Cyber security Flashcards
Define Social engineering
Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices.
What are the types of social engineering techniques
Phishing
Vishing
Baiting
Email hacking
Pre-texting
Quid pro quo scams
Active digital footprints
Passive digital footprints
Define Phishing
Fraudulent e-mails, text messages or websites that appear to be from trustworthy sources are used to trick victims into revealing sensitive information
Define Vishing
Voice phishing uses voice calls, voicemails or interactive voice response (IVR) systems to trick individuals into revealing sensitive information
Define Baiting
When an attacker leaves a physical item, such as a USB drive or CD, in a public place with the intention of tricking someone into taking it and using it on their computer.
Define Active digital footprints
Information that is actively shared online (e.g. through social media) that can be used to build a more successful cyber-attack.
Define Email hacking
The unauthorised access or manipulation of someone else’s e-mail account or e-mail messages.
Define Pre-texting
A false scenario or cover story is used to manipulate someone into revealing sensitive information or performing a certain action
Define Quid pro quo scams
When an attacker offers something desirable or valuable to a victim in exchange for sensitive information or access to their computer
Define Passive digital footprints
Data or information left behind as a result of online activities, such as browsing history or IP addresses, that can be used to create more convincing social engineering attacks.
What are the different sectors social engineering is used in
- commerce
- personal finance and home banking
- process control.
What are the different laws in place to protect against social engineering
The Computer Misuse Act 1990: This Act makes it a criminal offence to gain unauthorised access to computer systems through hacking, viruses and other forms of cyber-attacks.
The Fraud Act 2006: This Act makes it a criminal offence to carry out deception with the intention of making a gain or causing a loss.
The General Data Protection Regulation (GDPR): This regulation, requires organisations to protect the personal data of individuals and to report data breaches to the ICO within 72 hours.
The Privacy and Electronic Communications Regulations 2003: This regulation regulates the use of electronic communication services, including e-mail, voice calls and text messages. It requires organisations to obtain consent from individuals
Define Resilience Controls
Cyber resilience is the ability of an organisation to withstand and quickly recover from cyber-attacks, system failures and other security incidents.
What are the consequences of a cyber-attack
- Financial loss
- Reputational damage
- Legal liability
- Intellectual property theft
- System downtime
- Long-term damage
What are the effects of a website being unavailable
- Loss of reputation
- Loss of competitive advantage
- Legal and social implications
- Financial loss
What is the impact of damaged software
- System crashes
- Loss of data
- Security vulnerabilities
- Inefficient performance
- Compatibility issues
What are the legal and professional responsibilities
- General Data Protection Regulation (GDPR)
- Network and Information Systems Regulations (NISR)
- Adherence to professional standards, such as ISO 2700
- Responsibility for the protection of personal data
- Duty of care to ensure the continuity of critical business functions
- Ensuring the security and confidentiality of sensitive information
Explain how information is temporarily lost
The loss of access to information due to technical issues such as power outages and system crashes.
Can usually be restored from backups or through other recovery processes.
Explain how information is permanently lost
The complete and permanent destruction of information that cannot be restored.
Can occur due to physical damage to storage devices, deliberate destruction, or the permanent failure of storage devices.
What are the ways to prevent a cyber-attack in a business
Boundary firewall and Internet gateway
Staff training
Secure system configuration
Patch management
Malware protection
Access control
What are some methods of resilience controls for recovery from a cyber attack
What if scenarios
Regular backups of data
Planning alternative premises, communication methods and facilities
What are what if scenarios
Allows for preparation and mitigation of a cyber-attack. Hypothetical scenarios allow organisations to plan how they would respond to a cyber-attack and identify vulnerabilities