6.10: Study Questions
- Page ID
- 22758
\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)
\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)
\( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)
( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)
\( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)
\( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)
\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)
\( \newcommand{\Span}{\mathrm{span}}\)
\( \newcommand{\id}{\mathrm{id}}\)
\( \newcommand{\Span}{\mathrm{span}}\)
\( \newcommand{\kernel}{\mathrm{null}\,}\)
\( \newcommand{\range}{\mathrm{range}\,}\)
\( \newcommand{\RealPart}{\mathrm{Re}}\)
\( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)
\( \newcommand{\Argument}{\mathrm{Arg}}\)
\( \newcommand{\norm}[1]{\| #1 \|}\)
\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)
\( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)
\( \newcommand{\vectorA}[1]{\vec{#1}} % arrow\)
\( \newcommand{\vectorAt}[1]{\vec{\text{#1}}} % arrow\)
\( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)
\( \newcommand{\vectorC}[1]{\textbf{#1}} \)
\( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)
\( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)
\( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)
\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)
\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)
Briefly define the three components of the information security triad.
- Answer
-
Confidentiality, integrity, and availability.
Explain what authentication means.
- Answer
-
Confirming the identity of a user through something they know, have, or are before allowing access.
Give two examples of a complex password.
- Answer
-
Passwords with 8+ characters, uppercase/lowercase letters, numbers, and special characters.
Give three examples of threat actors.
- Answer
-
Hacktivists, cyber criminals, nation-states.
Name two motivations of hacktivists to commit cybercrime.
- Answer
-
Politics, social causes.
List five ways to defend against cyber attacks.
- Answer
-
Firewalls, encryption, access controls, security policies, awareness training.
List three examples of PII.
- Answer
-
Social Security Number, driver's license, bank account numbers.
Briefly explain the role of SOC.
- Answer
-
Security operations center monitors threats, analyzes events, and responds to incidents.
Explain the purpose of security policies.
- Answer
-
Provide rules and guidelines for employee security practices.
Explain how information availability related to a successful organization.
- Answer
-
High availability of systems and data is required for most business operations.
What are some ways mobile devices and remote work create security challenges for businesses?
- Answer
-
Mobile devices can expose data if lost/stolen. Remote work requires secure remote access tools.
What is social engineering and what are some examples?
- Answer
-
Tricking people to release info or compromise security. Phishing, pretexting.
Why is training employees on security best practices important?
- Answer
-
Employees cause many breaches via errors or social engineering.
What are some regulations like GDPR that businesses must comply with regarding data security and privacy?
- Answer
-
GDPR, HIPAA, PCI DSS, CCPA.
What was the impact of the GDPR regulation on Google and other US companies?
- Answer
-
Google fined $57M. Cost US companies millions to implement.
Exercises
- Research and analyze cybersecurity incidents to come up with scenarios of how organizations can prevent an attack.
- Discuss some IoT (Internet of Things) application vulnerabilities with non-techie and techie technology users, then compare and contrast their different perspectives and reactions to IoT vulnerabilities.
- Describe one multi-factor authentication method that you have experienced and discuss the pros and cons of using multi-factor authentication.
- Identify the password policy at your place of employment or study. Assess if it is a good policy or not. Explain.
- Take inventory of possible security threats that your home devices may be exposed to. List them and discuss their potential effects and what you plan to do about them.
- Recall when you last back up your data. Discuss the method you use. Define a backup policy for your home devices.
- Research the career of a SOC professional. Report what certificate training it requires to become SOC professionals, what the demand is for this career, and their salary range.
- Describe a time you experienced a possible security threat or breach. How did you respond and what was the outcome?
- What security best practices have you implemented for mobile devices you use for work or home?
- Share an example of a company that you feel demonstrates a strong security culture. What makes their security culture effective?