Digital Security Risks

Assignment #9

Sioquin, Eliza Joy S.

My buddy and I decided to divide the questions. I answered think questions number 1, 3 and 5.

Denga-Ey, Melrhean Grace M.

Melrhean answered think questions numbers 2, 4, 6 and 7 then she sent her answers thru messenger for compilation.

January 02, 2022

BSN 1-A
Think Question #1
Internet Research: Watch the link: https://youtu.be/81wWaGGumk?t=380
1. What is passwordless authentication? Discuss.
Paswordless authentication is any method of verifying a user without requiring the user to provide a password.
Proving the user’s identity can instead be done using an alternative factor like a proof of possession factor (mobile
authenticator apps, hardware token, one-time OTP), biometrics, or-I less than ideal cases-a knowledge factor (PIN,
passphrase, etc).

Think Question #2
Internet Research: Watch the link: https://youtu.be/X4lPEpATNxg?t=93
1. What is Unauthorized Access Incident Response?
Individuals without permission getting access to an organization's data, networks, endpoints, apps, or devices are
known as unauthorized access. It's linked to authentication, which is the process of verifying a user's identity when they
access a system. Unauthorized access is frequently caused by malfunctioning or misconfigured authentication methods.
2. What are the steps offered by National Institute of Standards and Technology (NIST) in incident response handling?
The NIST incident response lifecycle breaks incident response down into six main phases: Preparation,
Identification, Containment, Eradication, Recovery, and Lessons Learned. Incident response plans are invaluable
measures that every organization should have in place because — let’s face it — controls can fail. Incidents (however
minor) are more likely than not to occur. But having the right incident response steps in place can minimize the damage.

Think Question #3
Who are DarkNet Philippines and FilTech Hacker Philippines? Should hacktivism be punishable? Defend your answer.

DarkNet Philippines is more of an ideology than a mere hacker group and has many similarities to the infamous
hacking collective ‘Anonymous’. Using a similar modus operandi, they have many hackers taking part in their actions,
with most of them changing their phishing kits and attack kits’ folders after joining, a sign that DarkNet Philippines are
less of a hierarchical group and more of a hacking collective. On the flip side, the main goal of FilTech Hackers
Philippines appears to be focused on creating business disruption by defacing websites. Their motivations consist of
patriotic undertones, as demonstrated by the fact that some of their logos use the Philippine flag as a backdrop, although
in the future, the group’s goals could change to include monetary gains. It is led by a threat ‘Gr3ySh4DoW’ and is
LulzSec affiliate.

Fraudwatch. (2020, June 04.). Filipino Hacking Groups. https://fraudwatch.com/filipino-hacking-groups/

Think Question #4
Raymond has a laptop computer at home. His friend Alisa wants to use Raymond’s e-mail account to send a message.
How should Raymond proceed in this situation?
Defend your answer.
a) Raymond should give Alisa his username and password.
b) Raymond should ask Alisa to use her own e-mail account with her own username and password.
The principle of confidentiality states that data (such as passwords) and systems (such as e-mail) should only be
accessed by those who are authorized. In the scenario above, Raymond should not reveal his password to anyone,
including his girlfriend, because doing so would risk the security of the password he acquired from UH. In essence,
confidentiality entails denying outsiders the ability to alter or destroy data, as well as any access to them at all.

Think Question #5
Jopet uses an old PC which crashes regularly. A presentation he had been working on went through a complete makeover
as a result of these crashes. Once 17 rows went missing from the end of the document, although he thought that he had
saved the document before the computer crashed. On other occasion, the numbers in the documents’ charts had changed
to an unreadable mess. What is wrong in this situation?
Jopet shouldn’t have used the old PC in the first place if already knew that it crashes regularly. As the principle of
innocence states that integrity can be ensured with information updates and regular backup copies.

Think Question #6
A friend of Raymond’s, Alisa, must send a transcript of her studies to her own country on the 1st May AT THE LATEST.
Since Raymond and Alisa have decided to spend Labor Day together, Alisa does not send her transcript until 1st May at
23.30. It is Alisa’s bad luck that the e-mail system she uses does not respond to her requests at all. What’s wrong in this
example?
Alisa's data security is threatened in the example above when it comes to availability, as the e-mail system fails to
respond to her numerous requests. The availability principle states that a system's information and services are available to
authorized users within a predetermined time frame.

Think Question #7
In a social media environment such as Facebook, what are other potential threats to someone accessing your account?
Other dangers include fake accounts, spam, and malware, as well as site compromise, which occurs when an
attacker embeds malicious code on a site, and information disclosure, which occurs when personal or confidential
information is made public.