Page 114 - Data Science class 11
P. 114
5. What are the three main ways data ecosystems provide value to companies?
Ans. The three main ways data ecosystems provide value to companies are:
• Growth: Data ecosystems allow firms to pursue new business opportunities by extending their core business or even
enable completely new products. For example, credit-card processors have created strategic insights on customer
shopping journeys and buying details that they provide with retailers and brands.
• Productivity: Data ecosystems help firms improve operations. Online travel portals that offer insights into customer
behaviour can help airlines and hotels plan for demand and set prices based on demand.
• Risk reduction: Data ecosystems are crucial in reducing risk, especially for industry groups in which every member
contributes data. For example, pool data to identify fraudulent transactions and accounts in banks.
6. Differentiate between Malicious Insider and Negligent Insider.
Ans. • The Malicious Insider: Malicious Insiders are the ones who intentionally steal data. It could be an employee or a
contractor who may exfiltrate valuable information (like Intellectual Property (IP), Personal Identifiable Information
(PII), or financial information) to gain financial incentive or a competitive edge. A malicious insider may also be the
one who holds a grudge for being let go or furloughed.
• The Negligent Insider: Negligent insiders are ordinary employees who have made a mistake. It could be an
employee who might have sent an email containing sensitive data to the wrong person, emailed company data to
personal accounts to complete some work during the weekend, fallen prey to a phishing or spear phishing attack,
or lost their work device.
7. What are the various methods an external attacker can use to gain access to internal systems and data?
Ans. There are various methods an external attacker can use to gain access to internal systems and data:
• Social engineering and phishing attacks: In this, sensitive information can be guessed or acquired through
employees. For example, an outsider posing as a known in the company.
• Hacking: It is through hacking that malicious individuals gain access to code and authentication systems via security
loopholes.
• Ransomware: It is defined as a malicious code that encrypts existing files. Once, the encryption is employed, the
attacker demands ransom money from victim in exchange for releasing the data.
• Denial of Service (DoS) Attacks: This attack makes websites or online services unreachable by users by flooding
the server with requests.
• Physical theft: When through theft, an unauthorised access through a system or devices like mobile phones,
laptops, etc. is made, allowing users access to sensitive data, this is known as physical theft.
• Malicious USB drop attack: It happens when hackers get malware onto a system by leaving pen drive loaded
with malicious software in a place where they know such pen drives will be picked up and plugged into systems by
someone due to curiosity.
• 3rd-party apps: Hackers use such apps to infect systems with malware. Gooligan is one such example of a 3rd-party
app.
Unsolved Exercise
Objective Type Questions (Section A)
A. Tick ( ) the correct option.
1. Which among the following is not a malware?
a. Viruses b. worms
c. trojans d. cipher
2. Which among the following is a major pillar for good data management?
a. Strategy and Governance b. Standards
c. Decryption d. Both a and b
112 Touchpad Data Science-XI

