Chapter 10 - Cyber Security Tools, Techniques And Reporting

Question 1

Forensic analysis of cyber systems

Answer 1

System level
Storage level
Network level

Question 2

Penetration Testing

Answer 2

Network discovery - what computers are connected? Are they up to date?

Vulnerability probing

Exploiting vulnerabilities

Question 3

Software security levels when writing code

Answer 3

Level 1 - prevent hacker intrusion

Level 2 - quick alerts

Level 3 - automated responses, e.g. lock important files

Question 4

2 step verification

Answer 4

Password then a text

Question 5

2 step authentication

Answer 5

Password and finger print

Question 6

6 actions of Digital Resilience

Answer 6

1. Identify issues and integrate defences
2. Set targets
3. Decide how best to deliver new systems
4. Rank systems by trade offs
5. Develop technology plan
6. Ensure staff and business engagement

Question 7

Cyber security reporting

Answer 7

1. Management description of risks and controls
2. Management assertion as to suitability
3. Practitioner’s assertion

Question 8

AICPA criteria

Answer 8

Description criteria - areas of cyber threats

Control criteria - how are controls used with examples

Question 9

National Institute of Standards and Technology

Answer 9

Implementation tiers - how detailed

Core Principles - identify, protect, detect, respond, recover

Profiles - map requirements

Question 10

AIC triad approach

Answer 10

Availability, integrity, confidentiality