Two Marks Section A
1 Define cyber security
Cybersecurity is
the practice of protecting digital devices, networks, and sensitive data from
cyber threats such as hacking, malware, and phishing attacks." It involves
a range of strategies, technologies, and best practices designed to safeguard
computers, networks, and data from cyber-attacks.
2 Name any two web browsers
1.Google
Chrome. Google Chrome, launched in 2008, has become the most …
2.Safari.
Apple Safari, or simply Safari, is a popular browser invented by Apple …
3.Microsoft
Edge. Microsoft Edge is an open-source web browser built by …
4.Mozilla
Firefox
3 What is internet?
The Internet (or internet) is
the global system of interconnected computer networks that
uses the Internet protocol suite (TCP/IP) to communicate between
networks and devices.
The internet, sometimes simply called the net,
is a worldwide system of interconnected computer networks and electronic
devices that communicate with each other using an established set of protocols.
4 What is cyber crime?
Cybercrime refers to criminal activities carried out
using computers and the internet, including hacking, data theft, malware
attacks, and financial fraud. With businesses, governments, and individuals
relying heavily on digital platforms, cyber threats have escalated, leading to
billions in financial losses worldwide.
5 Name any two types of
Cybercrimes
Two common types of
cybercrime are phishing and identity
theft
6 What is Virus?
A computer virus is a type of malicious software (malware) that replicates itself by modifying other computer programs and inserting its own code, often causing damage to data and systems.
A computer virus is a program designed to spread from one computer to another, similar to how a biological virus infects living organisms.
7 Mention any two social
media platform
1.
Facebook: The largest social media platform globally, with over 3 billion monthly active users. It is used for connecting with friends and family, participating in online communities, consuming content, and discovering brands and products.
2.
YouTube: The second-largest social media platform, known for its vast variety of video content, including music, comedy, tutorials, and more. It has evolved into a search engine and is a key player in the digital age
3. WhatsApp
In a
crowded messaging app market (QQ, Telegram, Snapchat, etc.) WhatsApp stands as the most popular, with more monthly
active social media users than Facebook Messenger (both are owned by
Facebook).
4.
Facebook Messenger
Messenger, originally Facebook Chat, is a
standalone messaging app and platform.
8 What is social media marketing?
Social media marketing (SMM) is the practice of using social media platforms to promote products, services, or brands, engage with customers, and drive website traffic.
Definition and Purpose
Social media marketing involves creating and sharing content on platforms like Facebook, Instagram, Twitter, and LinkedIn to connect with a target audience.
9 Define E-commerce.
E-commerce, or electronic commerce, is defined as the buying and selling of goods and services
over the internet. It encompasses a wide range of activities, including online transactions conducted through websites, mobile apps, and other digital platforms. E-commerce facilitates of products or services between businesses, consumers, or both.
10 What is digital payment?
A digital payment is a financial transaction where money is transferred electronically from one party to another without the exchange of physical cash. This process typically involves the use of digital devices such as mobile phones, computers, or payment cards. Digital payments can include various methods, such as online banking, mobile wallets, and credit or debit card transactions.
11 What is data backup?
Data backup is the process of copying data from a primary location to a secondary location to protect it from loss due to disasters, accidents, or malicious actions. This practice is essential for ensuring data availability and integrity, as it safeguards against hardware failures, virus attacks, human errors, and natural disasters. By maintaining backups, organizations can recover lost data and minimize disruptions to their operations.
12 What is anti-virus?
Antivirus software is specifically created to protect your devices from malicious software (malware) that can harm your system. This includes not only traditional viruses but also other threats such as worms, spyware, and ransomware. The primary purpose of antivirus software is to monitor your devices for known threats, eliminate them, and prevent future infections
Five
Marks Section B
1 what are the issues and challenges
of cybersecurity? Explain
What are the issues of cybersecurity?
Cybersecurity issues encompass a range of challenges that organizations must address to protect their systems and data from threats. These issues include:
1.
Human Error: A significant contributor to cybersecurity breaches, with 95% of breaches attributed to human error. Organizations must implement real-time solutions to mitigate risks associated with human mistakes.
2.
Advanced Threats: Cybercriminals are increasingly using AI-driven malware and complex phishing attacks to exploit vulnerabilities in systems and networks.
3.
Remote Work Vulnerabilities: Remote work has made securing company assets more complex, extending security measures to employees' homes and personal devices.
4.
Cloud Misconfigurations: Attackers can easily target organizations through improperly set up cloud services and unmonitored cloud endpoints.
5.
Fileless Attacks: These attacks embed themselves on legitimate software or memory, allowing them to evade detection and infiltrate protected systems.
6.
Addressing these issues requires a multi-faceted approach that includes strengthening technical measures, raising awareness, and investing in cutting-edge solutions. Organizations must continuously reassess security measures and follow established standards to defend against these evolving threats.
Top 5 Security
challenges you may face
1. Cloud
Attacks
Cloud computing has
developed exponentially in recent years. Cloud Service providers now offer
their customers a wide array of cloud platforms to maximise efficiency and
reduce costs.
What started as
merely an option for backup storage, cloud computing has since evolved into a
comprehensive computing platform that has revolutionized the way organizations
handle, store, and share data. It is, therefore, essential to know what
constitutes a cloud cyber attack so your company can bolster its defence
against them.
A cloud cyber
attack involves malicious activities targeting an off-site service platform
that provides storage, computing, or hosting services via its cloud
infrastructure.
This further
encompasses attacks on services utilizing service delivery models such as
Software as a Service, Infrastructure as a Service, and Platform as a Service,
and more. Each of these models offers its distinct features, making them prime
targets for cybercriminals.
- One of the most used methods
malicious actors use is exploiting vulnerabilities in the service software
itself.
- By exploiting these weaknesses,
attackers gain access to confidential information or disrupt business
operations and cause havoc.
- Ransomware has also become a favourite
tactic of malicious hackers. It works by encrypting users’ data and
holding it hostage until they provide the ransom amount in exchange for a
decryption key that unlocks their information.
Thus making it
challenging for businesses to protect themselves since it requires
extensive security measures both on-premise and within their cloud
assets to ensure complete protection from attacks.
The most recent
example is that – In March 2020, CAM4, an adult live-streaming website,
faced the unimaginable when their cloud account was hacked to reveal a
staggering 10.8 billion sensitive entries.
Compiling over 7TBs
of data ranging from location details and email addresses to usernames and
payment logs; no stone was left unturned in this hack. The magnitude of this
attack illustrates how critical it is for companies to ensure the security of
their cloud platforms. This example is a constant reminder that good cybersecurity
practices are essential in protecting one’s users’ privacy and safety.
This is why cloud
companies usually turn to Sprinto to get SOC 2 or ISO certified. After all,
prevention is way better than cure!
Cloud companies
rely on Sprinto to get SOC 2 & ISO certified faster, proving resilience to
customers and auditors. See how Sprinto does it.
2. Ransomware
Attacks
Ransomware is
malicious software that can cause irreparable damage to your computer and your
data. It revokes your access to your data by locking the device itself or
encrypting the files stored on it. Moreover, ransomware has been known to
spread from one machine to another to infect a larger network, as seen with
the Winery attack that impacted the UK’s National Health Service in
May 2017.
The perpetrators
behind ransomware attacks usually demand payment for unlocking your computer or
granting access to your data again. This is often done through anonymous emails
or websites requiring payment in cryptocurrency.
Unfortunately,
paying the ransom does not always ensure that access will be granted and
victims may lose not only their money but also any sensitive information they
have stored on their devices.
Moreover, there is
no surefire way to guard against ransomware attacks, and even the best security
measures may prove insufficient if hackers are determined enough. In addition,
many new variants of ransomware are being constantly developed, so staying
abreast of these developments is crucial for protecting yourself from them.
Also, check out:
List of cybersecurity certifications
3. IoT Attacks
(Internet of Things)
Given their
versatility, IoT gadgets do not usually maintain the stringent security
safeguards that would safeguard them against malicious activity when compared
to other computational assets. As a result, attackers have exploited these
weaknesses to access the systems. Though this is witnessing change, the change
has not amassed mass adoption globally.
IoT devices are
breached to gain access to confidential data and information. These breaches
usually involve installing malware on a device, damaging or corrupting the
device itself, or using it to access deeper levels of confidential data
belonging to the concerned business.
For instance, a cybercriminal may use any weaknesses
in an IoT device connected to an organization’s temperature control system. By
taking advantage of the device, they could possibly alter the room temperatures
associated with this particular machine. Consequently, organizations must
prioritize security measures for their Internet-of-Things devices to protect
themselves from attacks and malicious activities.
This attack can
have severe implications for businesses as it could lead to increased energy
costs and disruption of services due to damage caused by extreme temperatures.
Furthermore, if successful, this attack could provide access for the assailant
into more sensitive areas within the network and leave open doors for further
malicious activities.
For example, this
massive attack was one for the records, wreaking havoc on the internet as one
of the most significant DDoS attacks ever orchestrated. Malware dubbed ‘Mirai’
was used to infect and commandeer IoT devices such as digital cameras, set-top
boxes, and home routers so that it could cohesively operate them as a
botnet.
This horde of
enslaved gadgets then attacked Dyn’s DNS servers, effectively taking big-name
websites like Twitter, Reddit, Netflix, and CNN offline while they scrambled to
contain the confusion.
It was later
revealed that lax security measures on these devices opened the door for Mirai
malware to infiltrate them using their default name and password easily – hence
bracing itself for further reconnaissance on other vulnerable IoT gadgets.
4. Phishing Attacks
Phishing is a form
of social engineering frequently employed to pilfer personal information
including usernames, passwords, and credit card numbers. This cyber security
problem involves a bad actor who masquerades as a reliable entity sending
emails, cold emails messages, or texts to the vulnerable target(s).
The unsuspecting
recipient is tricked into clicking on the malicious link, upon clicking it
installs malware onto their system, and initiates a ransomware attack that
freezes their computer, or reveals confidential information.
An example of a
typical phishing scam is when an attacker sends out a spoofed email that
appears to be from any trusted email id and contains instructions for the
user’s password expiration.
How to prevent
this: To protect your company from these types of attacks, you need to know how
phishing works and what kind of threats you can face. You must also create
strong passwords and educate your employees on recognizing potential phishing
emails so they can avoid becoming victims.
Sprinto in its efforts to help organizations achieve compliance ensures that
they are regularly trained on the best practices of cybersecurity, common
pitfalls that everyone can avoid and more.
Compliance Security
training worth > $10,000 included
5. Insider Attacks
In May of 2022, a
security risk that stemmed from within Yahoo was revealed when it was
discovered that Qian Sang, a research scientist at the company, had stolen
proprietary information.
The incident
occurred shortly after he received an offer of employment from The Trade Desk,
a Yahoo competitor. After being aware of his job offer, Qian Sang immediately
downloaded around 570,000 pages worth of Yahoo’s intellectual property (IP) to
his devices.
He used both
digital and analog methods to quickly extract the data from Yahoo’s systems and
get away with it undetected.
The consequences
were severe for both parties: Qian Sang faced criminal charges for theft of
trade secrets and violation of computer crime law, whereas Yahoo suffered an
irreparable financial loss due to the unauthorized disclosure of its
products.
This incident
exemplifies just how damaging an insider threat can be – a single individual
with malicious intent can seriously damage a company in terms of its reputation
and financial standing.
This is why, as a
company, you must prevent such incidents by putting in place proper security
measures that keep track of internal user activity and limit access to
sensitive information based on user roles and responsibilities.
How to prevent this: To avoid these biggest challenges in
cyber security, you should conduct regular internal audits to ensure no
unauthorized downloads or access attempts on their networks.
Companies should
also implement employee training initiatives that educate personnel about
the importance of cybersecurity and make them aware that they could
face legal consequences if they engage in malicious activities while using
company-owned resources or networks.
2 explain the types of Cyber crime
What is Cybercrime?
Cybercrime can be defined as
“The illegal usage of any communication device to commit or facilitate in
committing any illegal act”.
A cybercrime is explained as a
type of crime that targets or uses a computer or a group of computers under one
network for the purpose of harm.
Cybercrimes are committed using
computers and computer networks. They can be targeting individuals, business
groups, or even governments.
Two Main Types of Cyber Crimes
- Targeting computers
This type of cybercrimes
includes every possible way that can lead to harm to computer devices for
example malware or denial of service attacks.
- Using computers
This type includes the usage of
computers to do all the classifications of computer crimes.
Classifications of Cybercrimes
Cybercrimes in general can be
classified into four categories:
1. Individual Cyber Crimes:
This type is targeting
individuals. It includes phishing, spoofing, spam, cyberstalking, and more.
2. Organisation Cyber Crimes:
The main target here is
organizations. Usually, this type of crime is done by teams of criminals
including malware attacks and denial of service attacks.
3. Property Cybercrimes:
This type targets property like
credit cards or even intellectual property rights.
4. Society Cybercrimes:
This is the most dangerous form
of cybercrime as it includes cyber-terrorism.
Most Common Cyber Crimes
Now that you understand what
cybercrimes are, let’s discuss some common cybercrimes.
1. Phishing and Scam:
Phishing is a type of social
engineering attack that targets the user and tricks them by sending fake messages
and emails to get sensitive information about the user or trying to download
malicious software and exploit it on the target system.
2. Identity Theft
Identity theft occurs when a
cybercriminal uses another person’s personal data like credit card numbers or
personal pictures without their permission to commit a fraud or a crime.
3. Ransomware Attack
Ransomware
attacks are a very common
type of cybercrime. It is a type of malware that has the capability to prevent
users from accessing all of their personal data on the system by encrypting
them and then asking for a ransom in order to give access to the encrypted
data.
4. Hacking/Misusing Computer
Networks
This term refers to the crime
of unauthorized access to private computers or networks and misuse of it either
by shutting it down or tampering with the data stored or other illegal
approaches.
5. Internet Fraud
Internet fraud is a type of
cybercrimes that makes use of the internet and it can be considered a general
term that groups all of the crimes that happen over the internet like spam,
banking frauds, theft of service, etc.
Other Types of Cybercrime
Here are another 9 types of
cybercrimes:
1. Cyber Bullying
It is also known as online or
internet bullying. It includes sending or sharing harmful and humiliating
content about someone else which causes embarrassment and can be a reason for
the occurrence of psychological problems. It became very common lately, especially
among teenagers.
2. Cyber Stalking
Cyberstalking can be defined as
unwanted persistent content from someone targeting other individuals online
with the aim of controlling and intimidating like unwanted continued calls and
messages.
3. Software Piracy
Software piracy is the illegal
use or copy of paid software with violation of copyrights or license
restrictions.
An example of software piracy
is when you download a fresh non-activated copy of windows and use what is
known as “Cracks” to obtain a valid license for windows activation. This is
considered software piracy.
Not only software can be
pirated but also music, movies, or pictures.
4. Social Media Frauds
The use of social media fake
accounts to perform any kind of harmful activities like impersonating other
users or sending intimidating or threatening messages. And one of the easiest
and most common social media frauds is Email spam.
5. Online Drug Trafficking
With the big rise of
cryptocurrency technology, it became easy to transfer money in a secured
private way and complete drug deals without drawing the attention of law
enforcement. This led to a rise in drug marketing on the internet.
Illegal drugs such as cocaine,
heroin, or marijuana are commonly sold and traded online, especially on what is
known as the "Dark Web".
6. Electronic Money Laundering
Also known as transaction
laundering. It is based on unknown companies or online business that makes
approvable payment methods and credit card transactions but with incomplete or
inconsistent payment information for buying unknown products.
It is by far one of the
most common and easy money laundering methods.
8. Cyber Extortion
Cyber extortion is the demand
for money by cybercriminals to give back some important data they've stolen or
stop doing malicious activities such as denial of service attacks.
9. Intellectual-property
Infringements
It is the violation or breach
of any protected intellectual-property rights such as copyrights and industrial
design.
10. Online Recruitment Fraud
One of the less common
cybercrimes that are also growing to become more popular is the fake job
opportunities released by fake companies for the purpose of obtaining a
financial benefit from applicants or even making use of their personal data.
3 write a note on social media
marketing
Social Media Marketing (SMM) can be defined as a powerful form of digital
advertising that utilizes various social media applications to showcase
products and services. Through platforms like Facebook, Twitter, and Instagram,
businesses have the opportunity to not only promote their offerings but also
interact with their target audience in meaningful ways. This can lead to the
creation of a loyal community of followers who actively engage with the brand,
resulting in increased brand awareness, sales, and website traffic.
Social Media Marketing not only allows businesses to gather valuable
customer feedback but also creates a sense of approachability. By utilizing
social media, organizations have the opportunity to foster meaningful relationships
with their audience. This platform serves as a space for customers to express
their concerns, ask important questions, and feel heard. Furthermore, it
enables brands to respond, adapt, and improve their processes or products.
4 explain the advantages of
e-commerce
1) Low costs
An important benefits of ecommerce is that starting a website is anytime
less expensive than a physical outlet. You do not have to furnish your outlet,
no need to pay rent and hire several employees to work in it. The cost of marketing
and promotional strategies is also low.
One of its main Benefits Of Ecommerce is the absence of middleman that
reduces the cost price to a greater degree. As a direct link is established
between buyer and seller the portal is able to create an effective supply
chain.
Moreover, the online portal is computerized and automated saving a
crucial amount of money. Yes, you will need to shed a small amount if you are
interested in a customized website but you already have a customer base that is
a compulsive online shopper.
2) Flexibility and speed
An individual or a company can easily open an online store within a few
days whereas a physical outlet needs space, commercial leasing procedure as
well as ample construction and decoration time for its opening. It is possible
to change displays and product offerings within minutes in an e-commerce site
whereas you need proper planning and ample time and manpower to do so in
physical stores.
In terms of flexibility and speed e-commerce sites beat retail outlets by
a long margin and this feature is considered one of the main benefits of
ecommerce. The entrepreneur is able to handle all the operations from the
comfort of his home without renting office space.
He just needs an internet connection and a device to handle all the
transactions effectively.
3) Speeds up the buying process
Earlier a customer had to pre-plan his shopping trip even if he wanted to
buy a specific thing. It would mean rearranging his schedule and going to the
outlet to make the purchase. One of the main benefits of ecommerce is that it
speeds up the buying process.
A visit to the outlet which is very far from your home and will waste
nearly two to three hours of your time is no longer necessary. Just sit back in
the comfort of your home or even your office, search for the product and make a
purchase.
Moreover, the online stores are open 24*7 hence you can use it as per
your convenience. E-commerce helps the customer to buy a particular product
easily without wasting his time by giving him access to a wide range of
choices. You are also saving traveling time as the product is being delivered
at the destination of your choice.
4) A comprehensive description of products
Customers are on the look-out for a comprehensive description of the
products they want to buy and it is one of the major benefits of ecommerce. An
e-commerce portal offers its customers a product catalog that has data sheets
featuring all the useful information about its products and services.
The characteristics, its usefulness, and specifications are listed in a
detailed manner. Even the colors of some of the products like mobile
phones are mentioned so that you can make a choice according to personal
preference. The customers can read about the ingredients of edible products and
collect background information which is not possible in retail outlets or
physical stores.
Armed with the knowledge at their fingertips it becomes easier for the
consumers to buy products they desire. The online websites also include the
ratings and the customer feedback which tell the customers about the
likeability of a product in the market.
The portal offers warranty information along with other relevant terms
and conditions pertinent to the product that later prove useful for a consumer.
5) Keep an eye on buyer’s habit
Information about the likes and dislikes of a customer is very important
and an online store is able to record and analyze the frequency with which the
buyer has purchased items or viewed other items in his portal. This is not
possible in physical stores. One of the benefits of ecommerce is that the
traders can keep a direct and indirect eye on the behavior of its customers and
customize its offerings to suit their individuality.
The past browsing history is utilized to tempt consumers with related or
same products. The online portals keep a ready stock of the items that are
being pursued and purchased to satisfy its customers.
6) Easy availability through search engines
There is a huge difference between the physical and online stores if you
are looking for benefits of ecommerce. The first thrives because of its
branding and the second on the large traffic from search engines.
With the advent of the internet, the consumer has become more street
smart and advanced. He realizes the importance of online shopping and has been
using search engines to find products and services at his convenience. A
physical store is in most cases limited to a single area whereas the search engines
allow the worldwide audience in its portal.
In order to utilize the concept of search engines remember more often
than not the consumers appear only on the first page hence make it as visible
as you can so that they are tempted to visit the next pages. This enables the
portal to get maximum customers, revenues and coverage for its business.
7) Technology at its best
An important benefit of ecommerce is that it is using technology for its
own advantage. As the systems are computerized it becomes easy to maintain its
working order without the tension of getting tired or becoming slow by the end
of the day.
Technology helps to make viable comparisons of the products and their
rates and specifications which is not possible in physical outlets hence the
use of technology make online portals accurate, effective and efficient in
their dealings with their customers.
8) Reduce the cost of managing inventory
If you are looking for one of the benefits of ecommerce then it can
easily save time and reduce its inventory cost when compared with physical
stores. The online portal offers features and facilities that automate several
responsibilities.
It introduces a web-based system through which the website can automate
and manage inventory by itself and thus reduce the operating cost.
9) Encourages impulse to buy
An online site has information on the buying habits of its customers. It
knows that there are several products that the consumer is interested in buying
but is unable to do so. One of the benefits of e-commerce portal is that it can
keep its eyes on these potential targets and offer several schemes and
discounts that prompt the customers to make an impulse buy.
The website makes its products more attractive with color options and
images so that the customer is tempted to make a purchase.
10) Retarget your customers
If you are looking for benefits of e-commerce then one of the main ones
is its ability to retarget its customers. The portal has information about the
individuals that visit its site and has made purchases.
It uses this information through several techniques to maintain the
interest of the consumers like sharing a coupon and sending emails for
cross-selling purposes. It is possible when a customer visits a certain page in
a particular time period
5 what are the key aspects of mobile
phone security
What Is Mobile Security?
Mobile security refers to
the protection of smartphones, tablets, and other portable devices from threats
that can compromise data, functionality, or user privacy. As mobile devices
become central to both personal and business life, mobile device
security has become critical to guard against malware, unauthorized
access, data leaks, and more. This includes securing operating systems, apps,
network connections, and user behaviors.
Key aspects include mobile
network security, data
encryption, app permission
control, and remote wipe features. Whether you’re dealing with security in
mobile computing or exploring mobile security solutions, it’s essential to
stay ahead of mobile security threats. Understanding both the risks and methods
of mobile security threats and prevention helps protect sensitive
information. For visual learners, a mobile device security diagram can help
illustrate how various layers of defense work together to secure mobile
security devices in today’s digital world.
Securing mobile devices in
today’s threat landscape requires a layered approach, combining technology,
best practices, and user awareness. At the heart of mobile
security are several key components designed to defend against a wide
range of mobile security threats and prevention challenges. These components
are especially important as mobile device attacks, mobile network threats,
and smartphone security risks continue to rise across both personal and
business environments. Let’s explore how the essential elements of mobile
device security work together to protect against modern risks.
1. Data Encryption
Encryption is a foundational
pillar of mobile device security. It protects sensitive data by
transforming it into unreadable code during both storage and transmission. This
prevents unauthorized access, even if mobile security devices are
compromised. Especially within mobile network security, end-to-end
encryption is critical to shielding private messages, financial
transactions, and business communications from prying eyes.
2. Authentication and Access Control
Strong authentication is
another must-have for secure mobile devices. Methods such as biometrics,
passwords, and multi-factor authentication reduce mobile device security risks
by ensuring only authorized users can access the device or sensitive
applications. Role-based access control is also commonly used in
enterprise mobile security management to further limit access based on job
roles and permissions.
3. Secure App Development and Monitoring
One of the lesser-known but
equally vital components of mobile security in cyber security is
developing apps with security in mind. This means writing secure code, using
secure APIs, and running regular security tests to reduce vulnerabilities.
Post-launch, real-time monitoring (like Flutter monitoring) helps identify
unusual behavior—an important defense against mobile threats. Developers and organizations
alike benefit from using reliable mobile security platforms that support mobile
device security solutions from development to deployment.
4. Regular Updates and Patch Management
Outdated software is a common
gateway for cybercriminals. Routine updates and patching help fix
vulnerabilities before they can be exploited. Keeping both operating systems
and apps current is essential in cyber security for mobile devices,
especially when defending against fast-moving smartphone security threats and
emerging malware targeting mobile environments.
5. Email Security and Phishing Prevention
Email is one of the most abused
channels in mobile cyber security. Tools like phishing
simulations train users to detect malicious links and fake emails,
reducing the risk of falling for scams—a common mobile phone security issue.
Protecting against phishing is also critical for security mobile devices,
especially those used by remote teams or employees frequently working on the
go.
Understanding the benefits
of mobile security means recognizing how each component contributes
to a holistic strategy. From mobile security solutions and mobile security
platforms to end-user education and protecting mobile devices, building a
strong defense is no longer optional. Whether you’re managing BYOD environments
or seeking enterprise-level controls, these components offer scalable answers
to address mobile security issues. And when comparing mobile security vs
computer security, remember that mobile environments face unique risks that
demand specialized attention—and proactive protection.
The key aspects of mobile phone security include:
1.
Protecting Devices: Safeguarding smartphones and tablets from hackers and malware.
2.
Data Protection: Ensuring data integrity and preventing credential theft and account compromise.
3.
Strengthening Defenses: Applying measures to combat risks such as data breaches and unwanted surveillance.
4.
App Security: Using apps designed to detect and prevent fraud, phishing, and scams.
5.
Network Security: Protecting mobile devices from threats on the internet and within networks.
6.
These aspects are crucial for maintaining the security of mobile devices and protecting user data.
Ten Marks Section C
1 explain
the advantages of internet
The advantages of
the internet include easy and instant communication, access to a vast
amount of information for learning and staying informed, and convenience for
online shopping, banking, and entertainment. It also enables remote work,
global connectivity, and business growth through e-commerce and digital
marketing.
Communication and social connection
Instant
communication: Connect with people anywhere in the world through email,
messaging apps, and video calls.
Global connectivity: Build communities and stay in touch
with friends and family over long distances.
Social networking: Easily share information and
connect with people who have similar interests through social media
platforms.
Information and
education
Vast information source: Access a massive amount of
information on virtually any topic, from news and research to hobbies.
Enhanced learning: Take online courses, watch
educational videos, and access research papers from anywhere, promoting
continuous learning and upskilling.
Stay
informed: Keep up-to-date with current events through news websites and
online publications.
Commerce and services
Online
shopping: Shop for a wide variety of products and services 24/7 without
leaving home.
Online banking and
finance: Perform banking transactions, pay bills, and manage investments
securely online.
Business
expansion: Promote businesses, reach a global customer base, and conduct
e-commerce efficiently.
Entertainment and
productivity
Entertainment
options: Enjoy a wide selection of movies, music, games, and other forms
of entertainment.
Remote
work: Work from home or anywhere with an internet connection, increasing
flexibility and convenience.
Increased
productivity: Find tools and resources that help with research,
collaboration, and other work-related tasks.
2 explain cybercrime against
women and children
Cybercrime against
women and children includes online harassment, sexual exploitation, and
stalking, often involving the use of technology for intimidation, blackmail,
and defamation. Common examples include cyberbullying, sharing non-consensual
intimate images (including morphing and deepfakes), cyberstalking, and the
production and distribution of child sexual abuse material (CSAM). These
crimes disproportionately affect women and children, who are particularly
vulnerable due to a lack of awareness and increased online activity, leading to
significant emotional distress and other harm.
Common cybercrimes
Using the internet
to harass and intimidate a person by following their online activities,
bombarding them with emails, or posting threatening messages.
Using electronic
communication to bully a person, often through social media, messaging apps, or
other online platforms.
Non-consensual
sharing of intimate images:
Sharing private
photos or videos of individuals without their consent, which is often used for
blackmail or to cause humiliation.
Using threats to
blackmail someone into performing sexual acts or paying money.
A predator building
a relationship of trust with a child online to exploit them, often sexually.
Child
Sexual Abuse Material (CSAM):
Creating, storing,
or distributing sexually explicit images or videos of children online.
Cyber
defamation/smearing:
Intentionally
damaging a person's reputation online.
Tricking
individuals into revealing personal information through fake emails or
websites, which can be used for identity theft.
Traffickers
live-streaming or filming victims performing sexual acts and selling the
material online.
Why women and
children are vulnerable
Increased online presence:
The mobile
revolution has given more women and children access to the internet without
sufficient awareness of the risks.
Lack of awareness
and sensitization:
Many victims are
not adequately educated about online safety measures.
Trust and social
pressure:
Victims are often
targeted by people they meet online, and social pressure can discourage
reporting.
Tools
availability:
Many tools and
services for committing cybercrimes are readily available in online markets,
even for those with no technical expertise.
Consequences of
these crimes
Psychological
harm:
Victims may
experience severe emotional and psychological distress, which can sometimes
lead to extreme actions like suicide.
Reputational
damage:
Crimes like
defamation and non-consensual image sharing can severely damage an individual's
reputation.
Financial
loss:
Some crimes, such
as sextortion or phishing, can lead to significant financial loss.
Physical
danger:
Cybercrimes can
escalate and sometimes lead to real-world violence.
3 explain briefly the
security issues related to social media
Social media
presents security issues like phishing, malware, and account hijacking,
often stemming from cybercriminals using social engineering to trick users into
revealing sensitive data or clicking malicious links. Other risks include
identity theft from oversharing personal information, data breaches from weak
platform security, and the spread of harmful misinformation and scams.
Common security
issues
Phishing and
scams:
Attackers create
fake profiles or messages to trick users into giving up personal information,
account credentials, or money, notes pandasecurity.com.
Malware and
viruses:
Malicious links or
files disguised as posts can infect a device, steal data, or even lock files with
ransomware. Hijacked accounts are also used to spread malware to
friends.
Account
hijacking:
Weak passwords or
security vulnerabilities can lead to unauthorized access to accounts. Once
compromised, attackers can use the account to spread scams or malware to your
contacts.
Identity
theft:
Sharing personal
details like your full name, birthday, or location can make you a target for
identity theft. Criminals can use this information to create fake accounts
or conduct fraud.
Data breaches and
privacy loopholes:
Social media
companies collect vast amounts of user data, which can be vulnerable to
hacking. Privacy settings can also have loopholes, potentially exposing
sensitive information.
Social
engineering:
Cybercriminals
manipulate users into performing actions or divulging confidential information,
often by building trust or using fear tactics through social media
platforms.
Cyberbullying and
harassment:
This can lead to
emotional distress and can sometimes escalate to cyberstalking or doxxing (publishing
private information online).
Third-party app
vulnerabilities:
Apps and services
that connect to your social media can have their own security flaws, which can
provide a backdoor for hackers to access your account and data.
4 explain about the common
frauds and preventive measures of digital payment
Common digital
payment frauds include phishing, SIM swap, UPI/QR code scams, account
takeovers, and card skimming. To prevent these, use strong, unique passwords,
enable multi-factor authentication, download apps only from official stores,
avoid clicking suspicious links, and monitor your accounts regularly for
unusual activity.
Common digital
payment frauds
Phishing: Fraudsters
use fake emails, SMS, or websites to trick you into revealing sensitive information
like passwords, OTPs, or card numbers.
SIM Swap
Fraud: Scammers convince a telecom provider to port your number to their
own SIM card, allowing them to intercept one-time passwords and other security
codes.
UPI and QR Code
Scams: Malicious QR codes or links can lead to fake payment gateways, or
you might be tricked into sending money instead of receiving it.
Account Takeover
(ATO): Criminals gain unauthorized access to your account by stealing
login credentials through data breaches, weak passwords, or social engineering.
Card
Skimming: Fraudulent devices attached to ATMs or point-of-sale terminals
capture your card information when you use it.
Fake Investment
Schemes: Scammers lure you with promises of high returns to steal your
money through fake investment apps or schemes.
Malicious Payment
Links: Links sent via SMS or social media can lead to fake websites
designed to steal your payment information.
Preventive measures
Use strong security
practices:
Create strong,
unique passwords for all your payment accounts.
Enable multi-factor
authentication (MFA), such as two-factor authentication (2FA), whenever
possible.
Be cautious with
links and downloads:
Do not click on
suspicious links in emails, SMS, or social media.
Only download
payment apps from official stores like the Google Play Store or Apple App
Store.
Be wary of unknown
apps and check reviews for suspicious activity before downloading.
Monitor your
accounts:
Regularly review
your bank and credit card statements for any unauthorized transactions.
Report any
suspicious activity to your bank immediately.
Secure your
devices:
Keep your operating
system and apps updated to patch security vulnerabilities.
Use a trusted
antivirus program to scan your devices for malware.
Verify requests:
Never share
sensitive information like OTPs, PINs, or card details in response to
unsolicited requests via email, phone, or text.
5 explain cyber security
measures and best practice
Cybersecurity measures and best
practices include strong, unique passwords with multi-factor
authentication (MFA), keeping all software and systems updated, and educating
users about threats like phishing. Other key practices are implementing strong
network security like firewalls, regularly backing up data, and securing
endpoints like laptops and mobile devices.
Technical
measures
·
Use
strong passwords and MFA: Create
complex, unique passwords and enable multi-factor authentication wherever
possible to provide an extra layer of security.
·
Keep
software updated: Regularly
update your operating system, applications, and security software to patch
vulnerabilities that attackers can exploit.
·
Install
security software: Use
antivirus, anti-spyware, and anti-malware software on all devices to detect and
remove threats.
·
Secure
your network: Implement strong network
security, including firewalls, and avoid using public Wi-Fi networks or use a
VPN if you must.
·
Encrypt
sensitive data: Encrypt data both in transit
(like over the internet) and at rest (on your hard drive or in cloud storage).
·
Back
up data: Regularly back up your
important data to a separate location, such as an external drive or cloud
service.
User
and organizational best practices
·
Be
aware of phishing and social engineering: Do not click on links or open attachments from unknown
senders. Be cautious of emails, even if they seem to come from a trusted
source.
·
Educate
users: Provide cybersecurity
training to employees to help them recognize and avoid threats.
·
Limit
access: Follow the principle of least
privilege, giving users only the access they need to perform their jobs.
Regularly review and update permissions.
·
Monitor
for threats: Continuously monitor networks
and systems for suspicious activity.
·
Create
an incident response plan: Have
a plan in place for how to respond to a security breach.
No comments:
Post a Comment