Basic Flashcards
What is Cyber security?
It is the practice of ensuring confidentiality, integrity, and availability of information by protecting systems, networks, people, and data from unauthorized access.
what is PII and SPII?
PII - personally identifiable information - It is the information that confirms someone’s identity. Information like IP, MAC address, name, Home address
SPII - Sensitive personally identifiable information - It is the information that falls under stricter handling guidelines. Information like Biometrics, PAN card number, SIN number, and financial information.
Define Security Posture.
An organization’s ability to manage its defense of critical assets and data and react to change.
What were Brain Virus and Morris Worm attack (these are 2 old attacks)?
Brain Virus - It was a type of virus that was created to keep pirated copies of software in check. If someone installed the pirated copy, this virus start crashing their systems.
Morris attack - It was created to know the number of devices connected to the internet. But it failed to identify the devices on which this worm was installed and kept on installing the worm until the system crashed.
What is Social Engineering?
It is an manipulation technique in which the attacker tricks people with the intent of stealing information from users or gaining unauthorized access to networks, systems, and applications.
what is phishing and its types?
It is an attack in which the attacker uses digital communication to trick people to get their personal information or to install malware on their system.
Different kinds of phishing include - BEC (Business email compromise), Whaling, Spear phishing, Vishing (Voice communication is exploited), Smishing.
What is a Virus and a worm?
Virus - it is a malicious code that changes the code of computer programs on which it is deployed. Virus needs user action to be activated like opening some infected executable in some email or on a website.
Worm - it is also a malicious code that can self replicated onto other devices on the network. It does not need user action to be initiated.
Spyware -
What is Watering Hole attack?
In a watering hole attack, the threat attacker attacks a website that is frequently visited by a specific group of users.
What are the CISSP (Certified information system security professional) domains?
- Security and Risk management domain
- Asset management
- Security Architecture and Engineering
- Communication and network security
- IAM
- Security Assessment and Testing
- Security operations
- Application development security
What is Adversarial Artificial Intelligence attack?
In this type of attack, threat actors make use of AI and Machine learning to make attacks more effective.
What is Supply chain attack?
Threat actor finds vulnerabilities in the devices in the supply chain and then other devices in the supply chain gets affected too.
What is a Cryptographic attack?
It is an attack that affects the secure communication between a client and a server.
For example attacks like - Birthday, Collision, Downgrade
What is Advanced Persistent threat (One of the threat actor type)?
An APT attacker has expertise in getting unauthorized access to a network, or system and can maintain this unauthorized access for a long time without getting detected.
There is Hactivists as well
Define Security Framework.
Security frameworks are the guidelines that security professionals can follow to create security plans to secure organization assets from threats and risks.
What are the core component of the security framework?
- Identifying and documenting security goals
- Setting guidelines to achieve security goals
- Implementing security processes
- Monitoring and communicating results
