Cynersecurity Concepts Flashcards
What are the three different approaches to implementing cybersecurity?
[In reality, most organizations with mature security programs use a combination of risk-based and compliance-based approaches.]
- Compliance-based—(standards-based security), this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security.
- Risk-based—Risk-based security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs.
- Ad hoc—An ad hoc approach simply implements security with no particular rationale or criteria. Ad hoc implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards.
Definition: The combination of the probability of an event and its consequence (International Organization for Standardization/International Electrotechnical Commission [ISO/IEC] 73). Risk is mitigated through the use of controls or safeguards.
Risk
Definition: Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. ISO/IEC 13335 defines a threat broadly as a potential cause of an unwanted incident. Some organizations make a further distinction between a threat source and a threat event, classifying a threat source as the actual process or agent attempting to cause harm, and a threat event as the result or outcome of a threat agent’s malicious activity.
Threat
Definition: A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events
Vulnerability
When using qualitative rankings the most important step is to _________________.
rigorously define the meaning of each category and use definitions consistently throughout the assessment process.
In cybersecurity, impacts are most often described quantitatively, but are also evaluated in terms of ______.
confidentiality, integrity and availability
There are a number of methodologies available to measure risk. Different industries and professions have
adopted various tactics based upon the following criteria:
- Risk tolerance
- Size and scope of the environment in question
- Amount of data available
It is important to understand third-party risk, such as information sharing and network access, as it relates to cybersecurity.
True.
A ______ is a well-defined, advanced, targeted attack that is stealthy and has a mission that it will not stop attempting to achieve until it is identified and mitigated or succeeds.
cyberattack
Name 9 threat agents:
Corporations
Nation States
Hacktivists—politically motivated hackers
Cyberterrorists
Cybercriminals— fraudulent financial transactions.
Cyberwarriors—hacktivists, cyberfighters,
Script Kiddies
Online Social Hackers
Employees—Although they typically have fairly low-tech methods and tools, dissatisfied current or former employees represent a clear cybersecurity risk.
Definition: Characterized by their willingness to use violence, they frequently target critical infrastructures and government groups.
Cyberterrorists
Definition: They are young individuals who are learning to hack; they may work alone or with others and are primarily involved in code injections and distributed denial-of-service (DDoS) attacks.
Script Kiddies
Definition: Skilled in social engineering, these attackers are frequently involved in cyberbullying, identity theft and collection of other confidential information or credentials.
Online Social Hackers
The path or route used to gain access to the target (asset) is known as an _________.
attack vector
There are two types of attack vectors:
ingress and egress (also known as data exfiltration).
Name 5 attack attributes.
attack vector payload exploit vulnerability target egress (if applicable)
Each of the attack attributes provides unique points where _____ to prevent or detect the attack can be placed.
controls
There are two broad categories for threat events:
adversarial and nonadversarial (is usually the result of an error or malfunction)
Generalized Attack Process (8)
- Perform reconnaissance:
- Create attack tools:
- Deliver malicious capabilities
- Exploit and compromise:
- Conduct an attack:
- Achieve results:
- Maintain a presence or set of capabilities:
- Coordinate a campaign:
Components of reconnaissance: (3)
- Sniffing or scanning the network perimeter
- Using open source discovery of organizational information
- Running malware to identify potential targets
Create attack tools may include: (3)
- Phishing or spear phishing attacks
- Crafting counterfeit websites or certificates
- Creating and operating false front organizations to inject malicious components into the supply chain
Deliver malicious capabilities may include: (4)
- Introducing malware into systems
- Placing subverted individuals into positions
- Installing sniffers or scanning devices
- Inserting tampered hardware into systems or supply chains
Exploit and compromise may include: (4)
- Split tunneling or gaining physical access to facilities
- Exfiltrating data or sensitive information
- Exploiting multitenancy in a cloud environment
- Launching zero-day exploits
Conduct an attack may include: (4)
- Communication interception or wireless jamming
- DoS or distributed denial-of-service (DDoS)
- Remote interference with or physical attacks on facilities or infrastructures
- Session-hijacking or man-in-the-middle attacks