Cybersecurity - Fundamentals Flashcards
Cybersecurity
Cybersecurity is about protecting information and systems from cyber threats like hackers and malware. It involves preventing, detecting, and responding to attacks.
π Example: A bank uses firewalls, encryption, and monitoring tools to protect customer data from hackers.
Security vs. Safety
Security means protecting against attacks (e.g., hacking).
Safety means protecting against accidents or mistakes (e.g., system errors).
π Example: Security is stopping a hacker from stealing data, while safety is making sure a software bug doesnβt crash a hospital system.
Cybersecurity Protection Goals (CIA Triad)
1οΈβ£ Confidentiality π (Keep Data Private)
Only the right people can access the data.
β
Uses encryption, passwords, and access controls.
π Example: Your bank info is encrypted so only you can see it.
2οΈβ£ Integrity π‘οΈ (Keep Data Correct)
Prevents data from being changed or corrupted.
β
Uses checksums, digital signatures, and hashing.
π Example: A digital signature ensures a document hasnβt been altered.
3οΈβ£ Availability β‘ (Keep Data Accessible)
Ensures data is available when needed.
β
Uses backups, redundancy, and DDoS protection.
π Example: A website stays online even if many users visit at once.
β The CIA Triad is the foundation of cybersecurity, ensuring data stays safe, correct, and available! π
Two extra goals added later:
4οΈβ£ Authenticity β Making sure users and systems are who they claim to be.
π Example: Two-factor authentication (2FA) helps confirm a userβs identity.
5οΈβ£ Non-repudiation β Preventing someone from denying they sent or received data.
π Example: Digital signatures ensure an email really came from the sender.
Cybersecurity Assumptions
We use cybersecurity assumptions to prepare for threats before they happen and build stronger defenses.
Why Are They Important?
β
No system is 100% secure β Hackers will always try to break in.
β
Users make mistakes β People click on bad links or use weak passwords.
β
Attackers keep evolving β New threats appear all the time.
β
Security tools can fail β Firewalls and antivirus arenβt perfect.
Example:
π βWe assume hackers will try to attack, so we use strong passwords and encryption to stop them.β
Cyber Kill Chain
A step-by-step model that describes how cyberattacks happen. It has seven stages:
7 Steps of a Cyber Attack:
1οΈβ£1οΈβ£ Robbers β Reconnaissance π (Looking for a target)
Hackers search for weaknesses, like weak passwords or old software.
2οΈβ£ Will β Weaponization βοΈ (Making the attack tool)
They create a virus, phishing email, or fake website to trick people.
3οΈβ£ Definitely β Delivery π© (Sending the attack)
The hacker sends the virus through an email, website, or USB.
4οΈβ£ Enter β Exploitation π₯ (Breaking in)
The virus activates when the victim clicks a link or opens a file.
5οΈβ£ Inside β Installation ποΈ (Setting up a secret door)
The hacker installs hidden access to return later.
6οΈβ£ Cash β Command & Control ποΈ (Taking control)
They control the system remotely, stealing info or spying.
7οΈβ£ Area β Actions on Objectives π― (Stealing or damaging data)
The hacker steals files, locks the system, or demands money.
π Example: A hacker sends a phishing email with a fake invoice that installs malware on a companyβs network.
Risk in Cybersecurity
1οΈβ£ What is Risk?
π βCyber risk is the chance that a cyber attack will harm a system or data.β
2οΈβ£ Three Parts of Risk
Threat β οΈ β Hackers, viruses, phishing.
Weakness π β Weak passwords, outdated software.
Damage π₯ β Stolen data, money loss.
3οΈβ£ Example
π βA weak password lets a hacker steal data, causing damage.β
4οΈβ£ How to Reduce Risk?
β
Find risks (check for weaknesses).
β
Fix risks (strong passwords, updates).
β
Watch for risks (monitor for attacks).
How to Remember?
πΉ Risk = Threat + Weakness + Damage
Risk Matrix
A Risk Matrix helps us understand and rank cybersecurity risks by looking at:
Likelihood:
β
How likely something bad is to happen (Low, Medium, High).
β
How bad the damage would be (Low, Medium, High).
Impact:
Risk Levels:
π’ Low Risk β Not likely, small problem. β
π‘ Medium Risk β Might happen, moderate problem. β οΈ
π΄ High Risk β Very likely, big problem. π¨
Example:
π Using a weak password
How likely? High (many people do it).
How bad if hacked? High (data can be stolen).
Fix it? Use strong passwords! π
β
A Risk Matrix helps decide which risks to fix first
Threats, Vulnerabilities, and Attacks
Threat β A potential danger to cybersecurity.
Vulnerability β A weakness that hackers can exploit.
Attack β The actual attempt to exploit a vulnerability.
π Example: A weak password is a vulnerability, and a hacker guessing it is an attack.
Attack Trees
A diagram that shows all possible ways an attacker could reach their goal.
π Example: A hacker wants to steal data from a company. The attack tree shows multiple ways to break in, like phishing, weak passwords, or exploiting software bugs.
STRIDE Threat Model
The STRIDE model helps identify and prevent cybersecurity threats in a system. It is used to find weaknesses before hackers exploit them.
1οΈβ£ Spoofing β Pretending to be someone else.
π Example: A hacker fakes an email address to impersonate a boss.
2οΈβ£ Tampering β Changing or modifying data.
π Example: A hacker modifies a transaction to send money to their account.
3οΈβ£ Repudiation β Denying an action was taken.
π Example: A user deletes logs to hide evidence of unauthorized access.
4οΈβ£ Information Disclosure β Leaking sensitive data.
π Example: A hacker steals credit card numbers from a website.
5οΈβ£ Denial of Service (DoS) β Overloading a system to make it unavailable.
π Example: A hacker floods a website with fake traffic, making it crash.
6οΈβ£ Elevation of Privilege β Gaining unauthorized access.
π Example: A hacker finds a bug that lets them become an admin on a website.
MITRE ATT&CK Framework
MITRE ATT&CK is a detailed list of hacker techniques used in real attacks, helping experts track, detect, and stop threats inside a system
MITRE ATT&CK divides cyberattacks into different tactics (goals hackers try to achieve). Here are the main 11 tactics:
1οΈβ£ Getting In π β Hackers use phishing or weak passwords.
2οΈβ£ Running the Attack π» β Malware starts working.
3οΈβ£ Hiding π β Hackers avoid detection.
4οΈβ£ Spreading π β Moving to other devices.
5οΈβ£ Stealing Data π¦ β Taking sensitive files.
6οΈβ£ Causing Damage π₯ β Ransomware, deleting data.
Cybersecurity Frameworks
βCybersecurity frameworks are guidelines that help organizations protect their systems and data from cyber threats.β
What They Do:
β
Help companies stay secure (rules to follow).
β
Manage cyber risks (identify threats & fix weak spots).
β
Respond to attacks (how to react when hacked).
Examples:
NIST β Helps businesses build a cybersecurity plan.
NIS is a set of EU cybersecurity rules that protect critical services like energy, banking, and healthcare from cyber threats. It requires companies to improve security, report cyber incidents, and prevent attacks to keep essential systems safe
NIST has 5 simple rules to keep systems safe:
1οΈβ£ Identify π β Find risks.
2οΈβ£ Protect π β Secure systems.
3οΈβ£ Detect π¨ β Spot attacks.
4οΈβ£ Respond π οΈ β Take action.
5οΈβ£ Recover π β Fix damage.
Cyber Threats in Denmark
Denmark faces cyber threats like:
1οΈβ£ Cyber Espionage β Foreign hackers spying on Denmark.
2οΈβ£ Cyber Crime β Hackers stealing money or data.
3οΈβ£ Cyber Activism β Political hacking (e.g., defacing websites).
π Example: In 2023, Danish energy companies were targeted by cyberattacks.
Cybersecurity in Denmark
Denmark follows several cybersecurity strategies:
CFCS (Center for Cyber Security) monitors national threats.
Danish Cybersecurity Strategy protects critical systems like energy and healthcare.
π Example: CFCS warns Danish companies about Russian cyber threats.
Danish Cybersecurity Law (NIS 2)
The NIS 2 directive forces Danish companies to improve security or face fines.
π Example: Hospitals must report cyber incidents within 72 hours or pay penalties.
Incident Reporting
Companies must report cyber incidents quickly to minimize damage.
π Example: A bank notifies the authorities within 24 hours after detecting a hacking attempt.
Cyber Diplomacy
Cyber Diplomacy is when countries work together to set rules, prevent cyber conflicts, and improve global cybersecurity. It helps nations cooperate on cyber threats, fight cybercrime, and promote a safer internet. π
Public-Private Cybersecurity Cooperation
Governments and businesses share information about cyber threats to improve security.
π Example: CFCS warns Danish banks about an ongoing phishing campaign.