Chapter 1 Risk Management Flashcards
What is a big part of the discussion when it comes to cybersecurity today?
Business risk.
What are the foundational concepts of cybersecurity?
Assets, threats, threat actors, vulnerabilities, and the CIA triad (Confidentiality, Integrity, Availability).
What are assets in cybersecurity?
Personal information, photos, bank information, and other valuable data we want to keep secure.
What represents a threat in the analogy of cybersecurity?
A pirate sneaking up to steal the golden coins.
How is risk defined in cybersecurity terms?
The potential for a threat to exploit a vulnerability and cause harm to assets.
What is the essence of cybersecurity?
Understanding and protecting assets, recognizing risks, addressing vulnerabilities, and minimizing risks.
What is the CIA triad in cybersecurity?
Confidentiality, Integrity, and Availability.
What does confidentiality ensure in cybersecurity?
Data is only accessible to those who have the authority to view it.
What can unauthorized access lead to in terms of confidentiality?
Data breaches with legal and reputational consequences.
What does integrity ensure in cybersecurity?
Data remains unaltered and genuine.
Why is integrity important in a banking system?
It ensures that the amount deducted from one account matches the amount added to another, preventing mistrust and financial loss.
What does availability ensure in cybersecurity?
Systems, applications, and data are available and operational when needed.
Why is availability crucial in a hospital setting?
The database of patients must be available, especially during emergencies, to prevent financial losses, hindered operations, or endangering lives.
What is the role of the CIA triad in dealing with cybersecurity threats?
It serves as a trusted shield to address and manage threats effectively.
What are threat actors in cybersecurity?
Individuals or groups that pose a threat to digital assets, such as unskilled hackers, hacktivists, insider threats, and shadow IT.
What factors determine the threat level of a threat actor?
Resources, funding, sophistication, and capability.
How are threat actors categorized based on their relation to a company?
Internal or external to the company.
Describe unskilled hackers in the treasure chest analogy.
Rookie pirates in rickety boats using basic maps and readily available hacking tools.
What are the characteristics of unskilled hackers?
External, low resources, low funding, low sophistication, low capability.
Who are hacktivists in the context of cybersecurity?
Pirates that hack to promote a political or social agenda, akin to pirates trying to overthrow a tyrant.
What are the characteristics of hacktivists?
External, low resources, low funding, low sophistication, low capability.
What makes insider threats particularly dangerous?
They are part of the company’s trusted crew with intimate knowledge of the company’s secrets.
What are the characteristics of insider threats?
Internal, high resources (company’s resources), low funding, variable sophistication, high capability.
What is shadow IT in companies?
Unauthorized apps or services used by employees, creating vulnerabilities inadvertently.
What are the characteristics of shadow IT?
Internal, high resources, low funding, variable sophistication, high capability.
What is an application allow list?
A list of trusted applications allowed access through the security gate, keeping unknown or potentially dangerous ones out.
Why is an application allow list important in cybersecurity?
It ensures only known and trusted applications get access, bolstering defenses against unwanted intruders.
What analogy is used for an application allow list?
: A diligent guard at a special gate, allowing only trusted pirates (applications) to approach the treasure.
What is the importance of threat intelligence in cybersecurity?
To be aware of the latest threats, prevent them from affecting systems, and reduce incident response time.
What is TTP in cybersecurity?
Adversary Tactics, Techniques, and Procedures.
How does TTP help in cybersecurity?
By providing step-by-step methods used by attackers to gain access or crash a system, allowing for proactive security measures.
What is the benefit of tools that provide graphical representations of threats?
They offer a live geographical map showing where malware threats are currently active and additional details about affected sectors.
What is open source intelligence (OSINT)?
Publicly available information sources like government reports, media reports, academic reports, and freely available online tools.
What is closed source or proprietary intelligence?
Private threat intelligence sources that require a subscription or vendor sign-up to access the latest threat information.
What is the Google Hacking exploit database?
An example of open source intelligence that focuses on using the Google search engine to find potentially sensitive information.
What are common vulnerabilities and exposures (CVEs)?
Uniquely numbered threats known internationally, freely available as an example of OSINT
What was a known vulnerability used in the Equifax hack of 2017?
Apache Struts vulnerability CVE-2017-5638.
What is the dark web, and why is it relevant for threat intelligence?
A part of the internet not indexed by search engines, accessible through the Tor network, used for anonymous and encrypted communication.
How does the Tor network work?
By routing traffic through multiple servers worldwide to mask the origin location, ensuring anonymity.
What is automated indicator sharing (AIS)?
A method for automatically sharing threat intelligence information among different software programs and enterprises.
What is the Structured Threat Information Expression (STIX) format?
A specialized format for packaging threat intelligence information understood by many dissimilar systems.
What is the Trusted Automation Exchange of Intelligence Information (TAXII) standard?
A standard for transmitting specially formatted threat intelligence information across networks, often integrated into security monitoring tools.
How do open source and closed source threat intelligence differ?
Open source is freely available to the public, while closed source requires a subscription or vendor sign-up.
What are risk vectors in cybersecurity?
Points or factors through which threats can exploit vulnerabilities, including mission-critical IT systems, third-party access, and physical access controls.
What must be considered to manage risks related to data?
Knowing what data you have, where it resides, and third-party access to the data
What is an access control vestibule or mantrap?
A security feature where a second internal door opens only after the first external door has closed and locked.
Why is limiting booting from removable media important?
o prevent unauthorized access or actions like resetting an administrator password by booting from external media.
What is a Risk Management Framework (RMF)?
A structured approach to managing risks, including best practices and standards from organizations like CIS, NIST, and ISO/IEC.
What is NIST SP 830 revision one?
A guide for conducting risk assessments, providing step-by-step guidelines on understanding assets and related risks.
What is the General Data Protection Regulation (GDPR)?
A regulation protecting the private information of EU citizens, applicable regardless of where the data is processed or stored.
What is HIPAA?
The Health Insurance Portability and Accountability Act, designed to protect American patient medical information.
What is PCI DSS?
The Payment Card Industry Data Security Standard, applying to any organization dealing with cardholder information, providing recommendations for protecting this data.
How are security policies crafted within an organization?
By mirroring requirements from standards, laws, and regulations to manage risk effectively.
What are acceptable use policies (AUPs)?
Policies dictating how employees can use company resources, like email and internet access, for business purposes only.