1
Q
What is risk?
A
The potential for harm.
2
Q
What is the formula for risk?
A
Risk = Threat x Vulnerability
3
Q
How is risk managed?
A
- Identify the risk
- Implement controls to mitigate the risk
4
Q
What is a control in risk management?
A
A measure used to mitigate risk.
Examples: privacy training, access controls, encryption, data minimization.
5
Q
What are the four types of risk?
A
- Legal
- Operational
- Reputational
- Strategic
6
Q
What constitutes legal risk?
A
Noncompliance with federal, state, local, international laws, contracts, or industry standards.
7
Q
What is operational risk?
A
Balancing administrative efficiency with customer privacy.
e.g., overcollection vs. minimalism
8
Q
What is reputational risk?
A
Risk to company image or trust due to breaches or privacy failures.
9
Q
What is strategic risk?
A
Risk related to ROI or cost-benefit decisions on tools/services.
10
Q
What was ARPAnet?
A
- A military computer network developed by ARPA
- Precursor to the internet
11
Q
When and where did the first ARPAnet connection occur?
A
- October 29, 1969
- Between Stanford and UCLA
12
Q
What does ‘www’ stand for?
A
World Wide Web
13
Q
What is a URL?
A
- Uniform Resource Locator
- The address of a web resource
14
Q
What is a hyperlink?
A
A URL embedded in a web page or email.
15
Q
What does HTTP stand for?
A
Hypertext Transfer Protocol
16
Q
What is HTTPS?
A
HTTP Secure
Encrypts data using SSL or TLS.
17
Q
What is encryption?
A
A mathematical process to encode data.
18
Q
What is a browser?
A
An application used to access and display web content.
19
Q
Who developed the first web browser?
A
Tim Berners-Lee
It was called WorldWideWeb/Nexus
20
Q
What browser did Marc Andreessen help develop?
A
Mosaic
It later became the foundation for Netscape.
21
Q
What does HTML stand for?
A
Hypertext Markup Language
22
Q
What does HTML5 enable?
A
Supports:
- Audio
- Video
- Mobile devices
- Improved security
23
Q
What is XML?
A
Extensible Markup Language
It is used to store and transport data.
24
Q
What is CSS?
A
Cascading Style Sheets
It is used for web design and styling HTML content.
25
What is a **client** in internet terminology?
A device or application that **requests content** from a server.
26
What is a **server**?
A system that **provides content** to clients.
27
What is an **IP address**?
An address used to **send and receive** data over the internet.
## Footnote
IP = Internet Protocol
28
What does a **proxy server** do?
**Masks** or **hides** a client's IP address.
29
What is the **function** of a **firewall**?
**Blocks malicious traffic** from entering a network.
30
What does a **VPN** do?
Connects a client to another machine and **routes traffic through it securely**.
## Footnote
VPN: Virtual Private Network
31
What is a **static** IP address?
An IP address that **does not change**.
32
What is a **dynamic** IP address?
An IP address that **changes regularly**.
33
How many addresses does **IPv4** support?
Approximately **4.3 billion**
34
How many addresses does **IPv6** support?
About **1037**—enough for 65,000 per square foot on Earth.
35
What are the **three states** of data?
* Data at rest
* Data in transit
* Data in use
36
How is **data at rest** protected?
**File-** and **disk-level** encryption.
37
How is **data in transit** protected?
Encrypted **tunnels** like VPNs or SSL/TLS.
38
How is **data in use** protected?
* Clean desk policies
* PC locking
* Privacy screens
39
What is **caching**?
**Saving web data locally** to speed up loading times.
40
What is a **web server log**?
A **record of user access**, including IP address, pages visited, and timestamps.
41
What is an **ISP**?
Internet Service Provider
## Footnote
It connects users to the internet.
42
What is **TCP**?
Transmission Control Protocol
## Footnote
A connection-oriented data protocol.
43
What is **JavaScript**?
A programming language for **dynamic web content**.
44
What was **Flash** used for?
To **display videos on web pages** (no longer supported).
45
What is **cross-site scripting** (XSS)?
A malicious attack **injecting code** into a trusted **web page**.
46
What does TCP use to **establish a connection**?
A **three-way** handshake.
47
How does TCP **handle large files**?
* Breaks files into packets
* Sends via different routes
* Reassembles at destination
48
What is **packet switching**?
Network method where **data is broken into packets** sent independently and reassembled.
49
What is a **URI**?
Uniform Resource Identifier
## Footnote
A general term for unique resource identifiers including URLs and URNs.
50
What is a **URN**?
Uniform Resource Name
## Footnote
A URI that names a resource without giving its location or retrieval method.
51
What is a **URL deep link**?
A link that **points to a specific page** or **paragraph** within a site.
52
What is a **thick client**?
A device where **processing is done locally**.
## Footnote
e.g., desktop with CPU, RAM
53
What is a **thin client**?
A device where **processing is done in the cloud**; only needs a browser.
54
What is the **front end** in web development?
**User-facing** part of a website or application.
## Footnote
Examples: HTML, CSS, JavaScript
55
What is the **back end** in web development?
The **server-side structure** that powers the front end.
## Footnote
Examples: databases, APIs
56
What is **cloud computing**?
Using computing resources **on another computer**, typically via the internet.
57
What is the '**cloud**' in cloud computing?
**Someone else's computer** that provides on-demand resources.
58
What are **three advantages** of cloud computing?
* Cost savings
* Scalability
* Easier management
59
What are the **three cloud service models**?
* Infrastructure as a Service (IaaS)
* Platform as a Service (PaaS)
* Software as a Service (SaaS)
60
What is **Infrastructure as a Service**?
| (IaaS)
**Physical infrastructure** provided by a third party; subscriber has full control.
61
What is **Platform as a Service**?
| (PaaS)
Platform used mainly **by developers** to build applications.
62
What is **Software as a Service**?
| (SaaS)
**Web-based applications** managed by a third party; no downloads required.
63
Which cloud model offers the **most user control**?
Infrastructure as a Service
| (IaaS)
64
Which cloud model is **ideal for developers**?
Platform as a Service
| (PaaS)
65
Which cloud model is like **renting software** over the internet?
Software as a Service
| (SaaS)
66
What is **edge computing**?
A **distributed computing model** that processes data near the source or user.
67
What is driving the **adoption** of edge computing?
The Internet of Things
| (IoT)
68
What are some **benefits** of edge computing?
* Reduced latency
* Optimized bandwidth
* Better privacy/security
* Improved reliability
69
What is **SMTP** used for?
**Sending emails** by routing them through servers.
70
What is **IMAP** used for?
Receiving emails
## Footnote
Keeps email on the server and supports multiple devices.
71
What is **POP/POP3** used for?
Receiving emails
## Footnote
Downloads and deletes them from the server.
72
What does **SMS** stand for?
Short Message Service
73
What are **characteristics** of SMS?
* Uses cellular network
* 160 character limit
* Does not require internet
74
What are **OTT** messaging services?
* Internet-based messaging
* No character limit
## Footnote
Examples: WhatsApp, Signal, Telegram
75
What is a benefit of **OTT over SMS**?
Can offer **end-to-end encryption** and no character limits.
76
What are common internet **monitoring techniques**?
* Deep packet inspection
* Wireless eavesdropping
* Network monitoring
77
What is a **packet**?
A **unit of data** (~1,500 bytes) sent across a network with a header and destination IP.
78
What is **Deep Packet Inspection**?
| (DPI)
**Analyzing packets** at network nodes **to inspect contents** during transmission.
79
**Why** is DPI used?
* Prevent malware
* Prevent PII leaks
* Track behavior
* Censor content
80
How does encryption **affect DPI**?
DPI **cannot inspect** encrypted packets.
81
What is **wireless eavesdropping**?
**Monitoring** unencrypted Wi-Fi traffic **using packet sniffers**.
82
What are **packet sniffers**?
Tools that **capture and inspect Wi-Fi traffic**.
## Footnote
Example: Wireshark
83
Why are **public Wi-Fi hotspots** risky?
They are **often unencrypted** and easy to monitor.
84
**Who** typically conducts network monitoring?
* Schools
* Employers
* Parents
85
**How** can online traffic **be protected**?
* Encrypted Wi-Fi
* VPNs
* HTTPS
86
What is **social engineering**?
**Tricking people** into:
* Giving access
* Sharing sensitive info
* Downloading malware
87
What is **phishing**?
A **fake email** prompting users to click a link, enter info, or download malware.
88
What is **spear phishing**?
Phishing attack **customized for a specific individual**.
89
What is **whaling**?
Phishing **targeting high-profile individuals** like executives.
90
What is **smishing**?
Phishing **via SMS** messages.
91
What is **vishing**?
Phishing **via voice calls** or voicemails.
92
What is **malware**?
Malicious software; often executable code.
93
What is **spyware**?
Malware that **monitors** data, activity, and may access camera/mic.
94
What is **keylogging**?
**Recording keystrokes** to capture usernames, passwords, or messages.
95
What is a **cookie**?
A **small text file** placed on a user's device by a website to track or remember actions.
96
**Why** are cookies used?
* Personalization
* Authentication
* Linking user actions
97
What is a **session-based** cookie?
Stored for **a single visit** and deleted afterward.
98
What is a **persistent** cookie?
**Remains stored on the device** beyond a single session.
99
What is a **first-party** cookie?
**Set by the website** the user is visiting.
100
What is a **second-party** cookie?
A concept where data is **shared directly between trusted partners** (less common terminology).
101
What is a **third-party** cookie?
Set by a service or site **other than the one being visited**.
102
What is **user-generated content**?
| (UGC)
Text, videos, and photos **users post online**.
## Footnote
e.g., on social networks
103
What is **first-party data collection**?
Data **collected directly by a website** through cookies or user accounts.
104
How do websites **gain rights to process** user data?
Through **cookie consent** and agreement to **terms of service**.
105
Who are **data brokers**?
Entities that collect, clean, and license data from **multiple sources**.
106
What is **third-party data collection**?
Collection **via third-party** cookies by entities other than the visited website.
107
What is **cross-device tracking**?
Linking user activity **across multiple devices** like smartphones and laptops.
108
What are **two types** of cross-device tracking?
* Deterministic (login-based)
* Probabilistic (inferred from data like IP, cookies).
109
What are **three technologies** used for **location tracking**?
* Cell-tower or Wi-Fi triangulation
* GPS
* Metadata
110
What are **location-based services**?
**Apps using location data** like maps, weather, shops, public transport.
111
What is a **Remote Access Trojan**?
| (RAT)
Malware **enabling remote access** to device's microphone or camera.
112
Where is video surveillance **generally legal** in the U.S.?
In **public areas** unless there's a 'reasonable expectation of privacy'.
CIPP-US
flashcards
Decks in class (12)
# Cards
-
Legal Foundations101
-
Technological Foundations112
-
Cybersecurity and Privacy Foundations126
-
GDPR, DOI, and Data Leaks84
-
FTC and COPPA47
-
Medical Privacy62
-
Credit Reporting Agencies and Financial Privacy76
-
FERPA and Telecommunications Privacy111
-
Government and Court Acces to Private-sector Information99
-
Workplace Privacy89
-
State Privacy Laws (Part 1)76
-
State Privacy Laws (Part 2)73
