CH04 - Information security and controls

Question 1

What is a rogue access point?

Answer 1

unauthorized access point to a WLAN

Question 2

What is an evil twin attack?

Answer 2

An imposter with a computer connects to your computer pretending to be your normal access point

Question 3

What is war driving?

Answer 3

walking around to find unsecure WLANS to connect to

Question 4

What is eavesdropping?

Answer 4

Trying to access data traveling over wireless networks

Question 5

5 key factors that increase the vulnerability and impact security of organizational information resources:

Answer 5

1. Today’s interconnected, interdependent, wirelessly networked business environment;
2. Smaller, faster, cheaper computers and storage devices;
3. Decreasing skills necessary to be a computer hacker

;4.International organized crime taking over cybercrime;

5.Lack of management support

Question 6

What are the 2 main types of information security threats

Answer 6

Unintentional and deliberate

Question 7

What is information security?

Answer 7

All of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.

Question 8

What is a threat to an information resource?

Answer 8

any danger to which a system may be exposed

Question 9

Define exposure of an information system

Answer 9

the harm, loss, or damage that can result if a threat compromises that resource.

Question 10

Give at least 4 manifestations of human error

Answer 10

1. Carelessness with device
2. Opening questionable e-mails
3. Poor password use and selection
4. Carelessness with one’s office
5. Carelessness using unmanaged devices
6. Carelessness with discarded equipment
7. Carelessness monitoring of environmental hazard

Question 11

Define social engineering and name its 3 forms

Answer 11

Attack where the person uses social skills in order to get an employee to provide confidential company information

1. Impersonation: pretending to be a company manager of an IS employee
2. Tailgating: following an employee to enter restricted areas
3. Shoulder surfing: watching over someone’s shoulder to peek at private information

Question 12

Give 4 deliberate threats to IS

Answer 12

1. Espionage or trespass
2. Information extortion
3. Sabotage or vandalism
4. Theft of equipment or information
5. Identity theft6.Compromises to intellectual property
6. Software attacks
7. Alien software
8. Supervisory control and data acquisition (SCADA) attacks
9. Cyberterrorism and cyberwarfare

Question 13

Explain what you know of espionnage or trespass

Answer 13

1. Unauthorized individual attempts to access organizational information illegally
2. Competitive intelligence: legal information-gathering techniques
   
   1. Ex: studying a company’s website > hiring page > new projects
3. Industrial espionage crosses the legal boundaries

Question 14

Explain what theft of equipment or information is

Answer 14

1. Small, powerful devices with increased storage are easier to steal or easier to use to steal info
2. Dumpster diving: going through industrial thrash to find organizational information.

Question 15

Name the main causes of identity theft

Answer 15

• stealing mail or dumpster diving;
• stealing personal info. in computer databases;
• infiltrating organizations that store large amounts of personal information
• impersonating a trusted organization in an electronic communication (phishing).

Question 16

What is a virus?

Answer 16

Segment of a computer code that performs malicious actions by attaching to another computer program

Question 17

What is a worm?

Answer 17

segment of a computer that performs malicious actions, and will replicate or spread by itself

Question 18

What is a Phishing attack

Answer 18

attack that uses deception to acquire sensitive personal information by masquerading as official-looking email or IM

Question 19

What is spear-phishing?

Answer 19

Attack that targets large groups of people. perpetrators find out as much as possible about someone to tailor their Phishing o increase chances of obtaining sensitive personal info

Question 20

What is denial-of-service-attack?

Answer 20

an attack where the attacker sends so many infomation request to a target computer system that the target usually cannot handle thme succesfully and typically shuts down

Question 21

What is distributed denial of service attack?

Answer 21

an attack where the attacker takes over many computers, , that are either called zombies or bots, and uses them to form a botnet, to deliver a coordinated stream of information requests to a target computer, causing it to crash

Question 22

What is trojan horse?

Answer 22

software programs that hide in other computer programs and reveal their designated behavior only when activated

Question 23

What is a back door attack?

Answer 23

Typically a password, known only to the attacker, that allows him or her to acces a computer system at will, without having to go through any security protocols

Question 24

What is Logic Bomb?

Answer 24

a segment of computer code that is embedded within an organization’s existing computer programs and is designed to activate and perform a destructive action under specific conditions, such as a time and date

Question 25

Explain what you know of ransomware

Answer 25

• Also called digital extortion
• Malicious software blocking access to computer system or encrypts data and holds it until org pays sum of money
• Personal health info 50 times more valuable than financial info
• Any internet-connected device is potential target for ransomware
• Some distribute it to hackers, it is called ransomware-as-a-service
• Doxing: threaten companies to release data

Question 26

Define cyberterrorism and cyberwarfare

Answer 26

• Malicious acts in which perpetrators uses target’s computer system to cause real world physical harm, or severe disruption, usually to carry out political agenda

Question 27

What does risk management do?

Answer 27

identify, control and minimize the impact of threats

Question 28

What are the 3 processes to manage risk?

Answer 28

1. Risk analysis
2. Risk mitigation
3. Controls evaluation

Question 29

The 3 steps of risk anlysis

Answer 29

1. Assessing the value of each protected asset
2. Estimating the probability that each asset will be compromised
3. Compare the cost of that asset being compromised compared to the cost of protecting it

Question 30

Risk mitigation functions and common strategies

Answer 30

1. Functions:
   
   1. Implementing controls to prevent identified threats from happening
   2. Identify means of recovery should the threat become a reality
2. 3 common stategies
   
   1. Risk acceptance: no controls
   2. Risk limitation: with controls to minimize impacts
   3. Risk transference: use other means like insurance

Question 31

Name the control categories

Answer 31

1. Physical controls
   
   1. Stop unauthorized individuals from accessing company facilities
2. Access controls
   
   1. Authentication: are you an authorized user
   2. Authorization: what are your rights and privileges
   3. Principle of least privilege is based on justifiable need
3. Communication/network controls
   
   1. Firewalls, anti-malware systems, whitelisting and blacklisting, encryption, VPNs, transport layer security, employee monitoring systems.

Question 32

Elaborate on authentification

Answer 32

• Something the user is (biometrics)
  
  • Active vs passive methods
  • Something the user has (ID)
  • Something the user does (signature)
  • Something the user knows (PIN)
  • Single vs multi-factor authentication

Question 33

Name 3 communication controls

Answer 33

• Firewalls
• Anti-malware systems, (Norton)
• Whitelisting and blacklisting
• Encryption
• VPN
• Transport layer security (TLS – formerly secure socket layer SSL) provided by Symantec
• Employee monitoring systems
• Application controls

Question 34

Define communications control

Answer 34

A system (either hardware, software, or a combination of both) that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company’s network.

Question 35

What is encrytpion?

Answer 35

Encryption is the process of converting an original message into a form that cannot be read by anyone except the intended receiver.

All encryption systems use a key, which is the code that scrambles and then decodes the messages.

Question 36

What is a firewall?

Answer 36

Network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Question 37

What is digital certificate?

Answer 37

• Digital document attached to a file that certifies this file is from the organization it claims to be from, and has not been modified from the original
• Used dominantly by businesses engaged in data transfer over the internet
• A third party (certificate authority) is necessary
• Certificate authority roles:
  
  1. Issues digital certificates
  2. Verifies certificate integrity

Question 38

What is applications controls

Answer 38

• Security countermeasure to protect specific or individual applications, ex payroll
• You can control inputs to or outputs from an application
• You can control the processing of an application
• Input controls: to edit input data or errors
  
  • Reasonable data ranges in an invoice
  • Processing controls: to monitor operation of an application
    
    1. Automatically check that each line of an invoice adds to the total
  • Output controls: to edit output data for errors and that output goes to intended
    
    1. Did …’s check go to him/her?

Question 39

What is Business continuity planning (or) Disaster recovery plan?

Answer 39

• The chain of events linking planning to protection to recovery.•
• Objectives:
• To provide guidance to people who keep the business operating after a disaster happens
• •To restore the business to normal operations as quickly as possible after an attack
• .•To ensure that business functions continue

Question 40

What are the Business continuity planning (or) Disaster recovery plan’s strategies in case of major disasters?

Answer 40

• hot sites: a fully-configured computer facility… a duplication of key resources, •warm sites: It includes computing equipment (e.g., servers) but not all actual applications and user workstations.
• cold sites: only rudimentary services and facilities like a building or a room
• off-site data and program storage: a duplicate of company data and its software programs to be transferred to another computer elsewhere.