Beruflich Dokumente
Kultur Dokumente
Chapter 1
Data are the raw bits and pieces of facts and statistics with no context. Data can be quantitative
or qualitative. Information is data that has been given context.
exploits allow an intruder to remotely access a network and gain elevated privileges, or move
deeper into the network.
The attack is an intended unauthorized action on a system/asset. An attack always has a
motivation to misuse system and generally wait for an opportunity to occur.
Chapter 2
1. What is threats? And what are the three major type of threats?
it refers to a new or newly discovered incident that has the potential to harm a system or your
company overall, the three major type of threats are Denial-of-Service (DoS/DDoS) Attacks,
Social Engineering and malware.
2. What is the best way to Perform regular threat assessments?
Conduct Risk Identification and Analysis, identifying risks for each asset and possible threats
they face is a complex task. The most important thing is to structure the process well so that
nothing important slips through the cracks. Companies can accomplish this by structuring their
asset registers with added columns for threats and vulnerabilities
3. What are the question to ask to determining your security vulnerabilities?
Do we understand the actual risk?
Has it been properly fixed?
Can we validate that the fix has worked?
4. What are the key aspects to consider when developing your risk management strategy?
Identify the risk
Analyze the risk
Rank the risk
Assign responsibility to address the risk
Monitor the risk
Respond to the risk
5. What are the Intentional threats (give examples)?
Intentional threats refer to purposeful actions resulting in the theft or damage of computer
resources, equipment, and data. Intentional threats include viruses, denial of service attacks, theft
of data, sabotage, and destruction of computer resources.
6. What are the Accidental threats (give examples)?
Accidental threats refer to situations in which damage or data loss occurs as a result of an insider
who has no malicious intent
7. Enumerate Threat Classification?
Spoofing of user identity
Tampering
Repudiation
Information disclosure (privacy breach or Data leak)
Denial of Service (D.o.S.)
Elevation of privilege
8. Give two example for Compromise of information from Threat Classification?
error in use, abuse of rights, denial of actions
9. Give two example for Technical failures from Threat Classification?
equipment, software, capacity saturation
10. How Microsoft classifies threat?
Damage – how bad would an attack be?
Reproducibility – how easy it is to reproduce the attack?
Exploitability – how much work is it to launch the attack?
Affected users – how many people will be impacted?
Discoverability – how easy it is to discover the threat?
11. Give examples of identity theft?
Stolen Checks
ATM Cards
Fraudulent Change of Address
Social Security Number Misuse
False Civil and Criminal Judgements
12. what are the types of identity theft?
Financial Identity Theft
Medical Identity Theft
Criminal Identity Theft
Child Identity Theft
Identity Cloning & Concealment
Synthetic Identity Theft
Mitigate Your Risk
Chapter 3
---------------------------------------------------------------------------------------------------------------------------------------
I. IDENTIFICATION. Write the correct answer on the space provided.
RA 10173 1. This act shall be known as the Data Privacy Act of 2012.
RA 10175 2. Also known as the Cybercrime Prevention Act of 2012.
Nine 3. Determine the total number of chapters included in question no.1.
Eight 4. Determine the total number of chapters included in question no.2.
SECTION 28 5. In the Data Privacy Act of 2012, determine the provision under chapter VIII.
Consent 6. Refers to any freely given, specific and agrees to collection and processing of personal
information relating to him or her.
Data Subject 7. Refers to an individual whose personal information is processed.
Information and Communications System 8. Refers to a system for generating, sending, receiving, storing and
processing of electronic data.
National Privacy Commission 9. To administer and implement, monitor and ensure the provision of the act.
Chapter IV 10. Identify the chapters where rights of the data subject are enumerated.
Not less than (Php500,000.00) but not more than (Php2,000,000.00) 11. The unauthorized processing of
personal information shall be penalized by 1 to 3 years’ imprisonment and a fine of_____.
September 9, 2016 12. The date when R.A. 10173 was approved.
II. True or False. Write T if the statement if True and write F if the statement in false.
T 1. Access refers to the instruction, communication with, storing data in, retrieving data from, or
otherwise making use of any resources of a computer system or communication network.
T 2. Alteration refers to the modification or change, in form or substance, of an existing computer data or
program.
T 3. Communication refers to the transmission of information through ICT media, including voice, video
and other forms of data.
T 4. Computer refers to an electronic, magnetic, optical, electrochemical, or other data processing or
communications device, or grouping of such devices, capable of performing logical, arithmetic, routing, or
storage functions.
T 5. Computer program refers to any representation of facts, information, or concepts in a form suitable
for processing in a computer system.
F 6. Computer data refers to a set of instructions executed by the computer to achieve intended results.
T 7. Computer system refers to any device or group of interconnected or related devices, one or more of
which, pursuant to a program, performs automated processing of data.
T 8. Illegal Access is the access to the whole or any part of a computer system without right.
T 9. Illegal Interception is the interception made by technical means without right of any non-public
transmission of computer data to, from, or within a computer system including electromagnetic emissions from
a computer system carrying such computer data.
F 10. Cyber-squatting is the intentional or reckless alteration, damaging, deletion or deterioration of
computer data, electronic document, or electronic data message, without right, including the introduction or
transmission of viruses.
T 11. System Interference is the intentional alteration or reckless hindering or interference with the
functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating,
altering or suppressing computer data.
T 12. Data Interference is the acquisition of a domain name over the internet in bad faith to profit, mislead,
destroy reputation, and deprive others from registering the same, if such a domain name is:
III. MATCHING TYPE. Fill-in the missing words by matching Column A to Column B. Write the exact
word on the space provided.
1. R.A. no. 10173 AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN
INFORMATION AND COMMUNICATIONS SYSTEMES IN THE GOVERNMENT AND THE
PRIVATE SECTOR, CREATING FOR THE PURPOSE A NATIONAL PRIVACY
_______________________ COMMISSION AND FOR OTHER PURPOSE.
2. R.A. no. 10175 AN ACT DEFINING CYBERCRIME, PROVIDING FOR THE PREVENTION,
INVESTIGATION, SUPPRESSION AND THE IMPOSITION OF PENALTIES THEREFORE AND
FOR OTHER PURPOSES.