Topics
Directions (11-20) : Read the following passage and answer the given questions. Certain words/phrases are given in bold to help you locate, them while answering some of the questions. There is a market failure in cyber security. Solutions being suggested or tried include increasing transparency about data losses, helping consumers and firms to make more informed decisions about cyber-security; shedding more light on how internet-service providers (ISPS) tackle malware infections they spot on customers' computers; and using liability laws to force software companies to produce safer code. On transparency, America has led the way. Almost all American states now have data-breach laws that require firms to reveal any loss of sensitive customer information. In Europe telecoms firms have been obliged to notify customers of breaches for some time now, and there are plans to extend reporting to a wider range of industries.
Breach laws have encouraged insurance companies to offer coverage against potential losses. This is helpful because they are in a position to gather and share information about best practices across a wide range of companies.
A cyber-insurer advises companies on defensive tactics and also on how to minimise the damage if something goes wrong. The American government should create a cyber-equivalent of the National Transportation Safety Board, which investigates serious accidents and shares information about them. Such a body could look into all breaches that cost over, $50m and make sure the lessons are shared widely. But insurers are likely to remain wary of taking on broader risks because the costs associated with a serious cyber-incident could be astronomic. Insurers can deal with acts of God, but not acts of Anonymous (hacking groups or acts of state sponsored hacking). This explains why the overall cyber-insurance market is still small. Governments are weighing in, too, not least by supporting private-sector efforts to clean up “botnets”, or networks of compromised computers controlled by hackers. These networks, which are prevalent in countries such as America and China, can be used to launch attacks and spread malware.
In Germany an initiative called Bot-Frei, which helps people clean up their infected computers, received government support to get started, though it is now self-financing. The American government has also worked closely with private firms to bring down large botnets. Another strategy involves issuing standards to encourage improved security. America's National Institute of Standards and Technology published a set of voluntary guidelines for companies in critical-infrastructure sectors such as energy and transport. Britain has also launched a scheme called “cyber-essentials" under which firms can apply for a certificate showing they comply with certain minimum security standards. Applicants undergo
an external audit and, if successful, are awarded a badge which they can use on marketingl materials. Whether governments are best placed to set minimum standards is debatable, but they have certainly raised awareness of cyber-security as an issue that needs attention. They could also help to get more information into the publicl domain. Researchers have argued persuasively that collecting and publishing data about the quantity of spam and other bad traffic handled by ISPs couldl encourage lt he worst performers to do more to tackle the problem, thus improving overall security Another debate has revolVed around getting software companies to produce code with fewer flaws in it. One idea is to make them liable for damage caused when, say, hackers exploit a weakness in a software program. Most software companies currently insist customers accept end-user licensing agreements that specifically protect firms from) legal claims unless loral laws prohibit such exclusions. The snag is that imposing blanket liability could have a chilling effect on innovation. Companies that are selling millions of copies of programmes might take fright. at the potential exposure and leave the business. Strict liability be applied only to firms which produce software that cannot be patched if a security flaw is found. There is quite a lot of that sort of code around.
Breach laws have encouraged insurance companies to offer coverage against potential losses. This is helpful because they are in a position to gather and share information about best practices across a wide range of companies.
A cyber-insurer advises companies on defensive tactics and also on how to minimise the damage if something goes wrong. The American government should create a cyber-equivalent of the National Transportation Safety Board, which investigates serious accidents and shares information about them. Such a body could look into all breaches that cost over, $50m and make sure the lessons are shared widely. But insurers are likely to remain wary of taking on broader risks because the costs associated with a serious cyber-incident could be astronomic. Insurers can deal with acts of God, but not acts of Anonymous (hacking groups or acts of state sponsored hacking). This explains why the overall cyber-insurance market is still small. Governments are weighing in, too, not least by supporting private-sector efforts to clean up “botnets”, or networks of compromised computers controlled by hackers. These networks, which are prevalent in countries such as America and China, can be used to launch attacks and spread malware.
In Germany an initiative called Bot-Frei, which helps people clean up their infected computers, received government support to get started, though it is now self-financing. The American government has also worked closely with private firms to bring down large botnets. Another strategy involves issuing standards to encourage improved security. America's National Institute of Standards and Technology published a set of voluntary guidelines for companies in critical-infrastructure sectors such as energy and transport. Britain has also launched a scheme called “cyber-essentials" under which firms can apply for a certificate showing they comply with certain minimum security standards. Applicants undergo
an external audit and, if successful, are awarded a badge which they can use on marketingl materials. Whether governments are best placed to set minimum standards is debatable, but they have certainly raised awareness of cyber-security as an issue that needs attention. They could also help to get more information into the publicl domain. Researchers have argued persuasively that collecting and publishing data about the quantity of spam and other bad traffic handled by ISPs couldl encourage lt he worst performers to do more to tackle the problem, thus improving overall security Another debate has revolVed around getting software companies to produce code with fewer flaws in it. One idea is to make them liable for damage caused when, say, hackers exploit a weakness in a software program. Most software companies currently insist customers accept end-user licensing agreements that specifically protect firms from) legal claims unless loral laws prohibit such exclusions. The snag is that imposing blanket liability could have a chilling effect on innovation. Companies that are selling millions of copies of programmes might take fright. at the potential exposure and leave the business. Strict liability be applied only to firms which produce software that cannot be patched if a security flaw is found. There is quite a lot of that sort of code around.
Which of the following is/are the argument(s) in favour of cyber -essentials ?
A. It boosts transparency and promotion of firms.
B. The certification is given by hackers which makes it authentic.
C. Firms benefit from paymg attention to cyber-security and so do users.
|
A) Only A |
|
B) Only B |
|
C) A and C |
|
D) B and C |
|
E) All A, B and C |
Correct Answer:
| C) A and C |
Part of solved SBI PO-Prelims2 questions and answers : Exams >> Bank Exams >> SBI PO-Prelims2
Comments
Similar Questions
1). Which of the following is the SAME in meaning as the word TRIED as used in the passage ?
| |||||
2). Which of the following is the OPPOSITE of the word SERIOUS as used in the passage ?
| |||||
3). Which of the following is the OPPOSITE of the word CHILLING as used in the passage ?
| |||||
4). Which of the following best describes the author's view of liability laws ?
| |||||
|
5). Which of the following can be said about government efforts with regard to cyber security ? A. Government efforts have been Coupled with private sector cooperation. B. Government efforts have been focused on destroying botnet infrastructure. C. These are not worthwhile and too small in magnitude
| |||||
|
6). Why has the author mentioned the National Transportation Security Board in the passage ? A. To urge America to set up a body to share data in cyber-related instances. B. To monitor cyber security episodes whose losses are over a certain sum. C. To publish and enforce standards for cyber-security for sectors like energy.
| |||||
7). Which of the following is/are (a) theme(s) of the passage ?
| |||||
8). Which of the following is/are true in the context of the passage ?
| |||||
9). select the right option for 21 from the options given below
| |||||
10). select the right option for 22 from the options given below
|
