Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity > Cynersecurity Concepts > Flashcards

Cynersecurity Concepts Flashcards

1
Q

What are the three different approaches to implementing cybersecurity?

[In reality, most organizations with mature security programs use a combination of risk-based and compliance-based approaches.]

A
  • Compliance-based—(standards-based security), this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security.
  • Risk-based—Risk-based security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs.
  • Ad hoc—An ad hoc approach simply implements security with no particular rationale or criteria. Ad hoc implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Definition: The combination of the probability of an event and its consequence (International Organization for Standardization/International Electrotechnical Commission [ISO/IEC] 73). Risk is mitigated through the use of controls or safeguards.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Definition: Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. ISO/IEC 13335 defines a threat broadly as a potential cause of an unwanted incident. Some organizations make a further distinction between a threat source and a threat event, classifying a threat source as the actual process or agent attempting to cause harm, and a threat event as the result or outcome of a threat agent’s malicious activity.

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Definition: A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When using qualitative rankings the most important step is to _________________.

A

rigorously define the meaning of each category and use definitions consistently throughout the assessment process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In cybersecurity, impacts are most often described quantitatively, but are also evaluated in terms of ______.

A

confidentiality, integrity and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

There are a number of methodologies available to measure risk. Different industries and professions have
adopted various tactics based upon the following criteria:

A
  • Risk tolerance
  • Size and scope of the environment in question
  • Amount of data available
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

It is important to understand third-party risk, such as information sharing and network access, as it relates to cybersecurity.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A ______ is a well-defined, advanced, targeted attack that is stealthy and has a mission that it will not stop attempting to achieve until it is identified and mitigated or succeeds.

A

cyberattack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name 9 threat agents:

A

Corporations
Nation States
Hacktivists—politically motivated hackers
Cyberterrorists
Cybercriminals— fraudulent financial transactions.
Cyberwarriors—hacktivists, cyberfighters,
Script Kiddies
Online Social Hackers
Employees—Although they typically have fairly low-tech methods and tools, dissatisfied current or former employees represent a clear cybersecurity risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Definition: Characterized by their willingness to use violence, they frequently target critical infrastructures and government groups.

A

Cyberterrorists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Definition: They are young individuals who are learning to hack; they may work alone or with others and are primarily involved in code injections and distributed denial-of-service (DDoS) attacks.

A

Script Kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Definition: Skilled in social engineering, these attackers are frequently involved in cyberbullying, identity theft and collection of other confidential information or credentials.

A

Online Social Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The path or route used to gain access to the target (asset) is known as an _________.

A

attack vector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

There are two types of attack vectors:

A

ingress and egress (also known as data exfiltration).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Name 5 attack attributes.

A 
attack vector
payload
exploit
vulnerability
target
egress (if applicable)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Each of the attack attributes provides unique points where _____ to prevent or detect the attack can be placed.

A

controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

There are two broad categories for threat events:

A

adversarial and nonadversarial (is usually the result of an error or malfunction)

19
Q

Generalized Attack Process (8)

A
  1. Perform reconnaissance:
  2. Create attack tools:
  3. Deliver malicious capabilities
  4. Exploit and compromise:
  5. Conduct an attack:
  6. Achieve results:
  7. Maintain a presence or set of capabilities:
  8. Coordinate a campaign:
20
Q

Components of reconnaissance: (3)

A
  • Sniffing or scanning the network perimeter
  • Using open source discovery of organizational information
  • Running malware to identify potential targets
21
Q

Create attack tools may include: (3)

A
  • Phishing or spear phishing attacks
  • Crafting counterfeit websites or certificates
  • Creating and operating false front organizations to inject malicious components into the supply chain
22
Q

Deliver malicious capabilities may include: (4)

A
  • Introducing malware into systems
  • Placing subverted individuals into positions
  • Installing sniffers or scanning devices
  • Inserting tampered hardware into systems or supply chains
23
Q

Exploit and compromise may include: (4)

A
  • Split tunneling or gaining physical access to facilities
  • Exfiltrating data or sensitive information
  • Exploiting multitenancy in a cloud environment
  • Launching zero-day exploits
24
Q

Conduct an attack may include: (4)

A
  • Communication interception or wireless jamming
  • DoS or distributed denial-of-service (DDoS)
  • Remote interference with or physical attacks on facilities or infrastructures
  • Session-hijacking or man-in-the-middle attacks
25
Q

Achieve results may include: (3)

A
  • Obtaining unauthorized access
  • Degrading organizational services
  • Creating, corrupting or deleting critical data
26
Q

Maintain a presence or set of capabilities may include: (2)

A
  • Obfuscating adversary actions or interfering with (IDSs)

* Adapting cyberattacks in response to security measures

27
Q

Coordinate a campaign may include: (3)

A
  • Multi-staged attacks
  • Internal and external attacks
  • Widespread and adaptive attacks
28
Q

Some of the most common nonadversarial threat events are:

A
  • Mishandling of critical information by authorized users
  • Incorrect privilege settings
  • Fire, flood, hurricane, etc. at primary or backup facilities
  • Introduction of vulnerabilities into software products
  • Pervasive disk errors or problems from aging equipment
29
Q

Definition: A _____ (a term derived from “robot network”) is a large, automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as denial-of-service (DoS).

A

Botnets

30
Q

Definition: A class of malware that hides the existence of other malware by modifying the underlying operating system.

A

Rootkit

31
Q

What is CAPEC

A

The MITRE Corporation publishes a catalogue of attack patterns known as Common Attack Pattern Enumeration and Classification (CAPEC) as “an abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed.”

32
Q

Some of the most common attack patterns are (13):

A 
Advanced persistent threats
Backdoor
Brute force 
Buffer overflow
Cross-site scripting (XSS
Denial-of-service (DoS) 
Man-in-the-middle 
Social engineering
Phishing
Spear phishing
Spoofing
Structure Query Language (SQL) injection
Zero-day exploit
33
Q

An important aspect of information security policies is their lifecycle of: (4)

A

development,
maintenance,
approval,
exception.

34
Q

The way that compliance documents relate to and support each other is called a __________.

A

policy framework

35
Q

What compliance document interprets policies in specific situations.

A

Standards

36
Q

The information security policy needs a clearly defined scope. This involves: (5)

A
  • definition
  • responsibilities
  • vision including goals, metrics and rationale of how the vision is supported
  • how it aligns with other high-level policies
  • Elaboration: data management, information risk assessment, and compliance with legal, regulatory and contractual obligations
37
Q

COBIT 5 Information Security Policy Set: (8)

A 
Risk Mgmt
Business Continuity
Asset Mgmt
Rules of Behavior
Acquisition/Dev/Main
Vendor Mgmt
Communications and Operations
Compliance
38
Q

The access control policy should cover the following topics, among others: (3)

A
  • Physical and logical access provisioning life cycle
  • Least privilege/need to know
  • Segregation of duties
  • Emergency access
39
Q

Possible security policies or procedures other than the general information security policy may include: (3)

A

access control,
personnel information
security incidents

40
Q

The personnel information security policy objective includes, but is not limited to, the following goals: (4)

A
  • background checks
  • information about key personnel in information security positions.
  • succession plan for key information security positions.
  • termination procedures
41
Q

This policy addresses the need to respond to incidents in a timely manner in order to recover business
activities. The policy should include:

A
  • Definition of an information security incident
  • A statement of how incidents will be handled
  • Incident response team
  • Incident response plan
  • Incident documentation and closing
42
Q

Additional controls that may be applied to privileged users may include:

A
  • Limiting privileged access
  • Background checks
  • Additional logging of activity
  • Maintaining accountability by not sharing privileged accounts
  • Using stronger authentication controls
  • Reviewing privileges and removing those no longer required
43
Q

Implementing a configuration management process has several benefits for security including:

A
  • Verification of the impact on related items
  • Assessment of a proposed change’s risk
  • Ability to inspect different lines of defense for potential weaknesses
  • Tracking of configuration items against approved secure configuration baselines
  • Insights into investigations after a security breach or operations disruption
  • Version control and production authorization of hardware and software components

Cybersecurity (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions