L1 Review Security MS
L1 Review Security MS
1. Any from:
an interconnected set of components used to collect, store, process and transmit data and digital
information
is a formal, sociotechnical, organizational system designed to collect, process, store, and
distribute information
a set of interrelated components that collect, process, store, and distribute information to support
decision making and control in an organization
are combinations of hardware, software, and telecommunications networks that people build and
use to collect, create, and distribute useful data, typically in organizational settings
interrelated components working together to collect, process, store, and disseminate information
to support decision making, coordination, control, analysis, and visualization in an organization
2. Any from
Computer systems use data to process tasks ranging from sending emails to performing complex
calculations. Without data, they won't work.
The data fed into a computer system dictates the instructions it will receive and therefore the
actions it will take.
Data is needed in computer science to process programs, coding, and other computer tasks.
The computer system in turn stores retrieves, classifies, organises and synthesizes the data to
produce information according to a pre-determined set of instructions.
3. Any from
While information system security refers to the protection of technical systems, data security is
generally concerned with the protection of information
Data Security focuses on protecting data from unauthorized access, use, disclosure, disruption,
modification, or destruction. Systems Security, on the other hand, is more concerned with
securing the systems that store, process, and transmit this information.
Information security encompasses a broader spectrum of practices, including technical,
administrative, and physical controls, to protect all types of information assets within an
organization. Data protection, however, narrows down its focus to safeguarding personal or
sensitive data, typically governed by privacy laws and regulations.
Information security aims to ensure the confidentiality, integrity, and availability of all
information assets, not limited to personal data. It encompasses measures such as network
security, access controls, encryption, incident response, and disaster recovery. Data protection
primarily emphasizes the privacy and lawful processing of personal data, focusing on aspects
like consent, purpose limitation, data minimization, data retention, and individual rights.
4. Any from
Hacking: Hacking refers to an unauthorized user gaining access to a computer or a network.
Cracking: Cracking is reverse engineering of software, passwords or encryption could lead to
unauthorized access to sensitive information.
Malware: Malware (short for malicious software) disrupts computer operations, gathers sensitive
information, or gains access to a computer system to compromise data and information.
Misuse: Employees may take advantage of entrusted resources or privileges for a malicious or
unintended purpose.
Errors: Errors such as system misconfigurations or programming errors can cause unauthorized access
by cybercriminals. Errors can occur in-house due to faulty programming, or hackers can find loopholes
that can cause errors as well.
Data Leakage: Unauthorized electronic or physical transmission of data or information from within a
company to an external destination or recipient could leave data in the wrong hands.
Cloud Computing: Storing unencrypted sensitive data with lax access controls leaves data stored in the
cloud vulnerable to improper disclosure.
Mobile Devices: Mobile devices carrying sensitive data can be lost or stolen, possibly causing data to
fall into the wrong hands.
Availability Attacks: Availability attacks are structured cyberattacks to extort or damage companies
whose websites or online assets are a major source of revenue.
Advanced Persistent Threats (APT): The goal of an APT isn’t to corrupt files or tamper, but to steal
data as it continues to come in. Hackers attack computer systems while avoiding detection and
harvesting valuable information over a long period of time.
Third Parties / Service Providers: Third-party networks may be used by other external cybercriminals
as an initial access point into a company’s network.
Non-Technical Vulnerabilities
Physical: Theft, tampering, snooping, sabotage, vandalism, local device access, and assault can lead to a
loss of data or information.
Environmental: Natural events such as tornadoes, power loss, fires, and floods pose hazards to the
infrastructure in which data assets are located.
Insider Threat: Employees, contractors, or partners can commit fraud, espionage or theft of intellectual
property.
Social Media: Employees often fall victim to scams or reveal information not intended for public
knowledge on social media.
Dumpster Diving: Improper disposal of sensitive data could lead to improper disclosures and sensitive
information just sitting in trash bins. Having internal procedures when disposing of sensitive documents
is crucial in preventing this kind of a non-technical vulnerability.
Social Engineering: Attackers rely heavily on human interaction to gain access to company networks
or systems, usually tricking users into breaking normal security procedures and revealing their account
credentials.
5. Any from:
Encryption is a fundamental technique for data protection that involves transforming data into an
unreadable format using encryption algorithms. It ensures that even if data is compromised, it remains
incomprehensible without the corresponding decryption key.
Data loss prevention techniques involve the identification, monitoring, and prevention of data leakage
or unauthorized data access. DLP solutions use a combination of content analysis, policy enforcement,
and user behavior monitoring to identify and prevent the unauthorized transmission of sensitive data.
6. Any from:
Access Controls and Authentication - Implementing stringent access controls and authentication
mechanisms is crucial for data protection. Organizations should adopt strong user authentication
methods, such as two-factor authentication (2FA) or biometric authentication, to ensure that only
authorized individuals can access sensitive data.
Data backup and disaster recovery techniques are vital for protecting data against system failures,
natural disasters, or malicious attacks. Regularly backing up critical data ensures that it can be restored
in the event of data loss or corruption.
Intrusion Detection and Prevention Systems (IDPS) solutions monitor network traffic and system
activity to detect and prevent unauthorized access, malware infections, or other security breaches. These
systems analyze network packets, log files, and other indicators to identify suspicious activities or
anomalies.
Employee Training and Awareness. Human error and insider threats pose significant risks to data
security. Educating employees about data protection best practices and raising awareness about potential
security threats is crucial.
7. Any from:
Data encryption protects your sensitive data by rendering it inaccessible, even if stolen
Encryption, which helps keep your data safe from hackers, is effectively scrambling up data and
making it only decipherable with a key
Encryption can help prevent data breaches caused by hackers by making it difficult for
unauthorized parties to access and read
8. Any from:
Use a firewall to create a barrier between inside information and the outside world. Firewalls
prevent unauthorized access to private network and alert to intrusion attempts.
Install antivirus software to protect system by detecting real-time threats to ensure your data is
safe.
Using strong passwords is a crucial way to prevent network intrusions. The more secure your
passwords are, the harder it is for hackers to invade your system.
Use two-factor authentication as an additional defense layer. Passwords are the first line of
defense against computer hackers. However, a second layer boosts protection. Two-factor
authentication, which boosts security because it requires you to type in a numerical code — sent
to your phone or email address — in addition to your password when logging in.
9. Any from:
Limited threat protection because — while mirroring protects against hardware failures — it
offers limited protection against data corruption
A disk mirroring strategy used to protect a computer system from loss of data and other potential
losses due to disk failures, not against outside attacks
10. Using data backup and disaster recovery techniques are vital for protecting data against system failures,
natural disasters, or malicious attacks but does not prevent from hacking or cracking.
Task B. Safety methods