16. Data security and integrity process

Question 1

What are some potential threats to computer systems?

Answer 1

• natural disasters
• hardware failure
• software failure
• malicious damage
• accidental damage

Question 2

What is a hacker?

Answer 2

A person who attempts to gain unauthorised access to a computer system with the intent of damaging data or somehow harming that system

Question 3

What is a black hat hacker?

Answer 3

A hacker who attempts to gain access to data via immoral means, typically to steal company secrets or cause damage.

Question 4

What is a white hat hacker?

Answer 4

Security experts employed by a company who try and find vulnerabilities in a system and fix them.

Question 5

What is a grey hat hacker?

Answer 5

A hacker somewhere in between a white and a black hat hacker, they attempt to find vulnerabilities in systems but are not employed. What they do is technically illegal but they do not cause or have any intentions to cause damage.

Question 6

What is malware?

Answer 6

Computer code written with the intent to frustrate or harm.

Question 7

What are the types of malware?

Answer 7

• trojan
• worm
• keylogger
• virus
• spyware
• botnets

Question 8

What is a trojan?

Answer 8

A piece of malware that disguises itself as something harmless, but it causing damage in the background.

Question 9

What is a worm?

Answer 9

A standalone piece of malware that replicates itself and spreads to other devices.

Question 10

What is a botnet?

Answer 10

A network of private computers that are infected with malware without the owners’ knowledge so that they can be controlled.

Question 11

What is a keylogger?

Answer 11

A piece of malware that records every keystroke of a user.

Question 12

What is spyware?

Answer 12

A piece of malware that obtains information from a device by transmitting data from their device

Question 13

What is a virus?

Answer 13

Pieces of code that are capable of copying themselves and are typically to have a detrimental

Question 14

What is a denial of service attack (DoS)?

Answer 14

When an attacker floods a server with useless traffic, causing the server to overload

Question 15

What is a distributed denial of service attack (DDoS)?

Answer 15

When multiple systems orchestrate a synchronised attack from many locations at once.

Question 16

What are levels of permitted access?

Answer 16

Certain users have different access to certain parts of a system.

Question 17

What are write-protect mechanisms?

Answer 17

Only certain users have permission to write/edit data stored on a system.

Question 18

What are access rights?

Answer 18

Access to confidential files is only available authorized users.

Question 19

What is encryption?

Answer 19

The process of turning plain text into an unreadable form by using an algorithm and a unique key. Only users with the key will be able to translate the text into a readable form. This will not prevent you from being hacked, but if a hacker obtains encrypted text, they will not be able to read it without the unique key.

Question 20

What is a firewall?

Answer 20

A piece of software and/or hardware that prevents certain traffic from passing through it. It can block certain types of traffic, and also inspect data travelling across it to see if it looks suspicious.

Question 21

What is antivirus software?

Answer 21

Software that regularly scans files for possible infection by malware.

Question 22

What is accounting/auditing software?

Answer 22

All files accessed by a user are recorded in a log.

Question 23

What is redundancy?

Answer 23

When a single site is brought down, other sites can work to make up the shortfall.

Question 24

When contingency planning, what should be done before a disaster?

Answer 24

• conduct a risk analysis to identify possible risks
• ensure preventative methods are available e.g. backups
• provide staff training to deal with disasters
• ensure that if a disaster happens, loss of data is minimized

Question 25

When contingency planning, what should be done during a disaster?

Answer 25

• implement contingency plans to prevent further damage to data
• begin immediate recovery of data

Question 26

When contingency planning, what should be done after a disaster?

Answer 26

Get things running back to normal and restore all possible data.
If needed:
- purchase replacement hardware
- reinstall software
- restore data from backups