Elements of Security Flashcards
Define cyber security policies.
Cyber security policies are a set of guidelines, rules, and procedures that are put in place to protect an organization’s digital assets and information from unauthorized access, theft, and damage. These policies are developed to ensure that the organization’s computer systems, networks, and applications are secured against cyber threats such as hacking, malware, and phishing attacks.
Summarize 5 examples of Cyber security policies.
cyber security policies in the following areas: password management, access controls, network security, incident response, ddata backup and recovery, and security awareness training.
Demonstrate the use of a cyber security policy for data backup in a campus environment.
Policy:
All data on campus systems must be backed up regularly to ensure business continuity in the event of data loss or system failure. The backup and recovery process must adhere to the following guidelines:
Data backup:
All campus systems must be backed up at least once a week.
Critical data, such as financial data, student records, and research data, must be backed up daily.
Backups must be stored in a secure, off-site location.
Backups must be encrypted to ensure the confidentiality of the data.
Enforcement:
This policy applies to all campus systems that store data, including servers, desktop computers, and mobile devices.
All users must comply with this policy, including faculty, staff, students, and contractors.
Non-compliance with this policy may result in disciplinary action, up to and including termination or expulsion.
Analyse the implications of a good password management security policy for a private hospital.
Increased security: A good password management policy ensures that passwords are strong and complex, making it difficult for hackers to guess or crack them. This increased security helps protect the hospital’s sensitive information, such as patient medical records, financial data, and employee information.
Compliance with regulations: Many healthcare regulations, such as HIPAA in the United States, require that organizations have policies in place to ensure the security and confidentiality of patient information. A good password management policy can help the hospital comply with these regulations and avoid costly fines or legal actions.
Protection against insider threats: A password management policy that requires employees to change their passwords regularly and prohibits the sharing of passwords can help protect against insider threats. This includes situations where employees with malicious intent or unintentional mistakes compromise the security of the hospital’s information.
Reduced risk of data breaches: A good password management policy can help reduce the risk of data breaches, which can have significant financial and reputational consequences for the hospital. By requiring strong passwords, regular password changes, and limiting access to sensitive information to only those who need it, the hospital can reduce the likelihood of a successful cyber attack.
Improved overall security culture: A good password management policy can help foster a culture of security within the hospital. When employees understand the importance of password security and the potential risks of not following the policy, they are more likely to take security seriously and be vigilant in protecting the hospital’s information.
Critique the implications of a security awareness training policy that has not been reviewed after three years.
A security awareness training policy is a critical aspect of any organization’s cybersecurity program. The purpose of such a policy is to educate employees on the risks and best practices associated with cybersecurity, and to promote a culture of security within the organization. Here are some implications of a security awareness training policy that has not been reviewed after three years:
Outdated content: Cybersecurity threats and best practices evolve rapidly, and what was relevant three years ago may not be applicable today. If a security awareness training policy has not been reviewed in three years, it may contain outdated information, which could lead to employees being misinformed or unaware of current threats and best practices.
Reduced effectiveness: A security awareness training policy that has not been reviewed in three years may have become less effective over time. Employees may have become complacent, or the training may have lost its impact due to being repetitive or not engaging enough.
Failure to address emerging threats: Emerging threats, such as phishing attacks or ransomware, require organizations to update their security awareness training policies to ensure employees are aware of these new threats and how to avoid them. If a policy has not been reviewed in three years, it may not address these emerging threats adequately.
Non-compliance with regulations: Many regulations, such as GDPR in Europe, require organizations to provide regular cybersecurity training to employees. If a security awareness training policy has not been reviewed in three years, the organization may not be compliant with these regulations, which could result in legal and financial consequences.
Missed opportunity for improvement: Reviewing a security awareness training policy provides an opportunity for the organization to identify areas for improvement, such as updating content, improving delivery methods, or increasing employee engagement. By not reviewing the policy, the organization may miss this opportunity to enhance its cybersecurity program.
List as many common types of cyber security attacks that have impacted globally, for the past 5 years.
Phishing attacks, Ransomware attacks, password cracking attacks, Distributed Denial of Service (DDoS) attacks, malware attacks, Advanced Persistent Threat (APT) attacks, Man-in-the-Middle (MITM) attacks, SQL Injection attacks, Zero-day attacks, insider threats, data breaches/leakage, online fraud and cyber extortion.
Summarize the common countermeasures for password attacks.
Password policies: Organizations can enforce strong password policies, such as requiring complex passwords with a mix of upper and lower-case letters, numbers, and symbols. Password policies can also require users to change their passwords regularly.
Multi-factor authentication: Multi-factor authentication adds an extra layer of security beyond the password, such as a fingerprint scan or a text message verification code.
Password managers: Password managers can help users generate and store strong, unique passwords for each account, reducing the risk of password reuse.
Captcha: Captcha, a challenge-response system, can help prevent automated password attacks by requiring users to complete a simple task, such as identifying objects in an image.
Two-factor authentication: Two-factor authentication requires users to provide two forms of identification, such as a password and a security token or a biometric factor, to gain access to an account.
Brute-force attack prevention: Organizations can implement measures such as account lockouts, which temporarily block login attempts after a certain number of failed attempts, to prevent brute-force attacks.
Password blacklists: Password blacklists can be used to prevent users from choosing commonly used, easily guessable passwords.
Education and training: Educating users on the risks of weak passwords and password reuse can help reduce the likelihood of successful password attacks.
Differentiate between the following password cracking techniques: brute force attack, dictionary attack and rainbow table attack.
Brute-force attack - involves systematically trying every possible combination of characters until the correct password is found. This is a time-consuming process but can be successful against weak passwords.
Dictionary attack - involves using a pre-built list of commonly used passwords, such as “password” or “123456”. This can be effective against users who choose weak, easily guessable passwords.
Rainbow table attack - uses pre-computed tables of hashed passwords to quickly find the plaintext password. This technique can be successful against unsalted passwords, but it requires significant computational resources to generate the rainbow tables.
Assess how a MITM attack can take place between a web server and a web client.
A MITM (Man-in-the-Middle) attack is a type of cyber attack where an attacker intercepts the communication between two parties, such as a web server and a web client, and eavesdrops on or alters the communication. In the context of a web server and a web client, a MITM attack can take place in several ways:
ARP spoofing - the attacker sends fake Address Resolution Protocol (ARP) messages to the web server and the client, redirecting their traffic to the attacker’s machine. Once the attacker has intercepted the traffic, they can eavesdrop on the communication or alter the data being transmitted.
DNS spoofing - the attacker manipulates the DNS server to associate the web server’s domain name with a fake IP address controlled by the attacker. When the client tries to access the web server, they are redirected to the attacker’s machine instead.
Wi-Fi hacking - if the web server and client are connected to the same Wi-Fi network, the attacker can use Wi-Fi hacking techniques to intercept the communication between them.
SSL/TLS hijacking: the attacker intercepts the SSL/TLS handshake and replaces the legitimate SSL/TLS certificate with their own fraudulent certificate. The client is then tricked into believing they are communicating with the legitimate web server, when in fact they are communicating with the attacker.
Once the attacker has intercepted the communication between the web server and the client, they can eavesdrop on sensitive information, such as login credentials or personal information, or alter the data being transmitted, such as injecting malware into the web page being viewed by the client.