Cyber Security Fundamentals:

1. Define confidentiality in the context of cyber security and provide

examples of measures to establish it.
Confidentiality in cyber security refers to the protection of data from
unauthorized access or disclosure. Measures to establish confidentiality
include data encryption, two-factor authentication, biometric verification, and
security tokens.
2. Explain the concept of integrity in cyber security and list standard
measures used to guarantee integrity.
Integrity in cyber security refers to protecting information from being
modified by unauthorized parties. Standard measures to guarantee integrity
include cryptographic checksums, using file permissions, uninterrupted power
supplies, and data backups.
3. Describe the importance of availability in cyber security and provide
examples of measures to ensure it.
Availability in cyber security ensures that authorized parties can access
information when needed. Examples of measures to ensure availability include
backing up data to external drives, implementing firewalls, having backup
power supplies, and implementing data redundancy.
4. Differentiate between two-factor authentication and biometric
verification in the context of cyber security.
Two-factor authentication requires users to provide two different
authentication factors, typically something they know (e.g., a password) and
something they have (e.g., a security token). Biometric verification uses
physical characteristics unique to an individual, such as fingerprints or facial
recognition, for authentication.
5. How can confidentiality be compromised in cyber security, and what are
some common methods used by attackers?
Confidentiality can be compromised through methods like cracking poorly
encrypted data, man-in-the-middle (MITM) attacks, and disclosing sensitive
data. Attackers may also exploit vulnerabilities in software or systems to gain
unauthorized access to confidential information.

Internet Governance:

6. Identify the key actors involved in internet governance and briefly

explain the roles of any two of them.
Key actors in internet governance include ICANN, IETF, ITU, WIPO, and IGF. For
example, ICANN manages the Domain Name System (DNS), while IETF
develops and promotes voluntary Internet standards and protocols.
 7. Discuss the significance of the Internet Governance Forum (IGF) in
shaping the evolution and use of the internet.
The Internet Governance Forum (IGF) serves as a platform for stakeholders to
discuss public policy issues related to the internet. It facilitates dialogue and
collaboration among governments, the private sector, civil society, and
technical communities, helping shape the evolution and use of the internet.
8. Explain the concept of internet governance and why it involves multiple
stakeholders.
Internet governance involves the development and application of shared
principles, norms, rules, and decision-making procedures by various
stakeholders. This is because the internet is a global resource, and its
governance requires input and collaboration from governments, private sector
entities, civil society, and technical communities.

Cyber Threats:

9. Define cyber warfare and explain how it differs from traditional warfare.
Cyber warfare involves the use of digital attacks by one nation-state or
organization to disrupt the vital computer systems of another, with the aim of
causing damage, death, and destruction. Unlike traditional warfare, cyber
warfare relies on computer code and can be conducted remotely without
direct physical confrontation.
10. Describe the types of cybercriminals and their motivations in committing
cybercrimes.
Cybercriminals include individuals or groups who commit crimes for financial
gain. They may engage in activities like ransomware attacks, phishing scams,
or intellectual property theft. Motivations for cybercrimes vary but often
involve monetary profit or personal gain.
11. What is cyber terrorism, and how does it differ from other forms of cyber
threats? Provide examples.
Cyber terrorism involves unlawful attacks or threats of attacks against
computers, networks, and information systems to intimidate or coerce
governments or people for political or social objectives. Examples include
hacking into critical infrastructure systems or launching denial-of-service
attacks to disrupt services.
12. Explain the concept of cyber espionage and discuss its implications for
national security.
Cyber espionage involves obtaining secrets and information without
permission from individuals, organizations, or governments for personal,
economic, political, or military advantage. It poses significant threats to
national security by compromising sensitive information and undermining
trust between nations.
Security Policies:

13. Define security policies and explain why they are considered "living
documents" in organizations.
Security policies are formal rules issued by organizations to ensure compliance
with security measures for technology and information assets. They are
considered living documents because they require regular updates to adapt to
changing technology and employee requirements.
14. Discuss the importance of virus and spyware protection policy in
maintaining cyber security.
Virus and spyware protection policies help detect and mitigate threats in files
and applications by using signatures and behavioral analysis. They are
essential for preventing malware infections and protecting sensitive
information from unauthorized access.
15. Describe the role of firewall policy in preventing unauthorized access to
systems and networks.
Firewall policies define rules for controlling incoming and outgoing network
traffic, blocking unauthorized access and potentially malicious activities. They
serve as a barrier between internal and external networks, helping to protect
systems and data from cyber threats.

Vulnerability in Cyber Security:

16. Define vulnerability in the context of cyber security and provide

examples of where vulnerabilities may be found.
Vulnerability in cyber security refers to weaknesses in IT systems that attackers
can exploit to deliver attacks. Examples include flaws in software, insufficient
network security measures, or poor password management practices.
17. Differentiate between vulnerability, risk, and threat in cyber security.
Vulnerability refers to weaknesses in a system, while risk is the probability and
impact of a vulnerability being exploited. Threats are actions or events that
exploit vulnerabilities to cause harm or damage.
18. Explain when a vulnerability becomes exploitable and discuss factors that
may prevent vulnerabilities from being exploited.
A vulnerability becomes exploitable when there is at least one definite attack
vector that attackers can use to exploit it. Factors that may prevent
vulnerabilities from being exploited include insufficient public information for
exploitation, existing security controls, and prior authentication requirements.

Threat Actors:

19. Define threat actors and discuss the different types of threat actors
based on their motivations and tactics.
 Threat actors are individuals or groups that intentionally cause harm to digital
devices or systems. Types of threat actors include cybercriminals, nation-state
actors, hacktivists, thrill seekers, insider threats, and cyberterrorists, each with
distinct motivations and tactics.
20. Explain the significance of understanding different types of threat actors
for individual and organizational cybersecurity.
Understanding different types of threat actors helps organizations identify
potential threats, assess risks, and implement appropriate security measures
to protect against cyberattacks.
21. Discuss the common targets of threat actors and why they are targeted.
Threat actors often target large organizations, small and medium-sized
businesses (SMBs), and individuals for financial gain, access to sensitive
information, or to disrupt operations. Weak security systems and valuable data
make these targets attractive to attackers.