Chapter 2 Flashcards
What is the core duty of cybersecurity?
to identify, mitigate and manage cyber risk to an organization’s digital assets
Types of approaches to cybersecurity implementation
Compliance-based
Risk-based
Ad hoc
Explain the compliance-based approach
this approach relies on regulations or standards to
determine security implementations
Explain the risk-based approach
relies on identifying the unique risk an organization faces and designing and implementing security controls to address that risk
Explain the ad hoc approach
an ad hoc approach simply implements security with no particular rationale or criteria
What is a risk?
The combination of the probability of an event and its consequence
Define Threat
anything that is capable of acting against an asset in a manner that can result in harm
a potential cause of an unwanted incident
Define Asset
Something of value that is worth protecting,
ex: people, information, finances
What is a vulnerability?
a weakness in the design, implementation or operation of a process that can expose the system to adverse threats
Define Residual risk
the remaining risk after management has implemented a risk response
Define Inherent risk
the risk level prior to taking action to secure assets
What are the criteria for approaching risk?
Risk Tolerance
Size of the environment
Amount of data available
Define cyberattack
a cyberattack is a well-defined, advanced, targeted attack that is stealthy
Define attack
the actual occurrence of a threat
or
an activity by a threat agent (or adversary) against an asset
Define attack vector
the path used to gain access to the target asset
attack vector types
ingress and egress
ingress
intrusion into a system
egress
data exfiltration
attack mechanism
method used to deliver the exploit, may involve a payload
payload
the container that delivers the exploit to the target
malware
malicious code designed to gain access to targeted computer systems, steal information or disrupt computer operations
common malware types
viruses
network worms
trojan horses
what is a worm?
they carry out routines related to the payload
what is a link file?
propagates copies of the worm
what is a rootkit?
hides malicious processes to prevent detection
what are policies?
required and prohibited activities and behaviors
what are standards?
Interpretation of policies in specific situations
what are procedures?
details on how to comply with policies and standards
what are guidelines?
general guidance on issues such as “what to do in particular circumstances.” These are not requirements
to be met, but are strongly recommended.
What are the 5 attack attributes(steps)
Attack vector Payload Exploit Vulnerability Target Asset
