Scribd
Upload
68 views

IT Tutorial 1 Part 1

The document discusses various aspects of data security including the basic characteristics of information security such as confidentiality, integrity and availability. It outlines reasons for protecting personal information like identity theft and privacy. Maintaining data security is important to protect individuals from unauthorized access, theft or misuse of personal data. The main threats to data security include hacking, malware, natural disasters, phishing, insider threats and data breaches. Cloud service vulnerabilities and social engineering techniques used to steal personal information like phishing, pretexting and baiting are also described.

Uploaded by

Tamy Seng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views

IT Tutorial 1 Part 1

The document discusses various aspects of data security including the basic characteristics of information security such as confidentiality, integrity and availability. It outlines reasons for protecting personal information like identity theft and privacy. Maintaining data security is important to protect individuals from unauthorized access, theft or misuse of personal data. The main threats to data security include hacking, malware, natural disasters, phishing, insider threats and data breaches. Cloud service vulnerabilities and social engineering techniques used to steal personal information like phishing, pretexting and baiting are also described.

Uploaded by

Tamy Seng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Chapter 1 Security Concepts BMIT 2713 Information and IT security Tutorial 1 Part 1

1. List and describe basic characteristics of information security.


The basic characteristics of Information Security are confidentiality, to ensure
information is kept private and only accessed by authorised individuals. Integrity, to
ensure information is accurate and not tampered with. Availability, to ensure
information is accessible to authorised individuals when needed. Accountability, to
ensure that individuals are responsible and can be held accountable for their actions.

2. What could be the reasons for protecting personal information?


The reasons for protecting personal information is to prevent identity theft. This
information is the gateway to your financial institutions, medical records, credit
score and other important personal records. To maintain privacy, preventing
fraud, and complying with legal and ethical obligations.

3. Why maintaining data security is vital for an individual?


Maintaining data security is vital for individual because it helps to protect their
personal information from unauthorised access, theft, or misuse. This can help
prevent identity theft, financial fraud, and other types of harm.

To prevent disaster both personally and professionally due to misuse, malicious or


unintentional behaviour.

4. Specify FIVE (5) main threats towards data security.


5 main threats towards data security include hacking and malware attacks, natural
disaster, phishing and social engineering, insider threats, physical theft or damage,
and data breaches or leaks.

5. Briefly describe the possible cloud service vulnerabilities.


Cloud service vulnerabilities can include session hijacking, service reliability, and
reliance on the internet.

Session hijacking is a technique used by hackers to gain access to a target’s


computer or online accounts.
Service reliability is a method for measuring the probability that the cloud
delivers the services it is designed for.
Reliance on the internet is enabling client devices to access data and cloud
applications over the internet from remote physical servers, databases and
computers.

data breaches, insider threats, lack of transparency or control over data,


inadequate access controls, and insecure APIs (application programming
interfaces).
6. How a person can become victim of social engineering?
Commonly, social engineering involves email or other communication that
invokes urgency, fear, or similar emotions in the victim, leading the victim to
promptly reveal sensitive information, click a malicious link, or open a malicious
file.

Social engineering is a tactic used by hackers or attackers to manipulate individuals


into providing sensitive information or access to secure systems. A person can
become a victim of social engineering through tactics such as phishing emails,
pretexting (pretending to be someone else to gain access), or baiting (luring
individuals into providing information through a tempting offer or opportunity).

7. Specify the techniques used in social engineering to steal an individual’s personal


information.
Techniques include phishing, pretexting, baiting, quid pro quo, and tailgating.
Social engineering is the use of psychological manipulation to trick individuals into revealing
sensitive information or performing actions that compromise their security. Some common
techniques used in social engineering to steal an individual's personal information include:

1. Phishing: The attacker sends an email or message pretending to be a trusted source, such
as a bank or social media platform, and asks the victim to provide personal information
or click on a malicious link.
2. Pretexting: The attacker creates a false scenario or pretext to gain the victim's trust and
gather personal information, such as posing as a technical support representative or a
government agency.
3. Baiting: The attacker offers the victim something in exchange for personal information,
such as a free gift card or a fake job offer.
4. Impersonation: The attacker impersonates someone in a position of authority, such as an
IT administrator, to gain access to sensitive information or systems.
5. Tailgating: The attacker gains physical access to a secure area by following someone who
has authorized access, without presenting proper identification or credentials.

You might also like