Cyber Secuirty Flashcards
What is Cyber Security?
The practice of protecting digital systems, networks, programs and humans from digital attacks
What is meant by the CIA triangle?
- Confidentiality: keeping data secret
- Integrity: keeping data in-tact/unchanged
- Availability: keeping data available
What are 4 Security threats?
- Disclosure
- Deception
- Disruption
- Unsurpation
What are Security principles?
- Security relies on evaluation of risk
- Choose what risks are worth preventing
- Good security considers: people involved, processes used, the technology
What is meant by Security trade-off?
Cost of the security measure vs the time and effort to break it
What are 4 areas of Security?
- Preventive
- Detective
- Reactive
- Reconstructive
What is Access Control?
- Data security process that enables organisations to manage who is authorised to access corporate data and resources
- Control models: hierarchical
- Compartmental
What are 2 types of Access Control?
- Access Control List (ACL)
- Discretionary Access Control (DAC)
- Role-Based Access Control (RBAC)
- Mandatory Access Control (MAC)
What are some Access Control issues?
- Can make it very difficult to prevent access when dealing with large groups of people
- Authentication creep – moving departments but old privileges aren’t revoked
What are 2 ways of improving Identification and Authentication?
- Requiring regular password changes
- 2 Factor Authentication (2FA)
What is Cryptography and what are the requirements?
Encoding messages so they can only be understood by their intended recipient
- The plain text
- A key
- An encryption function
What are the 2 types of keys that can be used?
- Symmetric: same key is used to encrypt and decrypt the data
- Asymmetric: public key to encrypt the data, private key to decrypt the data
What are some issues surrounding Encryption?
- Implementing good encryption can be difficult: the more secure the encryption, the higher the resource, cost and time
- Encryption itself is often seen as a political and privacy issue
What are 5 types of attacks?
- Malware/Malware propagation
- Denial of Service attacks
- Man-in-the-Middle attacks
- Web-based attacks
- Physical security
What is IoT?
Internet of Things refers to computing devices embedded in everyday objects, that can send and receive data via the internet
- Home networks
- Wearable devices
What is meant by MGC Security?
- Embedded devices
- Gateway
- Cloud systems
What are the 2 key areas in IoT Security?
- Data Security
- System Security
What is meant by Data Security?
Keeping the data collected and processed by IoT devices safe and private
- Home occupancy information
- Medical information
- Location information
What is meant by System Security?
Keeping the devices themselves safe from hacking, must be adequate on every device
- Encryption
- Authentication procedures
- Safe architecture
What are some difficulties with IoT Security?
- Cheap hardware
- Unique architecture, making support difficult
- Lack of update procedure
- Many different access methods, leading to vulnerable entry points
What are some IoT solutions?
- Develop legislation and common standards
- Security makes economic sense
- Improve technologies
What is meant by Dataset Poisoning?
Where training data is compromised with intentional malicious information
What are some ways that AI Systems can be protected?
- Air-gapped Pocket LLMs
- Tight control on the data in datasets
- Data sanitisation
- Have human checkers of the responses