SEP2605 Assignment 2
(COMPLETE ANSWERS)
Semester 2 2025 - DUE 25
September 2025
For assistance contact
Email:
, Information Security and Risk Management
Question 1: Hacking vs. Cracking
While the terms "hacking" and "cracking" are often used interchangeably by the general public,
they have distinct meanings in the field of cybersecurity, primarily differentiated by the intent
behind the action.
Hacking refers to the activity of exploring and manipulating computer systems and networks in
a non-malicious way. The motivation behind hacking is often curiosity, intellectual challenge, or
a desire to understand how a system works. Ethical hackers, also known as penetration testers,
are a prime example of this. They are hired by companies to intentionally hack into their
systems, with permission, to identify and report security vulnerabilities. Their goal is to improve
security, not to cause harm. For example, a penetration tester might try to exploit a weakness in a
web application's login system to demonstrate how an attacker could gain access, thereby
helping the company to fix the vulnerability before it is exploited maliciously.
Cracking, on the other hand, is a term used specifically for malicious hacking. A cracker's intent
is to break into a system to steal data, cause damage, or disrupt services. Their actions are illegal
and harmful. The objective is to exploit vulnerabilities for personal gain, revenge, or other
malicious purposes. Examples of cracking include a cybercriminal gaining unauthorized access
to a bank's database to steal customer credit card information, or a black-hat hacker creating and
distributing malware to disable a company's network.
In essence, the main difference between hacking and cracking is the intent. Hacking can be a
neutral or beneficial activity, while cracking is inherently malicious and illegal.
Question 2: Basic Factors in Information Protection
Cohen's definition of information as a symbolic representation and protection as keeping from
harm provides a foundation for understanding the core principles of information protection. The
fundamental factors basic to information protection are embodied in the CIA triad:
Confidentiality, Integrity, and Availability.
1. Confidentiality: This factor is concerned with keeping information private and
preventing its unauthorized disclosure. It ensures that data is accessible only to those with
the appropriate permissions. Techniques for achieving confidentiality include encryption,
access control lists (ACLs), and user authentication methods like strong passwords and
multi-factor authentication. An example would be a hospital safeguarding patient records
by encrypting them and restricting access only to authorized medical staff. Without
confidentiality, sensitive information could be leaked, leading to financial loss, legal
penalties, or a loss of public trust.
(COMPLETE ANSWERS)
Semester 2 2025 - DUE 25
September 2025
For assistance contact
Email:
, Information Security and Risk Management
Question 1: Hacking vs. Cracking
While the terms "hacking" and "cracking" are often used interchangeably by the general public,
they have distinct meanings in the field of cybersecurity, primarily differentiated by the intent
behind the action.
Hacking refers to the activity of exploring and manipulating computer systems and networks in
a non-malicious way. The motivation behind hacking is often curiosity, intellectual challenge, or
a desire to understand how a system works. Ethical hackers, also known as penetration testers,
are a prime example of this. They are hired by companies to intentionally hack into their
systems, with permission, to identify and report security vulnerabilities. Their goal is to improve
security, not to cause harm. For example, a penetration tester might try to exploit a weakness in a
web application's login system to demonstrate how an attacker could gain access, thereby
helping the company to fix the vulnerability before it is exploited maliciously.
Cracking, on the other hand, is a term used specifically for malicious hacking. A cracker's intent
is to break into a system to steal data, cause damage, or disrupt services. Their actions are illegal
and harmful. The objective is to exploit vulnerabilities for personal gain, revenge, or other
malicious purposes. Examples of cracking include a cybercriminal gaining unauthorized access
to a bank's database to steal customer credit card information, or a black-hat hacker creating and
distributing malware to disable a company's network.
In essence, the main difference between hacking and cracking is the intent. Hacking can be a
neutral or beneficial activity, while cracking is inherently malicious and illegal.
Question 2: Basic Factors in Information Protection
Cohen's definition of information as a symbolic representation and protection as keeping from
harm provides a foundation for understanding the core principles of information protection. The
fundamental factors basic to information protection are embodied in the CIA triad:
Confidentiality, Integrity, and Availability.
1. Confidentiality: This factor is concerned with keeping information private and
preventing its unauthorized disclosure. It ensures that data is accessible only to those with
the appropriate permissions. Techniques for achieving confidentiality include encryption,
access control lists (ACLs), and user authentication methods like strong passwords and
multi-factor authentication. An example would be a hospital safeguarding patient records
by encrypting them and restricting access only to authorized medical staff. Without
confidentiality, sensitive information could be leaked, leading to financial loss, legal
penalties, or a loss of public trust.
