Cyber Flashcards
Define the internet
Globally connected communications network over which devices send and receive data, communicating and accessing data resources.
Identify types of equipment that make up the internet
Networking hardware that routes traffic
Physical cabling
Radio transmissions
What does not make up the internet?
User devices
Smart devices
Data servers
The data itself
World Wide Web definition
The interconnected system of public webpages that are accessible thru the internet
Come up with an example of a Uniform Resource Locator (URL)
Domain name + elements after that identify the specific location on that domain (www.whatever/something.com)
What percent of overall content can be accessed over the internet that’s on the WWW?
4%
List characteristics of the Deep Web (3)
Access controlled portion of the internet
Requires some type of user authentication to access
Info is private and cannot be found with a search engine
Examples of info on the deep web
Anything that is private info (banking, medical) as opposed to a shopping website
What percent of overall content that can be accessed over the internet that is on the deep web?
90%
List characteristics of the dark web (4)
Hides both the content and identity of the user trying to access it
Set of websites intentionally hidden from the public
Can only be accessed using a special browser
Cannot use a regular search engine to find websites there
What’s the name of the network that controls the dark web?
The onion network
What percent of overall content can be accessed on the dark web?
6%
Definition of confidentiality as it relates to the cia triad
Privacy
Definition of integrity as it relates to the cia triad
Maintaining the consistency, accuracy, and trustworthiness of data
Definition of availability as it relates to the cia triad
Ensuring systems can be accessed when requested by authorized and authenticated users
Definition of authentication as it relates to info assurance
Verification of a users credential to confirm identity
Definition of authorization as it relates to info assurance
Verification of an authenticated users permissions to access a resource
Definition of non-repudiation as it relates to info assurance
Assurance that the sender of info received proof of delivery and the recipient is provided with proof of the senders identity so neither can later deny they processed the info
List the 2 basic steps in the risk management process
Identify and prioritize all potential risks
Determine how the organization with deal with each potential risk
Identify aspects of risk that are evaluated (3)
The ASSETS you want to protect
The VULNERABILITIES each asset has that can be exploited by a specific threat
The potential THREATS that could exploit a vulnerability
Definition of asset
Thing of value or something we care about that we are trying to protect
Definition of critical infrastructure
Physical and cyber systems and assets that are considered essential services that are vital to American society
How many sectors in the US are considered critical infrastructure
16
Vulnerability definition
Weakness in an organizations info system, security system, internal controls, or implementation
List the categories of vulnerabilities (3)
Weakness in a system
Flaw in the program
Absence or weakened of safeguards
Zero day attack definition
Attack that exploits a vulnerability that a software developer may not have been aware of prior to the attack
White hat hacker
Hacker who legally has permission to try and hack a system
Penetration testing
Hackers hired to test an organizations networks for vulnerabilities
Bug bounty
Reward offered by an organization to someone who finds and tells that about flaws or vulnerabilities in its system
Gray hat hacker (permission to hack? Legal?)
No permission and illegal
Cyber criminal
Black hat hacker whose primary motivation is to make money by stealing sensitive company info or personal data
List possible categories of disgruntled insiders (3)
Current employee
Former employee
Third party vendors who have access to the network
Hacktivist
Black hat hacker whose goal is to further social or political end
Corporate spy
Black hat hacker whose goal is to conduct industrial espionage to steal trade secrets from competitors
What black hat hacker poses the highest risk due to their ability to effectively employ tech against the most difficult targets
Hostile nation-state
List cyberattacks conducted by terrorist organizations (3)
Stealing sensitive, secret info, that they use to terrorize personnel
Attacks in critical infrastructure
Attacks against military weaponry
White hat hacker
Legal hacker
Scenario of data at rest
Data in storage on some device and is not being hsef
Scenario based on data in transit
Data being communicated between a sender and a receiver over a network and or internet
Scenario based on data at use
Data being processed and currently in the devices memory
Scenarios of pen testing, grey hat hacking, hacktivist, cyber criminal, corporate spy
Idk list them
Risk avoidance
Choosing not to perform an activity that may carry risk
Risk mitigation
Actions taken to reduce the likelihood or overall impact of risk occurring
Risk transfer
Getting and insurance policy that would pay money to cover financial losses due to risk occurrence
Risk acceptance
Retaining some risks that you feel are unlikely to occur and or the possible impact is acceptable to your organization
Scenarios showing risk avoidance, risk mitigation, risk transfer, risk acceptance
Better know them