8. Cybersecurity Risk Flashcards
What is cybersecurity?
The technology, processes and measures that are designed to protect an organisation against an attack on its electronic information
What are the 4 main challenges of cybersecurity to risk managers?
- Reliance on technology
- Availability of technology
- Inevitability of bugs
- Rapid evolution and lack of understanding
What are the 3 categories of information that a business may hold?
- Personal
- Business
- Classified
What is business information?
Anything that may cause risk to the company if discovered by a third party, such as a competitor
What is classified information?
That which could cause harm to public safety or security
What are the 4 objectives of cybersecurity?
- Availability
- Confidentiality
- Integrity of data
- Integrity of processing
What 3 things do cybersecurity objectives need in order to be implemented effectively?
- Sufficient budget and resource
- Communicated clearly
- Key stakeholder support
What are the 3 categories of factors which influence cybersecurity risk?
- Technologies
- Organisational factors
- Organisational change
What factors fall under the technologies category of influencers to cybersecurity risk?
- Outsourcing of IT services (cloud)
- Mobile devices
- Network structure
- Service providers/hosts
- Software applications
- Obsolete systems
- Dependence on emerging tech
What factors fall under the organisational category of influencers to cybersecurity risk?
- Structure/size of IT department
- Types of user groups
- Geographic location (+ legal)
- Organisational structure
- Cybersecurity responsibility
What factors fall under the organisational change category of influencers to cybersecurity risk?
- Have products or services changed?
- Any legislative change?
- Any change to org structure or departmental responsibilities?
What is malware?
Software which is specifically designed to disrupt or gain unauthorised access to a computer system
What is a virus?
A user opens or runs a host file which releases the virus, which then infects the users files and can restrict access or damage information
What is a worm?
Like a virus, but does not require the host to open a file
What is a Trojan?
Malware that masquerades as real software but infects the computer when launched
What is Spyware?
Malware that enables the originator to spy on the user’s activity
What is Malversiting?
An online advert which has malware written into the code, either directing to a site where malware can be installed or directly infecting the computer
What are Botnets?
A network of private computers infected with malware and controlled by an agent without the knowledge of the owner
What is Ransomware?
Encrypting the users data and demanding payment for it’s release
What is polymorphic malware?
Malware which avoids being detected by constantly changing its features
What is the ‘ultimate’ line of attack against malware?
Antivirus software
What are application attacks?
Attacks that target websites to alter their functionality and presentation, or extract sensitive information
What are the 4 types of application attack?
1.Bot attack
2. Distributed Denial of Service
3. Cross Site Scripting
4. SQL injection
What is a bot attack?
Web robots that are used maliciously, e.g. to send spam email addresses
What are the 3 methods of defence against a bot attack?
- Maintain antibot software
- Evaluate who is accessing systems and where from
- Look out for sudden spikes or repeated login failures
What is a DDoS attack?
A distributed denial of service attack - overwhelms a web application with so much traffic that it crashes
What is a buffer overflow attack?
A DDoS attack which starts to overwrite existing data
What are the 2 methods of defence against a DDoS attack?
- Install a firewall
- Invest in DDoS hardware and software to filter traffic
What is Cross Site Scripting?
The attacker reprograms buttons on a website and redirects users to another site, disrupting traffic but also sometimes extracting sensitive information
How do you protect from Cross Site Scripting?
Ensure changes to script are only allowed from authorised sources
What is an SQL injection?
The attacker submits malicious software code into the organisations database by typing code into data input fields, which corrupts the data
How do you protect from SQL injections?
Input fields are locked by data type and character length
What is a hacker?
A skilled computer programmer who circumvents and organisations security systems to access sensitive information
What is an ethical hacker?
Hackers that break into an organisations systems in order to test the level of security, with prior knowledge and consent
What is social engineering?
Influencing people to do something that would not normally do
What are the 6 principles of persuasion?
- Reciprocity
- Scarcity
- Authority
- Consistency
- Liking
- Consensus
What is phishing?
Using fradulent messages to steal sensitive information such as passwords, or install malware
What is Spear phishing?
Targeting a specific user
What is domain fraud?
A phishing email that imitates genuine domains but takes to a fraudulent page
What are the 5 types of cost of a security breach?
- Paying ransom demands
- Legal claims
- Diversion of resource
- Loss of revenue
- Increased regulations
What 3 risks does the increased use of social media increase?
- Identity fraud
- Damage to reputation
- Trolling
What are the 5 opportunities to organisations through social media?
- Advertising
- Brand development
- Big data analytics
- Communication
- Real time information gathering
What are the 6 main risks brought to organisations by social media?
- Human error (clicking on viruses)
- Productivity
- Data protection
- Hacking
- Reputation
- Inactivity
What are the 6 main risks brought to individuals by social media?
- Going viral
- Employment issues
- Legal sanction
- Physical theft
- Identify fraud
- Permanence
What 3 things must a cybersecurity policy do?
- Protect from cyberattack
- Detect attacks
- Respond promptly
What do certificates particularly help protect against?
Man in the Middle attacks (3rd party between two sides and passing information)
What are the 5 main aims of a Computer Incident Response Team?
- Minimise losses
- Restore normal operations
- Assist with investigations
- Provide data to support planned responses
- Assist with communications
What is applied cyber security?
Being aware of risks and how they can be defended against
What does network segmentation do?
Provide strong control over who can access what
What are the 2 types of firewall?
- Network firewal (limit access to system)
- Application firewall (filters out damaging content)
What are the 6 elements of applied cybersecurity?
- Device defences
- Device software updates
- BYOD limitations
- Network configuration management
- Firewalls
- Antivirus and endpoint security
What are the 5 methods for communicating cybersecurity measures to staff?
- Training programmes
- Policy and procedures manual
- Job descriptions
- Code of conduct
- Promotion of whistle blower hotline
What are the 5 methods of IT protection available to organisations?
- Policies and procedures
- Software updates
- Specialist software e.g. firewalls
- Configuration controls
- Application controls
What risk does ISO27001 address?
IT security risk
What are the 5 stages of the ISO27001 risk assessment?
- Establish a risk assessment framework
- Identify risks
- Analyse risks (impact/likelihood)
- Evaluate risks (vs appetite)
- Select risk management option
What 3 things should an organisation do in systems monitoring?
- Detect attacks
- React to attacks
- Account for activity
What are the 7 steps in the systems monitoring process?
- Establish a strategy
- Monitor all systems
- Monitor network for unusual activity
- Monitor users for unauthorised activity
- Establish centralised collection
- Ensure policies and procedures in place
- Conduct a lessons learned review
What is business continuity planning?
A proactive approach that allows the organisation to continue to operate while the cybersecurity threat is resolved
What is disaster recovery planning?
A reactive approach that focuses solely on taking action to restore the organisation to it’s original position
What are the 4 types of back ups in BCP/BRP?
- Mirror site
- Hot back up site
- Warm back up site
- Cold back up site
