
a) Quality representative.
b) Manager.
c) Account manager.
d) Client relations representative.
Bob Jones, the manager of ABC Company was in the contact list.
71. Module Seven: Review Questions
9. What does Delores want to save on her phone?
a) Customers’ credit card information.
b) Passwords for her social media accounts.
c) Her boss’ birthday.
d) The address to a client’s office.
Delores was happy about receiving the company phone because she saw it as a convenient way to
store customers’ credit card information.
10. What does Delores and Earl’s manager encourage them to do?
a) Recharge their phones every three hours.
b) Only use their phones after 2:00 p.m.
c) Save customers’ credit card information on their phones.
d) Lock their phones when they’re not in use.
In addition to instructing them to lock their phones, Delores and Earl’s manager advised them to
put a password on the phone and memorize it.
72. Module Eight: Social Network
Security
Many people forget that with social
networking, although they are not
meeting with people face-to-face,
revealing too much information
about oneself could still lead to
dangerous situations, such as social
engineering attacks.
The hacker
mindset doesn't
actually see
what happens
on the other
side, to the
victim.
Kevin Mitnick
77. Case Study
Reagan is setting up business social media accounts
She wants to link business account to personal
accounts
She discusses her plan with Isabel
Isabel questions the idea
78. Module Eight: Review Questions
1. What is the MOST effective thing to do if a social media site requires you to put in your address?
a) Put in your actual location.
b) Put in a fake address.
c) Contact customer service and complain.
d) Refuse to open an account.
Many social media platforms require that you add your location. For your safety and the security of
your personal information, it is best to get around this by inputting a fake address.
2. Which of these is NOT mentioned in the “Don’t Reveal Location” lesson of potential things that can
happen as a result of inputting your real location?
a) Burglary.
b) Harassment.
c) Stalking.
d) Stolen identity.
Although stolen identity, among other things are possible when disclosing information about yourself,
it is not mentioned in this lesson as a potential danger.
79. Module Eight: Review Questions
3. If your birthday is visible on your account, what part of it should you not include?
a) Month.
b) Day.
c) Year.
d) Day of the week you were born.
If at all possible, it’s best to avoid including your birthday. If the birthday must be visible, avoid
including the year. Knowing an individual’s full birthday, along with other pieces of information,
makes it easier for someone to maliciously use the data.
4. The first sentence of the “Keep Birthdate Hidden” lesson says, “Giving away your birthday seems
like a ______ act...”
a) Harmless.
b) Wise.
c) Foolish.
d) Noble.
According to the lesson, “Giving away your birthdate seems like a harmless act, but when a criminal
has your birthday, they have one of the several pieces of information needed to steal your
identity.”
80. Module Eight: Review Questions
5. Which of these is NOT mentioned in “Have Private Profile” as one of the common
social media platforms used?
a) Facebook.
b) YouTube.
c) Instagram.
d) Twitter.
This lesson mentions Facebook, Instagram, Twitter, Google+, LinkedIn, and Pinterest.
6. Of the following, which is NOT listed in “Have Private Profile” as a common social
media website?
a) Google+.
b) LinkedIn.
c) Flickr.
d) Pinterest.
This lesson mentions Facebook, Instagram, Twitter, Google+, LinkedIn, and Pinterest.
81. Module Eight: Review Questions
7. You should:
a) Always link your business and personal accounts.
b) Never link your business and personal accounts.
c) Only link your business and personal accounts if you have only one of each.
d) Only link your business and personal accounts if you have less than three of each.
Never link your business and personal accounts. What seems appropriate for your
personal account may be completely inappropriate for your business account.
8. Which of these is NOT listed as a reason to not link your social media accounts?
a) Decreased risk of identity theft.
b) Automated posting.
c) Same messages across different platforms.
d) Increased risk of identity theft.
In addition to the above, the lesson mentions “More of a chance of receiving spam in
inbox (which can be malware and/or viruses)” as a reason not to link accounts.
82. Module Eight: Review Questions
9. Who wants to link their personal and business social media accounts?
a) Isabel.
b) Reagan.
c) Both Reagan and Isabel.
d) Neither Reagan nor Isabel.
Reagan believes it’s a good idea to link the two so they don’t have to work as hard to drive
traffic to the business’ account.
10. Who is responsible for setting up and managing the candy shop’s social media account?
a) Isabel.
b) Reagan.
c) Both Reagan and Isabel.
d) Neither Reagan for Isabel.
Reagan is excited about this duty because she enjoys engaging in her own social media accounts
in her free time.
83. Module Nine: Prevention Software
Now we’ve gotten to the good stuff!
We’ve thoroughly covered the many
dangers lurking, with the hopes of
taking over your computer systems
and even steal your identity. It’s now
time to talk about the proactive steps
you can take to protect yourself and
your business.
As the United
States attorney
in Manhattan, I
have come to
worry about few
things as much
as the gathering
cyber threat.
Preet Bharara
88. Case Study
Greg and Richard are discussing a cyber-attack
Greg says they should invest in Anti-Virus/Anti-
Spyware
Greg asks what security should be in place when away
from office
Richard says they should look into fire walls and
routine updates
89. Module Nine: Review Questions
1. Which of the following are two types of firewalls?
a) Network and host-based.
b) Anti-Virus and Anti-Spyware.
c) Network and Internet.
d) Host-based and Intranet.
Network firewalls specifically filter the flow of traffic concerning at least two networks, while
host-based firewalls deal with one host that manages the traffic in and out of that particular
machine.
2. What are firewalls designed to do?
a) Keep track of but not regulate incoming and outgoing traffic of your network system.
b) Keep track of incoming traffic of your network system.
c) Keep track of and regulate incoming and outgoing traffic of your network system.
d) Keep track of outgoing traffic of your network system.
Think of a fire wall as a blockade between the internal network, which is a trusted source, and
external networks which are presumed to not be safe.
90. Module Nine: Review Questions
3. An example of using a VPN is a company that gives its employees access to its Intranet while
not inside of the office. What type of VPN is this?
a) Site-to-site.
b) Remote access.
c) Public access.
d) Telecommute.
Virtual private networks (VPNs) are private networks that spread across a public network (the
Internet). VPNs enable users to send and receive information across the public network as if
they are connected to the private networks.
4. Of the following, which is an actual VPN protocol?
a) Internet Protocol Security.
b) Layer 2 Tunneling.
c) Point-to-Point Tunneling.
d) All of the above.
In addition to the above, the lesson mentions protocols such as OpenVPN, Secure Shell, Secure
Sockets Layer and Transport Layer Security.
91. Module Nine: Review Questions
5. What are threats that Anti-Virus software protects against?
a) Trojans.
b) Viruses.
c) Browser hijackers.
d) All of the above.
In addition, it protects against rootkits, worms, and Ransomware.
6. Which of these companies offers Anti-Virus and Anti-Spyware software?
a) McAfee.
b) Norton.
c) Kaspersky.
d) All of the above.
Another company that offers such software is Bitdefender.
92. Module Nine: Review Questions
7. Which of these is typically the MOST complicated update to install?
a) High priority.
b) Suggested.
c) Drivers.
d) None of the above.
High priority updates are just as their name states. They are very important and should be non-
negotiable. Examples of such updates include security patches and bug fixes.
Suggested updates can help improve the performance of your computer, but not typically do
not allow for major problems, if not installed.
Drivers can be a bit more complicated if you’re not versed in what they are and how to install
them.
8. How often do operating systems release updates?
a) Regularly.
b) Once every year.
c) Once every two years.
d) Once every three years.
These updates fall into three categories: high priority, suggested, and drivers.
93. Module Nine: Review Questions
9. Greg says at a minimum, they should invest in:
a) Making sure their operating system performs its routine updates.
b) Firewalls.
c) Anti-Virus and Anti-Spyware software.
d) VPNs.
Richard agrees that they should at least invest in Anti-Virus and Anti-Spyware software, but also
look into firewalls and making sure their operating system is performing routine updates.
10. What is Greg concerned about?
a) What security will be in place when they are on vacation?
b) What security will be in place when they are working away from the office?
c) What security will be in place through the night?
d) What security will be in place on weekends?
Since Greg is concerned about computer security when they are working on their computers
while away from the office, this would be a good opportunity to begin discussion on investing in a
VPN.
94. Module Ten: Critical Cyber Threats
Critical cyber threats are those that if
carried out, could have a debilitating
effect on an organization or even a
country.
Cyber war takes
place largely in
secret, unknown
to the general
public on both
sides.
Noah Feldman
99. Case Study
Lucky’s Cleaners has been receiving harassing emails
A local competitor says they will ruin Lucky’s
Martha is concerned
Martha sits down with Robert to discuss the
problem
100. Module Ten: Review Questions
1. According to the “Critical Cyber Threats” lesson, which of these is mentioned as a
critical infrastructure?
a) Energy.
b) Defense.
c) Transportation.
d) All of the above.
In addition to the above, the lesson mentions food and agriculture, emergency
services, and communications.
2. Which of the following is NOT listed in “Critical Cyber Threats” as a type of critical
infrastructure?
a) Food and agriculture.
b) Emergency services.
c) Communications.
d) None of the above.
In addition to the above, the lesson mentions energy, defense, and transportation.
101. Module Ten: Review Questions
3. In the white supremacist example of cyberterrorism, what state’s ISP
was temporarily disabled?
a) Oregon.
b) Massachusetts.
c) Alabama.
d) New Mexico.
In 1996, a computer hacker allegedly associated with the White
Supremacist movement temporarily disabled a Massachusetts ISP
and damaged part of the ISP's record keeping system. The ISP had
attempted to stop the hacker from sending out worldwide racist
messages under the ISP's name. The hacker signed off with the
threat, "you have yet to see true electronic terrorism. This is a
promise."
102. Module Ten: Review Questions
4. In the Institute for Global Communications cyberterrorism example, protesters from what
country bombarded the institute with thousands of bogus e-mails?
a) Spain.
b) France.
c) Nigeria.
d) China.
In 1998, Spanish protesters bombarded the Institute for Global Communications (IGC) with
thousands of bogus e-mail messages. E-mail was tied up and undeliverable to the ISP's
users, and support lines were tied up with people who couldn't get their mail. The
protestors also spammed IGC staff and member accounts, clogged their Web page with
bogus credit card orders, and threatened to employ the same tactics against
organizations using IGC services. They demanded that IGC stop hosting the Web site for
the Euskal Herria Journal, a New York-based publication supporting Basque
independence. Protestors said IGC supported terrorism because a section on the Web
pages contained materials on the terrorist group ETA, which claimed responsibility for
assassinations of Spanish political and security officials, and attacks on military
installations. IGC finally relented and pulled the site because of the "mail bombings."
103. Module Ten: Review Questions
5. In the cyberwarfare examples, in 1998, the United States hacked into what country’s air
defense system?
a) North Korea.
b) Russia.
c) Serbia.
d) Germany.
In 1998, the United States hacked into Serbia's air defense system to compromise air traffic
control and facilitate the bombing of Serbian targets.
6. In 2009, a cyber spy network called ______ accessed confidential information belonging to
both governmental and private organizations.
a) GhostNet.
b) Internet Spy.
c) CyberNet.
d) Ghost Town.
A cyber spy network called "GhostNet" accessed confidential information belonging to both
governmental and private organizations in over 100 countries around the world.
104. Module Ten: Review Questions
7. In one of the examples in the “Cyberespionage” lesson,
an unnamed government official told the Wall Street Journal
that cyber spies from which countries had broken into
computer systems?
a) Israel and Italy.
b) Japan and India.
c) Poland and Scotland.
d) China and Russia.
An unnamed government official told the Wall Street Journal
that cyber spies from China and Russia had broken into
computer systems used by companies maintaining the
three North American electrical grids.
105. Module Ten: Review Questions
8. Canadian researchers revealed in late March that a cyber-spy network based in what country had
broken into diplomatic computer systems involving 103 different countries?
a) China.
b) Ireland.
c) Turkey.
d) Iraq.
Canadian researchers revealed in late March that a cyber-spy network based in China had broken into
diplomatic computer systems involving 103 different countries. Beijing denied any official
involvement, but the investigation had begun when the Dalai Lama, Tibet's leader-in-exile,
noticed that sensitive documents from his own PCs had turned up in Chinese hands.
9. In the case study, what’s the name of the business that is receiving threats?
a) Larry’s Lube.
b) Lucy’s Malt Shop.
c) Lucky’s Cleaners.
d) Linda’s Computer Repair.
Lucky’s Cleaners is receiving threats from a competitor that they will destroy its business.
106. Module Ten: Review Questions
10. What is Martha concerned about?
a) That its competitor will bad mouth her business to
prospective clients.
b) That its competitor will bad mouth her business to
prospective clients and try to disable its computer system.
c) That its competitor will try to disable her business’
computer system.
d) None of the above.
Martha and Robert are discussing the possibility of the above
because their company has been receiving email threats
from their competitor.
107. Module Eleven: Defense Against
Hackers
”The best defense is a good offense”.
Rather than reacting to attacks once
they’ve occurred, a wise strategy is to
prepare proactive measures, so that
if the time comes, you can
completely bypass the attack or
lessen the blow of it.
Cyber-attacks
are not what
makes the cool
war 'cool.' As a
strategic matter,
they do not
differ
fundamentally
from older tools
of espionage
and sabotage.
Noah Feldman
112. Case Study
Frank and Joel are trying to prevent hackers
Frank suggests considering encryption
Joel says they need an intrusion detection system
Both agree to research digital forensics and legal
recourse
113. Module Eleven: Review Questions
1. What is cryptography?
a) Secret method of hearing.
b) Secret method of speaking.
c) Secret method of writing.
d) Secret method of seeing.
Cryptography is basically defined as a secret method of writing. This is done so that only
authorized parties are able to interpret the message.
2. Which of these is NOT an encryption method mentioned in the “Cryptography” lesson?
a) IDEA.
b) YAR.
c) AES.
d) DES.
Examples of encryption methods in the lesson include:
International Data Encryption Method (IDEA)
Advanced Encryption Standard (AES)
Data Encryption Standard (DES)
114. Module Eleven: Review Questions
3. The “Digital Forensics” lesson says that whom collects and analyzes the data?
a) Company CEO.
b) Independent forensics specialists.
c) Company employees.
d) Law enforcement.
In digital forensics, law enforcement collects and analyzes the data in such a way that it can be
used in court against the perpetrator.
4. In the Sharon Lopatka example in “Digital Forensics” lesson, who was found to be the person
who murdered her?
a) Robert Glass.
b) Lisa Billingsley.
c) John Smith.
d) Renee Porter.
Hundreds of emails on Lopatka's computer lead investigators to her killer, Robert Glass.
115. Module Eleven: Review Questions
5. What is NOT a question that the “Intrusion Detection” lesson states that one must ask before
investing in an IDS?
a) What does our business need in an IDS?
b) Does state law allow our business to have an IDS?
c) Can we afford an IDS?
d) Will our network support the IDS system?
The lesson mentions these questions:
What does our business need in an IDS?
Will our network support the IDS system?
Can we afford an IDS?
What do we do if something goes wrong with the IDS?
As our business grows, we can still use this IDS?
116. Module Eleven: Review Questions
6. Which of these companies is mentioned as a manufacturer of IDSs?
a) Dakota Alert, Inc.
b) Juniper Networks.
c) Linear, LLC.
d) All of the above.
In addition to the above, the lesson states PureTech Systems, Inc. and Telguard are
manufacturers of IDSs.
7. The majority of computer hacking crimes are punishable under:
a) Computer Fraud and Abuse Act.
b) Civil Rights Act.
c) National Security Act.
d) Workforce Investment Act.
The majority of computer hacking crimes are punishable under the Computer Fraud and Abuse
Act (18 U.S.C. §1030). There may be additional penalties under state law.
117. Module Eleven: Review Questions
8. The “Legal Recourse” lesson states there are penalties for committing the following offenses
involving computer:
a) Trafficking in Passwords.
b) Accessing a Computer to Defraud & Obtain Value.
c) Recklessly Damaging by Intentional Access.
d) All of the above.
There are penalties for committing the following offenses involving the computer:
Obtaining National Security Information
Accessing a Computer and Obtaining Information
Trespassing in a Government Computer
Accessing a Computer to Defraud & Obtain Value
Intentionally Damaging by Knowing Transmission
Recklessly Damaging by Intentional Access
Negligently Causing Damage & Loss by Intentional Access
Trafficking in Passwords
Extortion Involving Computers
118. Module Eleven: Review Questions
9. What method of defense does Frank say they should consider?
a) VPN.
b) Anti-Virus software.
c) Encryption.
d) Anti-Spyware software.
Since their bank holds a lot of private information, an encryption service that only allows
employees to interpret data would be helpful.
10. What do intrusion detection systems do?
a) Notify the intruder that he/she will be arrested.
b) Notify the company of suspicious activity.
c) Notify the company that an intrusion report has been sent to the federal government.
d) Notify the intruder that the company is aware of his/her presence and will be fining them.
Intrusion detection systems do as their name states. They locate cases of the system being
accessed by someone who does not have the authority to do so or an unauthorized program
being installed. It then informs the administrator or a security information and event
management system of the activity.
119. Module Twelve:
Wrapping Up
Although this workshop is coming to a
close, we hope that your journey to
learning about Cybersecurity is just
beginning.
Please take a moment to review and
update your action plan. This will be a key
tool to guide your progress in the days,
weeks, months, and years to come. We
wish you the best of luck on the rest of
your travels!
People ask me
all the time,
'What keeps you
up at night?'
And I say, 'Spicy
Mexican food,
weapons of
mass
destruction, and
cyber-attacks.
Dutch
Ruppersberger
120. Words from the Wise
Frank
Abagnale:
• The police can't protect consumers. People
need to be more aware and educated
about identity theft. You need to be a little
bit wiser, a little bit smarter and there's
nothing wrong with being skeptical. We live
in a time when if you make it easy for
someone to steal from you, someone will
Janet Reno
• Everybody should want to make sure that
we have the cyber tools necessary to
investigate cyber-crimes, and to be
prepared to defend against them and to
bring people to justice who commit it.