SCC141: term 2

Question 1

why is system security important?

Answer 1

-everyday life relies on digital systems
-attacks are costly
-data security, sensitive data may be being stored

Question 2

what can system security weaknesses lead to?

Answer 2

-downtime
-data loss
-safety issues
-harassment- robotics

Question 3

what is the CIA triad?

Answer 3

-foundation for security requirements that aims to secure a system
-confidentiality
-integrity
-availability

Question 4

what does the confidentiality portion of CIA triad represent?

Answer 4

-makes sure data is only accessible by authorised users
-enacted through: encryption, access control and authentication methods

Question 5

what does the integrity portion of the CIA triad represent?

Answer 5

-makes sure data can only be modified or removed by authorised users
-enacted through: checksums, hashing, digital signatures and version control

Question 6

what does the availability portion of the CIA triad represent?

Answer 6

-makes sure resources/system is accessible when needed by authorised users
-prevented by denial of service/ransomware

Question 7

why does the CIA triad matter?

Answer 7

-security fails if confidentiality/integrity/availability is compromised

Question 8

list some security design principles:

Answer 8

-economy of mechanism
-fail-safe defaults
-complex mediation
-open design
-separation of privilege
-least privilege
-least common mechanism
-psychological acceptability

Question 9

what is the security design principle economy of mechanism?

Answer 9

-keeping designs simple reduces the risk of bugs/error
-encourages reusing quality components where possible

Question 10

what is the security design principle fail-safe defaults?

Answer 10

-denying access to resources, granting access if explicitly allowed

Question 11

what is the security design principle complete mediation?

Answer 11

-requests for resources must be authorised EVERY time
-no, ‘once you’re in, you’re in forever’

Question 12

what is the security design principle open design?

Answer 12

-transparency about system security
-peer reviews designs
-allows others the opportunity to find loopholes/bugs in the security that may be exploited

Question 13

what is the security design principle separation of privilege?

Answer 13

-dividing power over security across multiple parties
-means no single authority can compromise system security

Question 14

what is the security design principle defence in depth?

Answer 14

-multiple layers of security
-if one layer of security fails, the others should hold

Question 15

what is the security design principle least privilege?

Answer 15

-a user or process should be granted the least privileges necessary for a task
-reducing access

Question 16

what is the security design principle least common mechanism?

Answer 16

-minimising shared resources or mechanisms being used by multiple components
-if one is compromised, they all are

Question 17

what is the security design principle psychological acceptability?

Answer 17

-security should be user friendly
-could fail if users choose to bypass it

Question 18

what are the immutable laws of security?

Answer 18

10 security principles
-published by microsoft in 2001
-updated 2009/2023

Question 19

why are privacy regulations needed ??

Answer 19

-to prevent data misuse
-to protect a user’s fundamental right to privacy
-help establish trust between user and service provider

Question 20

what does the EU artificial intelligence act regulate?

Answer 20

-addresses unregulated AI applications
-categorises AI systems by risk
-high risk AI needs to be highly regulated
-proposed in April 2021
-enforcement expected by 2025

Question 21

what is federated learning and how does it improve AI privacy?

Answer 21

-trains models locally on user’s device without transferring data to a centralised server
-protects sensitive data and reduces chance of data breaches during transmission.w

Question 22

what is differential privacy?

Answer 22

-introducing statistical noise
-makes it impossible to trace data to its origin
-means data breaches are less damaging, as identities are hidden

Question 23

what are some methods that can be used to increase privacy?

Answer 23

-federated learning: training AI locally
-differential privacy: noise in data sets to anonymize
-encryption

Question 24

what are some emerging privacy concerns with new technologies?

Answer 24

-generative AI and deepfakes
-biometric data: eg voice recognition
-neurotechnology: brain computer interfaces like neuralink
-consent fatigue: endless pop ups, users ignore and accept privacy agreements
-rapid tech evolution: can laws keep up with advancements?

Question 25

what is surveillance?

Answer 25

the systematic observation or data collection concerning people -usually with the aim of influencing or managing their behaviour

Question 26

what is sousveillance?

Answer 26

surveilling those doing surveillance on others

Question 27

give an example of covert mass surveillance

Answer 27

-USA patriot act 2001 -introduced under the guise of national security after 9/11 -any citizens' emails and phone records can be surveilled or monitored without a warrant

Question 28

list some types of surveillance

Answer 28

-state surveillance -corporate surveillance -personal surveillance -self surveillance -covert/overt surveillance

Question 29

what are the issues linked to surveillance?

Answer 29

-privacy violation -lack of consent -data monetisation -data security -over-monitoring -commercial exploitation

Question 30

what are examples of digital censorship?

Answer 30

-automated systems filtering restricted content -blocking websites -preventing the expression of certain opinions in online spaces

Question 31

what are some categories of digital censorship?

Answer 31

-network-level censorship: blocking websites/services -platform-level censorship: content moderation on social media/ removing flagged content -self-censorship: modifying behaviour due to knowledge of surveillance -algorithmic censorship: AI filters unintentionally removing content due to training bias/ suppression of videos or posts that contain certain content on social media

Question 32

how can censorship actually be implemented?

Answer 32

-DPI: deep packet inspections (networks) -firewalls (networks): blocking IP addresses -AI moderators: natural language processing -Search engine filtering: prioritising or suppressing results based on political interests -social media echo chambers: algorithms amplifying/suppressing certain content

Question 33

what is the principle of privacy by design?

Answer 33

-implementing privacy features early on in system development

Question 34

what is malware?

Answer 34

-malicious software designed to harm or exploit a computer or network

Question 35

list some types of malware

Answer 35

-ransomware -zombie -botnet -viruses -worms -trojans

Question 36

what categorises a virus?

Answer 36

-malicious code attached to an executable file -infectious -can be prevented with anti-virus software

Question 37

what categorises a worm?

Answer 37

-doesn't require a host file to spread to new devices -exploits security flaws on a network -disrupts networks and consumes bandwidth

Question 38

what categorises a trojan?

Answer 38

-disguised as legitimate harmless software -spread through phishing -steals data and allows unauthorised access

Question 39

what categorises ransomware?

Answer 39

-encrypts files and restricts owner's access to their files -spread through phishing/ infected websites -leads to data loss, financial extortion -backing up files important

Question 40

what categorises a zombie?

Answer 40

-malicious software that allows host device to be controlled -created through any malware -monitor unusual activity on devices to recognise an attack

Question 41

what is a botnet?

Answer 41

a network of zombies

Question 42

what is a DDoS attack?

Answer 42

-distributed denial of service attack -like someone causing a traffic jam on a website or network to prevent user access

Question 43

how can malware be spread?

Answer 43

-phishing emails -exploiting vulnerabilities -malicious websites or adverts -infected software being downloaded

Question 44

what are some potential impacts of malware?

Answer 44

-data theft -system damage -loss of privacy -financial loss -device performance issues -reputation damage for service providers

Question 45

describe the process of threat modelling

Answer 45

1. asset identification: what needs protecting? 2.threat analysis: potential attacks? 3. vulnerability analysis: how could attack occur? 4. risk assessment: likelihood of attacks

Question 46

what is the malevolent practice social engineering?

Answer 46

-data collected through dumpster diving -e.g. looking through social media

Question 47

what is the malevolent practice of grooming?

Answer 47

-gaining the trust of a potential victim -using their trust to access personal data

Question 48

what are some potentially dangerous malevolent practices?

Answer 48

-online stalking -deepfakes and synthetic media

Question 49

what are the two acronyms used as threat models?

Answer 49

-STRIDE and DREAD

Question 50

how are risks quantified?

Answer 50

DREAD: --damage potential --reproducibility --exploitability --affected users --discoverability

Question 51

how are threat categories classified?

Answer 51

STRIDE: -spoofing -tampering -repudiation -information disclosure -denial of service -elevation of privilege

Question 52

what factors lead to digital exclusion?

Answer 52

-access -ability -affordability

Question 53

what comes under the 'ability' factor of digital exclusion?

Answer 53

-digital literacy -physical and cognitive abilities -motivation and confidence

Question 54

how can the ability factor of digital exclusion be mitigated?

Answer 54

-training and workshops -inclusive design -user friendly interfaces

Question 55

what comes under the access factor of digital exclusion?

Answer 55

-infrastructure (broadband, networks) -devices and compatibility -reliability (stable connection)

Question 56

how can the access factor of digital exclusion be mitigated?

Answer 56

-investment in infrastructure -community resources/devices -device donations

Question 57

what comes under the affordability factor of digital exclusion?

Answer 57

-upfront costs -ongoing costs (access to networks/infrastructure) -maintenance costs

Question 58

what are some methods of mitigating affordability issues in digital exclusion?

Answer 58

-subsidies and discounts -flexible payment -partnerships and grants

Question 59

what are some factors that contribute to digital divide?

Answer 59

-age -income -geography -education -disability

Question 60

what is the difference between digital exclusion and digital divide?

Answer 60

-digital exclusion: those who do not participate with technology despite access -digital divide: those who are unable to access technology.

Question 61

what are the three layers to the digital divide?

Answer 61

-access divide: infrastructure -skills divide: knowing how to use -usage divide: who benefits from usage

Question 62

what is the economic digital divide?

Answer 62

-low income communities or individuals that struggle to afford access to technology

Question 63

what is the silver digital divide?

Answer 63

-older generations that struggle to adopt new technologies because of skill, understanding, mistrust etc

Question 64

what is the geographical digital divide?

Answer 64

-often a divide between urban and rural areas with disparity of internet and physical infrastructure availability

Question 65

what is the educational digital divide?

Answer 65

-disparity between students, some may have access to many devices and well connected where others may not be -is access to a device expected for work to be completed -children raised in schools with access to technologies

Question 66

what is the disability digital divide?

Answer 66

-inaccessible devices/ websites for visually/hearing impaired -lack of assistive technology to support use -screen readers/braille displays/ eye tracking systems/ alternative input devices

Question 67

what is the digital privacy divide?

Answer 67

the concept that certain groups may be more vulnerable to data theft and scams

Question 68

what contributes to the gender digital divide?

Answer 68

-female representation in STEM remains lower which affects the amount of existing inclusive technology

Question 69

what is data justice?

Answer 69

-ways in which big data systems can discriminate, discipline and control

Question 70

what is predictive policing?

Answer 70

-using historic crime data to determine how to allocate police geographically

Question 71

what is algorithmic auditing?

Answer 71

-a method to analyse AI models by repeatedly querying them -helps detect biases

Question 72

what are methods involved in algorithmic auditing?

Answer 72

-data scraping -creation of synthetic user profiles

Question 73

what is an LLM?

Answer 73

-large language model

Question 74

why could large language models and AI be described as unintelligent?

Answer 74

-results or sentences outputted by AI are just the most likely word followed by the next most likely word. -there is no judgement done by the AI, is it intelligence? -they do not know why two words are related, just that they are.

Question 75

how significant are IT emissions?

Answer 75

2.1-3.9% of global emissions, estimate made without considering AI

Question 76

what are some processes that require electricity in computing?

Answer 76

-device manufacturing -water cooling in data centres -mining for minerals for device manufacturing -transporting goods

Question 77

what is the police and criminal evidence act 1984?

Answer 77

-PACE -aims to find a balance between privacy and freedom of users with technology and the powers of the police (digital forensics)

Question 78

what is the computer misuse act 1990

Answer 78

-makes hacking illegal -software misuse illegal -accessing/ helping others access protected files on another's computer

Question 79

what are the NPCC guidelines?

Answer 79

-don't change data that may be relied on in court -be competent in finding data that is relied upon -keep an audit trail -SIO/OIC is in charge

Question 81

What is a script kiddy?

Answer 81

- less skilled hacker using pre-made malware to gain attention or for fun

Question 82

what security aspect is spoofing related to?

Answer 82

-authentication

Question 83

what security aspect is related to tampering?

Answer 83

-integrity

Question 84

what is repudiation?

Answer 84

denying a process or access due to lack of authority

Question 85

what security control does information disclosure violate?

Answer 85

confidentiality

Question 86

what security control does denial of service violate?

Answer 86

availability

Question 87

what security principle does elevation of privilege violate?

Answer 87

authorisation