Chapter 1 Security Concepts BMIT2713 Information and IT Security

Tutorial 1 Part2

1. Distinguish between data and information.

Data Information

Raw, unorganized, and

unprocessed facts and figures Organized, processed, and meaningful data

Has no meaning or context by Has meaning and can be used to make decisions or gain
itself knowledge

Input that is processed to generate Output of the processing of data that has been analyzed,
information interpreted, and presented in a meaningful way

In summary, data is raw and unprocessed information, while information is processed and
organized data that has been given meaning and context.

Data refers to raw, unorganized, and unprocessed facts and figures, such as numbers,
text, images, or sounds. It has no meaning or context by itself, but can be processed
and analyzed to extract meaningful information.

Information, on the other hand, refers to organized, processed, and meaningful data
that is presented in a context that is useful and relevant to the recipient. It has
meaning and can be used to make decisions or gain knowledge about a specific topic
or situation.

In other words, data is the input that is processed to generate information. Data can be
thought of as the raw material that is transformed into useful and meaningful
information. Information is the output of the processing of data that has been
analyzed, interpreted, and presented in a meaningful way.
2. Define cybercrime.
Cybercrime is the use of computers, the internet, or other digital communication
technologies to commit illegal activities. It includes hacking, phishing, identity theft,
 cyberstalking, cyberbullying, and cyber terrorism. Cybercriminals exploit
vulnerabilities in computer systems and networks to gain unauthorized access to
sensitive information, steal money, and cause damage. It is important to take
proactive measures to protect digital assets and sensitive information.

3. Define identity theft.

Identity theft is when someone uses someone else's personal information without their
consent or knowledge for fraudulent purposes. This can include opening new credit
accounts, making purchases, and filing tax returns. It can cause financial loss, legal
issues, and emotional stress for the victim. It's important to protect personal
information by using strong passwords, being cautious online, and monitoring credit
reports regularly.

4. How identity theft is a great impact to personal, financial, business and legal?

Personal impact: Identity theft can cause emotional stress, anxiety, and
embarrassment for the victim. It can also damage their reputation and affect their
ability to obtain credit or loans in the future.
Financial impact: Identity theft can result in financial loss for the victim, including
fraudulent charges on credit cards or bank accounts, unauthorized loans or mortgages,
and even loss of employment. It can take months or even years to recover financially
from identity theft.
Business impact: Identity theft can have a significant impact on businesses, especially
if customer data is stolen. It can lead to loss of customer trust and confidence, damage
to the company's reputation, and potential legal liability. Businesses may also incur
significant costs in investigating the breach and implementing measures to prevent
future incidents.
Legal impact: Identity theft is a crime and can result in legal consequences for the
perpetrator. However, it can also lead to legal issues for the victim, such as being held
responsible for fraudulent charges or loans that were taken out in their name. Legal
fees may also be incurred when trying to resolve these issues.

Overall, identity theft can have serious and long-lasting impacts on individuals, businesses,
and legal entities. It's important to take proactive steps to prevent it from happening and to
respond quickly if it does occur.

5. Distinguish the effect of enabling and disabling macro security settings.

Enabling macro security settings blocks macros by default, reduces the risk of attacks, but
may impact productivity. Disabling macro security settings allows macros to run without any
prompt, increases the risk of attacks, but makes it easier to run macros. It's important to
consider the security implications and use appropriate macro security settings.
 6. Define encryption.

Encryption is the process of converting data into a secret code to prevent unauthorized
access. It uses an algorithm to scramble data that can only be understood with the key.
Encryption is used to protect sensitive information and maintain privacy and security in
various areas of modern life.

7. What could be the advantages and limitations of encryption?

Advantages Limitations

Improved security Complexity

Enhanced privacy Performance

Compliance Key management

Data integrity False sense of security

Advantages of encryption:

1. Improved security: Encryption provides a way to protect sensitive information from

unauthorized access, theft, and interception. It makes it much more difficult for
attackers to steal or read data that is encrypted, even if they manage to gain access to
it.
2. Enhanced privacy: Encryption can also help maintain privacy by ensuring that only
authorized users can access sensitive information. This is especially important in areas
such as healthcare and financial services, where privacy and confidentiality are
critical.
3. Compliance: Many industries and regulations require the use of encryption to protect
sensitive data. Compliance with these requirements can help avoid legal and financial
penalties.
4. Data integrity: Encryption can also help ensure the integrity of data by providing a
way to verify that it has not been tampered with or altered.

Limitations of encryption:
 1. Complexity: Encryption can be complex and requires specialized knowledge to
implement and maintain. This can make it challenging for smaller organizations or
individuals to use effectively.
2. Performance: Encryption can also impact system performance, especially when large
amounts of data need to be encrypted or decrypted.
3. Key management: Encryption relies on the secure management of encryption keys,
which can be a challenge to implement and maintain.
4. False sense of security: Encryption can provide a false sense of security if not
implemented correctly. Attackers can still gain access to encrypted data through
various means, such as social engineering attacks or exploiting vulnerabilities in the
encryption algorithm or key management process.

Encryption provides improved security, enhanced privacy, compliance, and data integrity.
However, it also has limitations such as complexity, impact on system performance, secure
key management, and the potential for a false sense of security. It's important to consider
both the advantages and limitations of encryption when implementing it in a particular
environment.

8. How users use encryption to keep files and drives from harmful risks.

Users can use encryption to protect their files and drives from harmful risks by encrypting
individual files, entire drives, or cloud storage using encryption software. They can also
encrypt their email messages. Encryption ensures that their data is protected from
unauthorized access and reduces the risks of data theft, interception, and loss. Strong
encryption algorithms, secure key management, and appropriate passwords or passphrases are
important to ensure the effectiveness of encryption.

9. What is the purpose of password?

The purpose of a password is to provide a secure way for individuals and organizations to
control access to their computer systems, online accounts, and other digital resources.
Passwords are a form of authentication that allow users to prove their identity and gain access
to protected information or services. Strong and unique passwords are important to ensure
maximum security.

10. How the user can make sure the applying password can help them.
Users can make sure their passwords are effective by using a strong, unique password for
each account, using password managers, changing passwords regularly, and using two-factor
authentication. These practices help to prevent unauthorized access to accounts and protect
sensitive information.