Cybersecurity Testing

Question 1

Define cybersecurity.

Answer 1

Refers to protecting computer systems, including their electronic data, software and hardware, from theft or damage as well as disruption

Question 2

What are assets in cybersecurity?

Answer 2

Valued data/computerized assets

Question 3

What is the CIA Triad? What are its assets?

Answer 3

Describes the security attributes of assets

1. Confidentiality: material should only be entrusted to designated parties for specific groups
2. Integrity: dependent on assurance that material has not been tampered with via unauthorized access
3. Accessibility: data/service is available only to authorized users

Question 4

What are the three elements of criminality? Define them.

Answer 4

1. Motive: malicious individuals and groups might be motivated by greed, revenge, or ideology
2. Means: knowledge, skills, and resources to take advantage of an opportunity
3. Opportunity: vulnerabilities in cybersecurity controls

Question 5

What is the purpose of cybersecurity testing? What does it provide?

Answer 5

Probes systems to reveal potential failures in furnishing desired level of security.

Provides verification and validation.

Question 6

What is threat modeling? (i.e., what does it anticipate?)

Answer 6

Anticipates the nature of assaults that might be encountered in the operating environment of the system

Question 7

Specification of what the system __________ is often less difficult than elaborating what the system __________.

Answer 7

Should do; should not do

Question 8

List four cybersecurity differences.

Answer 8

1. It must be responsive to a rapidly changing environment.
2. The adequacy of established controls is under constant active probing.
3. Cybersecurity testing must address detection, response, and recovery after controls fail.
4. Human shortcomings are at least as prominent as technological challenges.

Question 9

When do vulnerabilities appear?

Answer 9

They can either lay dormant for years before exposure or appear with new development.

Question 10

What are threat actors?

Answer 10

Individuals with varying motivations and skills that will expose control weaknesses and at times will expose it to other threat actors.

Question 11

Cybersecurity testing must evaluate ___________.

Answer 11

How well risk mitigation supplements risk avoidance.

Question 12

What is the leading cause of security failures?

Answer 12

Social engineering (exploits through low-tech means)

Question 13

What is the overall goal of cybersecurity testing?

Answer 13

To reduce overall risk exposure to an acceptable level.

Question 14

List and define the two cybersecurity test approaches.

Answer 14

1. Risk avoidance: lowering the probability of when a threat might take advantage of a vulnerability
2. Risk mitigation: decreasing the consequences of when a vulnerability is taken advantage of

Question 15

What are dynamic security issues?

Answer 15

Issues that can only be seen during execution.

Question 16

List and define the five stages of cybersecurity testing.

Answer 16

1. Identify: confirm identification, categorization, and prioritization of the data and processes to be safeguarded
2. Protect: analyze the protection of each asset category with corresponding controls that will stop or slow attempts to compromise the system
3. Detect: demonstrate the ability to detect intrusion and provide timely actionable analysis
4. Respond: exercise the responses and determine how well affected parties are notified, damage is minimized, and further access is shut off
5. Recover: demonstrate the speed and extent of recovering operational status and restoring data and confidence

Question 17

What needs to be done to avoid cybersecurity testers from being mistaken for malicious insiders?

Answer 17

All cybersecurity testing must be pre-authorized in writing by appropriate management

Question 18

What two modes of cybersecurity testing should be conducted? Define them.

Answer 18

1. Black box testing: attends to external system behaviors; “outsider” will gather information via system reconnaissance and use that information to craft attacks
2. White box testing: utilizes structural knowledge of the system as-built; “insider” threat is modeled by treating the system’s internals as visible and exploitable

Question 19

What is fuzzing?

Answer 19

Inserting random variations of expected input values to detect sensitivities that might be exploited

Question 20

What is Red Team vs. Blue Team?

Answer 20

Derived from the military where team of attackers (red team) is pitted against team of defenders (blue team).

Question 21

Targeted tests should probe the adequacy of what specific controls? (This is a long list of items having to do with cybersecurity.)

Answer 21

• policy and procedure enforcement
• system hardening: reducing the attack surface by eliminating as many security risks as possible
• access control mechanisms for authentication, authorization, and accountability
• input validation
• encryption
• error and exception handling
• intrusion detection
• malware scanning
• resistance to social engineering