01 Introduction

Question 1

Information security

Answer 1

Protecting information and information systems.
Defines sets processes and activities performed in order to protect information.

Question 2

Hack value

Answer 2

Hackers’ evaluation of whether something is worth or interesting.

Question 3

High hack value examples

Answer 3

Accessing peoples credit card information as it can generate money.
Just accessing peoples names just to show a difficult task is doable.

Question 4

Vulnerability

Answer 4

Weakness which can compromise the system and be used for a possible attack.

Question 5

Exploit

Answer 5

Breach through vulnerabilities.
Also refers to a software that allows taking advantage of identified vulnerabilities.
E.g. connecting a malicious USB.

Question 6

Payload

Answer 6

Part of malware or exploit code
E.g. a keylogger or a RAT (Remote Administration Tool) that a malicious USB installs.

Question 7

Zero day attack

Answer 7

Exploiting previously unknown vulnerabilities before patch is released.

Question 8

Daisy chaining

Answer 8

An attack in which hackers gain access to one network/device and then using it to access next networks/devices.

Question 9

Doxing

Answer 9

Finding and publishing someone’s personally identifiable information (PII) for malicious reasons.

Question 10

Bot

Answer 10

A software that can be controlled to execute predefined tasks.
Used by hackers to control the infected machines for malicious reasons.
E.g. creating a botnet by infecting more machines

Question 11

CIA triad

Answer 11

known as three principles of information security
Ensures

Confidentiality: so no one can see what’s inside.
Integrity: no one tampers data-in transit
Availability: data is accessible on demand

Question 12

Confidentiality

Answer 12

Ensures that information is available only to people who are authorized to access it.
Improper data handling or a hacking attempt leads to confidentiality breaches.

💡 Controls: * encryption * classification * access control * proper disposal (e.g. of DVDs, CDs, etc.)

Question 13

Integrity

Answer 13

Ensures the accuracy of the information
Prevents improper and unauthorized changes—the

💡 Controls: * hashing * access control

Question 14

Availability

Answer 14

Ensuring resources are available whenever the authorized user needs them

💡 Controls: * redundancy * data back-ups * antivirus * DDoS prevention

Question 15

Authenticity

Answer 15

Ensures the quality of being genuine or uncorrupted, either:

users are actually who they present themselves to be through authentication
or a document or information presented is not corrupted.

Controls: * users (biometrics) * smart cards * data (digital certificates)

Question 16

Non-repudiation

Answer 16

Guarantee that
sender of a message cannot deny having sent the message
recipient cannot deny having received the message

💡 Controls: digital signatures, logging

Question 17

Functionality

Answer 17

the features of the system

Question 18

Usability

Answer 18

GUI of the system and how user friendly it is.

Question 19

Security

Answer 19

How the processes of the system are used and who is using them

Question 20

Interconnected

Answer 20

Any change made to one component directly affects decreases the other two.
E.g. if the system security is increased, then the functionality and usability of the system are decreased

Question 21

Data leakage

Answer 21

Any sort of unauthorized disclosure of sensitive information from anyone/any system.
Includes emails, malicious links, device theft etc.

Question 22

Data leakage leads to

Answer 22

loss of trust e.g. trust to governments decreased during late years
loss of profit e.g. Sony lost profit of their movies after they were leaked before publishing

Question 23

External threats

Answer 23

Corporate espionage, phishing, malware
Business partners, consultants when company outsources (Less surveillance than own employees)