Cyber Secuirty

Question 1

What is Cyber Security?

Answer 1

The practice of protecting digital systems, networks, programs and humans from digital attacks

Question 2

What is meant by the CIA triangle?

Answer 2

• Confidentiality: keeping data secret
• Integrity: keeping data in-tact/unchanged
• Availability: keeping data available

Question 3

What are 4 Security threats?

Answer 3

1. Disclosure
2. Deception
3. Disruption
4. Unsurpation

Question 4

What are Security principles?

Answer 4

• Security relies on evaluation of risk
• Choose what risks are worth preventing
• Good security considers: people involved, processes used, the technology

Question 5

What is meant by Security trade-off?

Answer 5

Cost of the security measure vs the time and effort to break it

Question 6

What are 4 areas of Security?

Answer 6

1. Preventive
2. Detective
3. Reactive
4. Reconstructive

Question 7

What is Access Control?

Answer 7

• Data security process that enables organisations to manage who is authorised to access corporate data and resources
• Control models: hierarchical
• Compartmental

Question 8

What are 2 types of Access Control?

Answer 8

• Access Control List (ACL)
• Discretionary Access Control (DAC)
• Role-Based Access Control (RBAC)
• Mandatory Access Control (MAC)

Question 9

What are some Access Control issues?

Answer 9

• Can make it very difficult to prevent access when dealing with large groups of people
• Authentication creep – moving departments but old privileges aren’t revoked

Question 10

What are 2 ways of improving Identification and Authentication?

Answer 10

• Requiring regular password changes
• 2 Factor Authentication (2FA)

Question 11

What is Cryptography and what are the requirements?

Answer 11

Encoding messages so they can only be understood by their intended recipient
- The plain text
- A key
- An encryption function

Question 12

What are the 2 types of keys that can be used?

Answer 12

• Symmetric: same key is used to encrypt and decrypt the data
• Asymmetric: public key to encrypt the data, private key to decrypt the data

Question 13

What are some issues surrounding Encryption?

Answer 13

• Implementing good encryption can be difficult: the more secure the encryption, the higher the resource, cost and time
• Encryption itself is often seen as a political and privacy issue

Question 14

What are 5 types of attacks?

Answer 14

1. Malware/Malware propagation
2. Denial of Service attacks
3. Man-in-the-Middle attacks
4. Web-based attacks
5. Physical security

Question 15

What is IoT?

Answer 15

Internet of Things refers to computing devices embedded in everyday objects, that can send and receive data via the internet
- Home networks
- Wearable devices

Question 16

What is meant by MGC Security?

Answer 16

• Embedded devices
• Gateway
• Cloud systems

Question 17

What are the 2 key areas in IoT Security?

Answer 17

• Data Security
• System Security

Question 17

What is meant by Data Security?

Answer 17

Keeping the data collected and processed by IoT devices safe and private
- Home occupancy information
- Medical information
- Location information

Question 18

What is meant by System Security?

Answer 18

Keeping the devices themselves safe from hacking, must be adequate on every device
- Encryption
- Authentication procedures
- Safe architecture

Question 19

What are some difficulties with IoT Security?

Answer 19

• Cheap hardware
• Unique architecture, making support difficult
• Lack of update procedure
• Many different access methods, leading to vulnerable entry points

Question 20

What are some IoT solutions?

Answer 20

• Develop legislation and common standards
• Security makes economic sense
• Improve technologies

Question 21

What is meant by Dataset Poisoning?

Answer 21

Where training data is compromised with intentional malicious information

Question 22

What are some ways that AI Systems can be protected?

Answer 22

• Air-gapped Pocket LLMs
• Tight control on the data in datasets
• Data sanitisation
• Have human checkers of the responses