Security and Ethics - SS3 ICT Past Questions and Answers - page 2
Why are encryption techniques important in data protection?
To slow down data transmission
To complicate data storage
To protect data from unauthorized access
To decrease data accuracy
What is an example of an insider threat?
Outdated software
Phishing emails
An employee stealing company data
Regular software updates
What is the primary aim of ethical guidelines in technology?
To restrict innovation
To encourage discrimination
To promote responsible and fair technology use
To increase cyberattacks
What can be the consequence of ignoring ICT policies?
Enhanced security
Improved employee morale
Data breaches and ethical violations
Decreased regulatory scrutiny
What is the primary role of a firewall in cybersecurity?
To create network backups
To prevent unauthorized access to a network
To speed up internet connections
To install antivirus software
Explain the concept of a "phishing attack" and provide an example.
A phishing attack is a type of cyberattack where attackers use deceptive emails, messages, or websites to trick individuals into revealing sensitive information, such as login credentials or financial details. An example of a phishing attack is receiving an email that appears to be from a reputable bank, asking you to click a link and enter your account details. The email and website may look legitimate, but they are designed to steal your information.
What are some common practices to strengthen the security of passwords?
Common practices to strengthen password security include:
Using complex and unique passwords for each account.
Avoiding easily guessable passwords, such as "123456" or "password."
Using a combination of upper and lower-case letters, numbers, and special characters.
Changing passwords regularly.
Using a reputable password manager to generate and store passwords securely.
Describe the potential consequences of a security breach for an organization.
The consequences of a security breach for an organization can be severe and may include:
- Loss of sensitive data and customer trust.
- Financial losses from legal actions, fines, and system repairs.
- Damage to the organization's reputation.
- Disruption of business operations.
- Legal and regulatory consequences for failing to protect customer data.
How can organizations mitigate insider threats effectively?
- Mitigating insider threats involves a combination of technical, organizational, and human-focused measures, including:
- Implementing access controls to limit employees' access to sensitive data.
- Conducting background checks during the hiring process.
- Providing cybersecurity training and awareness programs.
- Monitoring employee behavior and system logs for suspicious activities.
- Encouraging a culture of transparency and reporting of potential threats.
Discuss the importance of regularly updating software and operating systems for security.
Regularly updating software and operating systems is essential for security because updates often include patches for known vulnerabilities. Without updates, systems become more susceptible to exploitation by cybercriminals. Hackers can target these vulnerabilities to gain unauthorized access, steal data, or cause other forms of damage. Keeping software up-to-date helps protect against these threats and ensures the latest security features are in place.