BITM 6th Sem Model Question Solution

⌘K
  2. Home
  4. Docs
  6. BITM 6th Sem Model Questi...
  8. IT Ethics and Cybersecurity Model Question Solution BITM 6th sem

IT Ethics and Cybersecurity Model Question Solution BITM 6th sem

IT Ethics and Cybersecurity Model Question Solution BITM 6th sem

Group “A” Brief Answer Questions:

Attempt all questions. (10 X 1=10)

Thank you for reading this post, don't forget to subscribe!

1. Define corporate social responsibility.

Corporate Social Responsibility (CSR) is a business approach where companies take responsibility for their impact on society and the environment by engaging in ethical practices, sustainability efforts, and community development beyond profit-making.

2. What is the role of professionalism in IT?

Professionalism in IT ensures that IT professionals act ethically, maintain integrity, respect privacy, follow standards, and deliver quality work while protecting users’ data and system security.

3. Differentiate between copyright and patents.

  • Copyright protects creative works such as software code, music, and literature.
  • Patent protects inventions or new technological processes or designs.

4. What is the main ethical concern in using contingent workers?

The main ethical concern is job insecurity and unfair treatment, as contingent workers often lack benefits, stability, and equal opportunities compared to full-time employees.

5. Who are white-hat hackers?

White-hat hackers are ethical security experts who test systems for vulnerabilities with permission to help organizations strengthen cybersecurity.

6. Why is physical security important in cybersecurity?

Physical security prevents unauthorized physical access to hardware, servers, and data centers, protecting sensitive information from theft, damage, or tampering.

7. How can social engineering attacks be prevented?

They can be prevented through employee awareness training, multi-factor authentication, verification of requests, and strong security policies.

8. What is the role of digital evidence?

Digital evidence helps in investigating cybercrimes by providing factual data from digital devices that can be presented in court for legal proceedings.

9. What is the purpose of the Electronic Transaction Act?

The Electronic Transaction Act (ETA) regulates electronic records, digital signatures, and online transactions to ensure legal recognition, security, and trust in e-commerce.

10. Define whistle-blowing.

Whistle-blowing is the act of reporting unethical, illegal, or unsafe practices within an organization by an employee or insider.

Group “B” Short Answer Questions:

Attempt any five questions. (5 X 3=15)

11. Define ethics and explain its importance in the business world.

Ethics refers to a set of moral principles and values that guide individuals and organizations in determining what is right or wrong.
Importance in business:

  • Promotes trust and credibility among customers and stakeholders.
  • Ensures fair practices and compliance with laws.
  • Helps maintain a positive corporate reputation.
  • Encourages responsible decision-making and sustainable growth.

12. How can organizations encourage the ethical use of IT resources among users?

Organizations can promote ethical IT use through:

  • Establishing IT usage policies that define acceptable and prohibited behaviors.
  • Providing training and awareness programs on digital ethics and data protection.
  • Implementing monitoring and accountability systems to detect misuse.
  • Encouraging ethical leadership and rewarding responsible behavior.

13. What are trade secrets, and how do they help businesses?

Trade secrets are confidential business information such as formulas, processes, designs, or strategies that give a company a competitive advantage.
They help businesses by:

  • Protecting innovation from competitors.
  • Maintaining market advantage through exclusivity.
  • Reducing dependency on patent disclosures.
  • Safeguarding long-term profitability through secrecy.

14. Explain the concept of building trust in social engineering attacks.

In social engineering attacks, cybercriminals exploit human psychology rather than technical flaws. They build trust by pretending to be legitimate individuals or organizations (like coworkers, banks, or IT staff).
Once trust is established, attackers manipulate victims into revealing sensitive information or granting access to systems. Recognizing and questioning such trust-based interactions can prevent these attacks.

15. What is the role of economic model shifts in cybersecurity development?

Shifts in economic models—such as the move to digital economies, cloud services, and remote work—create new cybersecurity needs.
Their role includes:

  • Driving investment in cyber defense technologies.
  • Changing focus from traditional IT protection to data-centric and cloud-based security.
  • Encouraging cyber insurance and risk management frameworks.
  • Promoting global collaboration against cyber threats.

16. How can IoT devices pose security risks in personal cybersecurity?

IoT (Internet of Things) devices connect everyday objects (like cameras, smart TVs, and wearables) to the internet. They pose risks because:

  • Many have weak or default passwords, making them easy to hack.
  • They often lack regular security updates.
  • Unsecured communication channels can expose personal data.
  • Attackers can use compromised IoT devices in botnet or surveillance attacks.

Group “C” — Long Answer Questions

(Attempt any THREE questions) [3 × 5 = 15 Marks]

17. Define social engineering and explain why it is a major cybersecurity threat.

Social engineering is a manipulation technique that exploits human psychology rather than technical vulnerabilities to gain unauthorized access to systems, data, or confidential information. It involves deceiving individuals into breaking normal security procedures.

Reasons why it is a major cybersecurity threat:

  1. Human vulnerability:
    Attackers target human trust, curiosity, or fear—factors that cannot be fully eliminated by technical security systems.
  2. Diverse attack methods:
    Includes phishing emails, pretexting, baiting, vishing, and tailgating, making it hard to detect or block.
  3. Bypasses technical defenses:
    Even advanced firewalls or antivirus systems can’t stop a user from willingly giving up credentials.
  4. Potential for large-scale breaches:
    A single successful manipulation can lead to system-wide data theft or ransomware attacks.
  5. Difficult detection and prevention:
    Since it relies on human behavior, traditional cybersecurity tools may not identify these attacks.

Conclusion:
Social engineering remains one of the biggest cybersecurity threats as it exploits the weakest link in security — the human element. Continuous user education and awareness are the best defenses.

18. Explain how organizations can incorporate green computing practices into their software development lifecycle.

Green computing refers to environmentally responsible and energy-efficient use of computers and IT resources throughout their lifecycle.

Incorporation into the Software Development Lifecycle (SDLC):

  1. Planning phase:
    • Include environmental objectives in IT policies.
    • Evaluate energy-efficient hardware and cloud hosting options.
  2. Design phase:
    • Design lightweight software that uses fewer CPU and memory resources.
    • Choose algorithms that minimize power consumption.
  3. Development phase:
    • Write optimized and reusable code to reduce processing time and energy use.
    • Use tools that monitor the carbon footprint of software builds.
  4. Testing phase:
    • Test for performance efficiency and power consumption under various loads.
    • Simulate deployment in energy-efficient environments.
  5. Deployment and maintenance phase:
    • Host applications on green data centers using renewable energy.
    • Regularly update software to fix bugs that cause inefficiency.
    • Encourage virtualization and cloud-based deployment to reduce hardware usage.

Conclusion:
Incorporating green computing in the SDLC helps organizations reduce energy costs, minimize e-waste, and support environmental sustainability while maintaining efficient IT operations.

19. Describe the legal perspective of cybercrime in Nepal. Explain the significance of the Electronic Transaction Act in Nepal.

Legal perspective of cybercrime in Nepal:

  • Cybercrime in Nepal is governed mainly under the Electronic Transaction Act (ETA) 2063 (2008) and related laws such as the Cybercrime Directive.
  • The law covers offenses like hacking, data theft, cyber fraud, phishing, cyber defamation, and unauthorized access to computer systems.
  • The Cyber Bureau of Nepal Police investigates cybercrimes.
  • Punishments include fines, imprisonment, or both, depending on the severity of the offense.

Significance of the Electronic Transaction Act (ETA):

  1. Legal recognition of electronic records and digital signatures:
    It provides the same legal validity to electronic documents as paper documents.
  2. Regulation of online transactions:
    Promotes safe and reliable e-commerce and e-governance in Nepal.
  3. Cybercrime control:
    Defines cyber offenses and prescribes penalties for hacking, data alteration, or misuse of ICT systems.
  4. Promotion of digital economy:
    Encourages digital innovation and builds trust in online services.
  5. Foundation for future cybersecurity laws:
    Serves as Nepal’s primary legal framework for handling digital and cyber issues.

Conclusion:
The ETA is vital in shaping Nepal’s digital governance, protecting users from cyber threats, and enabling secure electronic communication and transactions.

20. Explain trademark infringement and cybersquatting. How do these issues impact businesses and consumers?

Trademark infringement:
It occurs when a person or company uses another’s registered trademark or a similar mark without permission, leading to confusion among consumers.

  • Example: Using a logo or brand name similar to “Apple” or “Nike” for unrelated products.

Cybersquatting:
Cybersquatting is the act of registering domain names similar to well-known trademarks with the intent to sell them later at a profit or mislead consumers.

  • Example: Registering “g00gle.com” or “amaz0n.net” to exploit legitimate brands.

Impact on businesses:

  1. Brand damage: Loss of reputation and customer trust.
  2. Revenue loss: Customers may buy from fraudulent or counterfeit sites.
  3. Legal costs: Companies must spend time and money in legal disputes to recover domains.
  4. Customer confusion: Misleading websites harm brand identity.

Impact on consumers:

  1. Fraud risk: Customers may fall victim to fake websites.
  2. Data theft: Sensitive personal or payment information can be stolen.
  3. Loss of trust: Reduces consumer confidence in online shopping and digital platforms.

Conclusion:
Trademark infringement and cybersquatting harm both businesses and consumers. Enforcing trademark laws and using domain name dispute resolution mechanisms (like ICANN’s UDRP) are essential for online brand protection.

Group “D” — Comprehensive Questions

(Attempt all questions) [2 × 10 = 20 Marks]

21. How do intellectual property laws and cybersecurity regulations work together to prevent cybercrime and protect digital assets? What are the key methods used in collecting, seizing, and protecting digital evidence? Discuss the challenges faced during this process.

Intellectual Property Laws and Cybersecurity Regulations

Intellectual Property (IP) laws and cybersecurity regulations complement each other in safeguarding digital innovations, information, and assets from unauthorized use, theft, or damage.

1. Role of Intellectual Property (IP) Laws:

  • Copyrights: Protect digital content like software, music, and documents from illegal copying or distribution.
  • Patents: Protect innovative technologies and software algorithms from being stolen or reverse-engineered.
  • Trademarks: Safeguard brand identity and prevent misuse in cyberspace (e.g., cybersquatting or fake websites).
  • Trade Secrets: Ensure confidential business data (e.g., source code, algorithms) remains protected.

2. Role of Cybersecurity Regulations:

  • Establish legal standards for data protection, privacy, and network security (e.g., GDPR, Electronic Transaction Act in Nepal).
  • Define penalties for cybercrimes such as hacking, data theft, and unauthorized access.
  • Encourage organizations to implement information security frameworks to prevent cyber incidents.

Integration:
Together, IP laws protect ownership of digital creations, while cybersecurity regulations ensure those creations remain secure from unauthorized digital attacks.

Key Methods for Collecting, Seizing, and Protecting Digital Evidence

  1. Identification: Recognizing and locating relevant digital evidence such as files, emails, or system logs.
  2. Preservation: Securing the device or storage medium to prevent data alteration or loss.
  3. Collection: Copying data using forensic tools (like EnCase or FTK) while maintaining integrity.
  4. Examination: Analyzing digital data to find relevant evidence of criminal activity.
  5. Documentation: Maintaining a clear chain of custody record showing who accessed evidence and when.
  6. Presentation: Preparing the evidence in a legally admissible format for court proceedings.

Challenges in the Process

  1. Data Volatility: Digital data can be easily altered, deleted, or corrupted.
  2. Encryption and Password Protection: Makes accessing data difficult for investigators.
  3. Jurisdictional Issues: Cybercrimes often cross international borders, complicating legal enforcement.
  4. Cloud Storage Complications: Data stored across multiple servers may be hard to trace or seize.
  5. Maintaining Chain of Custody: Any mishandling can render evidence inadmissible in court.
  6. Technical Expertise: Requires trained forensic professionals and advanced tools.

Conclusion:
Effective collaboration between IP laws and cybersecurity regulations, combined with proper forensic evidence handling, is vital for protecting digital assets and prosecuting cybercriminals in today’s interconnected world.

22. Describe the various risks that cybersecurity mitigates in today’s digital world. Suppose a company outsources its IT services to a third-party vendor, leading to a data breach due to insufficient security measures. As a security analyst, evaluate the cybersecurity risks involved in outsourcing IT operations, and recommend strategies for mitigating these risks to secure sensitive data during outsourcing contracts.

Cybersecurity Risks in Today’s Digital World

Cybersecurity protects systems, data, and networks from multiple risks such as:

  1. Malware and Ransomware Attacks: Malicious software that encrypts or steals data.
  2. Phishing and Social Engineering: Deceptive attempts to acquire sensitive information.
  3. Insider Threats: Employees or contractors intentionally or accidentally compromising security.
  4. Data Breaches: Unauthorized access leading to exposure of sensitive data.
  5. Denial of Service (DoS) Attacks: Disrupting systems to make them unavailable.
  6. Identity Theft: Stealing personal credentials for fraudulent purposes.

Cybersecurity Risks in Outsourcing IT Operations

When a company outsources its IT services, several specific risks emerge:

  1. Data Privacy Risk: Third-party vendors may mishandle or misuse sensitive company or customer data.
  2. Weak Security Controls: Vendors might not follow the same security standards as the contracting company.
  3. Compliance Risk: Failure of vendors to comply with data protection laws (e.g., GDPR) can expose the company to penalties.
  4. Access Control Risk: Vendors may have excessive or unmonitored access to critical systems.
  5. Third-Party Vulnerability: If the vendor’s systems are breached, attackers can infiltrate the client’s network.
  6. Lack of Transparency: The company may not have full visibility into the vendor’s cybersecurity practices.

Strategies to Mitigate Outsourcing Risks

  1. Due Diligence Before Contracting:
    • Assess the vendor’s security posture and compliance certifications (ISO 27001, GDPR, etc.).
    • Conduct background checks on key vendor staff.
  2. Strong Contractual Agreements:
    • Include data protection clauses, non-disclosure agreements (NDAs), and security obligations.
    • Define incident reporting procedures and liability terms for breaches.
  3. Access Management:
    • Provide least privilege access to vendor employees.
    • Regularly monitor and revoke unnecessary permissions.
  4. Continuous Monitoring and Auditing:
    • Perform periodic security audits of vendor systems.
    • Implement real-time monitoring tools for data transfer and access logs.
  5. Data Encryption and Backup:
    • Encrypt data both in transit and at rest.
    • Maintain secure, offline backups for recovery in case of breaches.
  6. Vendor Security Awareness Training:
    • Ensure vendors are trained in cybersecurity best practices and compliance requirements.
  7. Incident Response Planning:
    • Establish a joint response framework for handling security breaches quickly and efficiently.

Conclusion:
Cybersecurity plays a crucial role in mitigating risks associated with digital transformation and outsourcing. By implementing strong contractual, technical, and procedural safeguards, organizations can protect their sensitive data and maintain trust even when third parties handle critical IT operations.

Tags , , , ,

How can we help?