Chapter 8 - Cyber security threats Flashcards
What is cyber risk?
Cyber risk is the risk of financial loss, disruption, or damage to the reputation of an organisation caused by issues with information technology system it uses
What are the three main forms of sensitive information that an organisation may hold?
Personal information
Business information
Classified information - held by government and could harm national security if discovered
What are the cyber security objectives?
Availability
Confidentiality
Integrity of data
Intergrity of processing
What is malware?
Term used to describe different types of malicious software, regardless of the purpose
What is ransomware?
Software that prevents access to data until a ransom is paid
What is botnets?
Network of infected computers that are under control of an attacker
What is spyware?
Malware that is designed to spy on the victim and report back to attacker
What is trojans?
Legitimate software that secretly contains and releases malicious software onto a system
What is malvertising?
Online advertising that has malicious software written into its code
What is a virus?
Malware that replicates itself and spreads through programs, files and data
What are some common types of application attacks?
Denial of service attack
Distributed denial of service attack
SQL (Structured Query Language) injection
Cross-site scripting attacks
Man in the middle
Buffer overflow attack
What is a denial of service attack?
Attempt to overwhelm an applications resources to prevent is from working
What is distributed denial of service attack?
DDoS is where the source is from a number host machines, usually linked to Botnets under the control of an attacker
What is Structured Query Language injection?
SQL is a request for something of a database
What is cross-site scripting attacks?
Occurs when malicious code is transmitted from a website and can access the victims’ data
What is the man in the middle?
When the application is compromised so that the users believe they are communicating directly as normal, but someone is intercepting the communications and potentially changing them
What is buffer overflow attack?
Attack that overwhelms a systems resources.
What is hacking?
Gaining of unauthorised access to a computer system
What are unethical hackers?
Stereotypical hacker that accesses a system without permission with malicious intent
What are ethical hackers?
Attempt to access an organisations systems with permission from the organisation to help them understand weaknesses
What is social engineering?
Manipulation of people to make them perform specific actions or reveal confidential information
What are the six principles that Dr Robert Cialdini identified to persuade or influence someone?
Reciprocity
Scarcity
Authority
Consistency
Liking
Consensus
What is phishing?
Use of fradulent communications to steal sensitive information
What is spear phishing?
Phishing attempt targeted at a specific individual who is deemed to have specific information or priveleged access to something
What is business email compromise?
Involves impersonating an identity and asking for a particular action to happen
What is domain fraud?
Where a phishing email comes from an email that looks to be legitimate, but the domain is actually fake
What is the risks to organisations from social media?
Human error
Productivity
Data protection
Hacking
Reputation
Inactivity
Costs
What are the social media risks to individuals?
Going viral
Trolling
Employment
Legal sanction
Physical theft
Identity fraud
Permanence
What are the changeover method of how changing systems can be undertaken by organisations?
Direct
Parallel
Pilot
Phased
What is the direct changeover method?
Old system switched off and new system switched on
Cheap but risky
What is the parallel changeover method?
Old and new system run together for some time, until it is felt safe to switch off the old
Costly but less risky
What is the pilot changover method?
One part of the business change over first and then plans rolled out to the rests of the business
What is the phased changeover method?
Introduce new system one part of the business at a time
Less risky but takes longer
What are some impacts of cyber breaches?
Downtime
Customer flight
Reputation damage
Legal consequences
