Chapter 1

Question 1

What are the 3 objectives in CS

Answer 1

Confidentiality, integrity and availability. - CIA Triad

Question 2

What does the confidentiality stand for

Answer 2

Confidentiality making sure only authorised personal are able to access the system/information.

Question 3

What does the integrity stand for

Answer 3

Making sure no unauthorized modifications are done both intentionally and unintentionally. They may try to utilise certain scenarios which can weaken the integrity of the system such as a power spike which can cause corruption of information.

Question 4

What does the availability stand for

Answer 4

Ensuring that information and systems are ready to meet the needs of authorized personal whenever requested. Threats may come from attackers seeking to disrupt the access

Question 5

Give Examples of Confidentiality Controls

Answer 5

Security Controls are Firewalls, Access control lists and encryption

Question 6

Give Examples of Integrity Controls

Answer 6

Hashing, integrity monitoring solution

Question 7

What is hashing

Answer 7

Hashing is the practice of transforming a given key or string of characters into another value for the purpose of security

Question 8

Give Examples of Availability Controls

Answer 8

Fault Tolerance, Clustering and backups.

Question 9

what is Fault Tolerance and Clustering

Answer 9

Fault Tolerance: is a process that enables an operating system to respond to a failure in hardware or software.

Clustering: Cluster analysis simply means grouping data points that are similar to each other and are found throughout the network in order to reveal hidden and unusual patterns of activity and detect cyber security attacks

Question 10

What does the DAD triad stand for

Answer 10

Disclosure: Alteration: Denial. These are 3 different types of threats.

Question 11

What does the Disclosure mean

Answer 11

The exposure of sensitive information to unauthorized personal AKA data loss. This violates the first part of the CIA triad (Confidentiality) Attackers may gain access to sensitive information can remove it from the organization which is known as data exfiltration.

Question 12

Define Alteration

Answer 12

Unauthorized modification of data and violates integrity. Attackers may be using it to seek financial gain or modifying documents.

Question 13

What is a bit flip

Answer 13

A natural activity causing a power surge which can cause a bit flip which modifies stored data.

Question 14

What does the denial stand for in DAD triad

Answer 14

Disruption of availability, Such as DDoS attack. This can happen accidently such as failure of critical server of natural activity.

Question 15

Define Breach Impact

Answer 15

There are different types of incidents which may occur, Example: Financially, Reputational. Strategic, Operational and compliance.

Question 16

Define Financial Risk

Answer 16

Monetary Damage to the company such as worker losing laptop or rebuilding data centre after its been destroyed

Question 17

Define Reputational Risk

Answer 17

How your public image will be, good will among customers, suppliers and stakeholders.

Question 18

What is PII

Answer 18

Personally Identifiable Information(PII): Name, DOB, SSN, Passport data

Question 19

Define Strategic Risk

Answer 19

Risk that an organization will become less effective in meeting its major goals and objectives due to breach

Question 20

Define Operational Risk

Answer 20

Risk to the organizations ability to carry out its day to day function. This can slow down businesses. Inefficiency/delay risk

Question 21

Define Compliance Risk

Answer 21

When a security breach causes an organization to run afoul or legal requirements. For example losing medical records can be sanctioned by fines.

Question 22

How are security controls implemented

Answer 22

Security Controls are Categorized based on the mechanism of action required and how will the objective be met.

Question 23

Name 3 different categories of security controls there are

Answer 23

Technical Controls, Managerial Controls, Operational Controls

Question 24

Define technical controls and give examples

Answer 24

Technical Controls: Enforce CIA in the digital space. Examples: Firewalls, access control lists, IPS (Intrusion Prevention systems) and encryption.

Question 25

Define Operational Controls and give examples :

Answer 25

Processes that we put in place to manage technology in a secure manner. Examples: User Access Reviews, Log monitoring and vulnerability management.

Question 26

Define Managerial Controls and give examples

Answer 26

Procedural mechanisms that focus on the mechanics of the risk management process, Examples: Admin Controls which could be risk assessments, security planning exercises. And including security into organizations change management, services acquisition and project management practices.

Question 27

How are security controls set out

Answer 27

Organisations select a set of security controls to meet their control objects based on the criteria and parameters. A company that deals with sensitive data may require the highest level of security controls.

Question 28

Define some security control types

Answer 28

Preventative Controls, Detective Controls, Corrective Controls, Physical Controls, Compensating Controls

Question 29

Define preventative controls

Answer 29

Stopping a security issue before it occurs Example Firewall/Encryption

Question 30

Define detective controls

Answer 30

Identify security events that have occurred. IDS (intrusion detection systems) are detective controls.

Question 31

Define Physical Controls

Answer 31

Physical security: CCTV, lock doors, lighting, burglar alarms.

Question 32

Define Compensating controls

Answer 32

Controls designed to mitigate the risk associated with exceptions made to a security policy.

Question 33

Give an example of a compensating control used today

Answer 33

The payment card industry data security standard (PCI DSS) is one of the most formal compensating control processes used today.

Question 34

What are the 3 criterias must be met for CC to be satisfactory

Answer 34

The control must meet the intent and rigor of the original requirements

The control must provide a similar level of defense as per the original requirements.

The control must be above and beyond other PCI Dss requirements

Question 35

Define Compensating Controls

Answer 35

Finding an alternative to achieve an objective when the organization cannot meet the original requirements. It is used as a temporary exception to a security requirement. Plans are made to reinsure compliance of original controls after.

Question 36

Define Data Protection

Answer 36

The security of data, Loss can have a wide range of impact.

Question 37

Name 3 states where data might exist

Answer 37

Data in Motion: Transit of data over a network, when data travels in a vulnerable network it is open to eavesdropping attacks by anyone who have access to the networks.

Data in processing: Data which is actively being used by a computer system. This includes the data stored in memory while processing takes place. An attacker with control of system may be able to read its content

Data in Motion: Transit of data over a network, when data travels in a vulnerable network it is open to eavesdropping attacks by anyone who have access to the networks.

Question 38

Name Some Security Controls Used to safeguard Data

Answer 38

Data Encryption: Mathematical algorithms to protect info, this can be done while in transit or when at rest. Cannot be read by people who don’t have the correct decryption key.

Data Loss Prevention (DLP): This helps organisations enforce info handling policies and procedures to prevent data theft/loss. This searches systems which may be unsecure and blocks the transmission before damage is done to the system. It alerts the admins to the type of breach.

Question 39

2 ways a DLP system works

Answer 39

• Host based DLP
• Network DLP

Question 40

Define Host based DLP

Answer 40

Host based DLP uses software agents installed on system that search those systems for presences of sensitive information. Examples SSN, CC numbers, Once detected security professionals can take the correct action. You can also monitor system configuration and user actions and able to block certain actions from being taken.

Example: Organization takes action to stop usage of USB devices to stop information being stolen.

Question 41

Define Network Based DLP

Answer 41

Network Based DLP systems block traffic that violates the organization’s policies, they may automatically apply encryption to the content. This is normally used in DLP systems that focus on email.

Question 42

Name 2 actions taken in NBDLP

Answer 42

Pattern Matching: Watch for signs of sensitive information, example seeing numbers formatted like a CC or SSN, they can automatically trigger on that. Or if they detect words like confidential or secure, they may automatically take action.

Watermarking: Where systems or administrators apply electronic tags to sensitive documents and then DLP systems can monitor systems and networks for unencrypted content containing those words. This is normally used with copyright and data ownership restrictions.

Question 43

Define data minimisation

Answer 43

Reducing the amount of sensitive one maintains. Best practice of doing this is data minimisation which is destroying data you no longer need.

If one cannot destroy the data then you can transform it into a format where the original sensitive information is de identified. This removes the ability for the data to link to someone.

Question 44

What is data obfuscation

Answer 44

is turning it into a format where the original cant be retrieved.

Question 45

Give an example of data obfuscation

Answer 45

Hashing: uses hash function to transform a value in our dataset to a corresponding hash value. A negative to using hashing is that it is prone to rainbow table attack. In this attack the attacker computes the hashes of those candidate values and then checks to see if those hashes exist in our data file.

Tokenization: Replaces sensitive values with unique identifier using lookup table. Examples replace a widely known value such as Student ID with a random 10 digit number. These 10 digits can be converted back into student ID original value.

Masking: Redacts sensitive information by replacing some or all sensitive fields with blank characters. Examples replace all but last 4 digits of CC number with X’s or *s to render the Card number unreadable.

Question 46

Tina is tuning her organizations intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?

Answer 46

Technical Control

Question 47

Tony is reviewing the status of his organization’s defense against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?

Answer 47

Strategic

Question 48

Greg recently conducted an assessment of his organization’s security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?

Answer 48

Preventive

Question 49

Which one of the following data protection techniques is reversible when conducted properly?

Answer 49

Tokenization