Upgrade to remove ads
LO4 Understand the factors to be considered when collecting and processing data and storing data/information
Terms in this set (35)
Usually a result of several computers being infected by a bot malware. This then allows the botnet and the person who created it to take control of the computer systems.
Malware (Malicious Software)
is installed on a computer system and collects information about users without their knowledge.
Different types of malware
- Trojan horse
generates revenue for its author and automatically shows adverts. It is harmless by itself but some adware can include spyware such as key loggers.
Bot takes control of a computer system, it allows a cyber-security attacker to take control of an infected computer-system without the users knowledge. Do not click on any links in emails.
Bugs are connected to software and are flaws that produce unwanted outcomes. Usually the results of human error during the coding of the software, and can be fixed by the software creator. They are the most severe type and can follow cyber attackers to bypass user authentications override access privileges or steal data. To mitigate the risk check for and install any patches that are released from software vendors.
A type of malicious software designed to block access to a computer system until a sum of money is paid. To mitigate the risk do not click on any links in emails or open any files from unknown sources.
program that hides in a computer and allows someone from a remote location to remotely access files and data. Can be as part of a botnet and you can mitigate the risks by keeping up to date security software.
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. Do not click on any links in emails.
Standalone malicious programme designed to give full control of an infected PC to another PC. Can appear to be something that is wanted or needed on a PC. It can make copies of itself to steal information or harm a the host computer system.
It attempts to make a computer system unreliable, it replicates itself and spreads from computer to computer. Can infect files on a network file system.
A destructive computer program that bores its way through a computer's files or through a computer's network. It is a standalone computer program and replicates itself, to mitigate risks don't open any files from an unknown source.
Types of Social Engineering
Tries to get users to input for example their credit card details, uses fake websites
Where a cybercriminal lies to get data or information, usually involves a scam
Where cybercriminals try to get victims to give them the information they need, Very similar to phishing
- Quid pro quo
Tries to disable anti-virus software it can usually be installed to gain access to a computer system, its very similar to baiting
Trying to gain access to a secure building or room, the most common type is an attacker pretending to be a delivery driver and asking an authorised person to hold the door
- Shoulder surfing
Aims to steel data and information, when a persons private and confidential information is seen e.g. at a cash machine someone standing close so that they can see their PIN.
Finding out a weakness in an established system and exploiting them.
White hat hacking
Where a hacker is given permission to hack into systems to identify any loopholes and vulnerabilities. It doesn't break any legislations.
Grey hat hacking
Where a hacker hacks into a computer system for fun or to troll but does not have malicious intent towards the computer system. A grey hat hacker can also offer to fix the vulnerability but for a fee!
Black Hat Hacking
Where a hacker hacks into a computer system with malicious intent. The intent can include theft or exploiting the data stolen or seen. This is illegal and can be prosecuted under UK IT legislation.
The art of manipulating people so that confidential information can be found out.
Distributed Denial of Service (DDoS)
An attempt to make a computer or network system unavailable to its users by flooding it with network traffic.
3 main vulnerabilities that can be exploited in a cyber-security attack
e.g. natural disasters
e.g. Weak passwords or patches
When the computer system is connected to the internet the software will automatically be checking all the time for new updates.
Impacts of a cyber-security attack
- Denial of service
- Identity theft
Happens when cyber-security attackers steal computer-based data from a person or business, with the intent of compromising privacy or obtaining confidential data.
Consequences of a cyber-security attack
Financial e.g. accounts and data subjects
Data e.g. may not have been backed up
Reputation e.g. may not be seen as trustworthy
Operational e.g. running of the business
Financial e.g. compensation
Commercial e.g. cyber-security attack
Individuals e.g. Big Data
Equipment e.g. DDoS
Finance e.g. websites may be denied
e.g. Locks and CCTV
e.g. Access rights and permission, usernames and passwords, anti-virus software
- Secure destruction
e.g. Magnetic wipe, Physical destruction, data can be overwritten
Replaces the data with binary and removes all the basic commands stored on the storage device, making the device unusable.
- Data protection act (DPA)
- Computer misuse act (CMA)
- Copyright, Designs and patents act (CD&PA)
- Health and safety at work act (H&S)
- Freedom of information act (Fol)
The person who needs to apply for permission to collect and store data. They decide what data needs to be collected, and what it will be used for and how.
The person who enforces the DPA and whom organisations need to apply to in order to gain permission to collect and store personal data. They also make the general public aware of their rights under the DPA.
Computer misuse act
1. Unauthorised access to computer material
2. Unauthorised access with intent to commit or facilitate the commission or further offences
3. Unauthorised acts with intent to impair or with recklessness as to impairing operation of a computer
Health and safety at work act
1. Employers must analyse workstations and access and reduce risk
2. Employers must ensure that workstations meet the minimum requirements
3. Employers must plan to work so that there are breaks or changes of activity
4. Employers must arrange and pay for eye tests and glasses if special ones are needed
5. Employers must provide health and safety training and information
- No food or drink near the electronics
- Use ergonomic equipment
- Not tamper with any cables or computer parts
Freedom of information act
- Public authorities are obliged to publish certain information about their activities
- Members of the public are entitled to request information from public authorities
Ethnical and moral issues
Defamation of character - when untrue or false statement is made by one person about another. The statement tries to discredit a persons character or reputation.
Factors that need to be considered when collecting data
Validity - how believable the data is
Reliability - if the data is correct and can be verified
Bias - considering only one point of view or perspective
THIS SET IS OFTEN IN FOLDERS WITH...
LO6 Understand the different methods of processing…
LO3 - Understand how data and information can be c…
L01 - Understand the tools and techniques that can…
YOU MIGHT ALSO LIKE...
Year 10 flashcards (Viruses/malware)
MDL Computer Security and Privacy
IST 210 Ch. 14
OTHER SETS BY THIS CREATOR
social in equalities
Booklet 2: Biological Explanations and Treatments…