ICS 3 Flashcards

1
Q

Goal of Cyber Security Program

A

manages cybersecurity risks by securing and enhancing confidentiality, data integrity and availablity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of data breaches

A

ransomeware, phising, malware, compromised passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Causes of service disruptions

A

malware, distributed denial of service attacks, SQL injections, password attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

adversary

A

actors w/ interest in conflict with organization- incentivized to perform malicious actions against org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Gov’t sponsored/state-sponsord actor

A

funded , directed or sponsored by nations- steal/exfiltrate intellectual property, sensative info, funds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hacktivist

A

act to promote social causes or are moral based and stay away from things like churches/hospitals, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network based attacks

A

targe infrastructure of a network, including switches, routers, servers, and cabling, with intent to gain unauthorized access or disrupt operations for users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Backdoor and Trapdoors

A

Network based attack
- methods to bypass security procedures by creating an entry/exit point that is undocumented.Trapdoors - intential, backdoors - intential or product defect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Covert Channels

A

used to transmit data using methods not intended- voilate security policy but don’t exceed access auth, they can communicate data in small parts based on hiding info somwhere. - storage channel - put it somehwere to access by lower level, timring channel - gap/delay is used to hide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Buffer overflows

A

overload temp storage - may cause program to overwrite the memoy of an application or crash to allow injection of malicious code or taking control of system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Denial of Service

A

Floods network by congesting with large volumes of traffic greater than bandwidth, making the network unable to respond to service requests, leaving it vulnerable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Distributed denial of service

A

mulitple are working in unison- more powerful than traditional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Man in the Middle Attacks

A

attacker acts as intermediary between two parties intercepting communications, acting as litgitimage entity. Attacker can read or redirect traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Port scanning

A

scan network for open ports to gain access - logical ports used for protocols (TCP), common vulnerabilities include unsecured protocols, unpatched protools, poor login, poorly configured firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ransomeware

A

in the form of malware that locks systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Reverse Shell

A

akak connect back shells - vicitm initiates communication w/ attacker behind firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Replay attacks

A

man in th emiddle attack - eavesdrop on network communication, intercept it, and replaysat a later timeto gain access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Return Oriented attacks

A

sophisticated techniues that utiilize pieces of ligitame original system code in a sequence to perform operations useful to the attacker. Each gadget ends with return instructions, causing next gadget to execte

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

spoofing

A

impersonating someone/thing to get access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

address resolution spoofing

A

falsfying mapping of media access control addresses on a network to IP addresses- channel messages to other destinations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

DNS spoofing

A

modify the domain name to IP address mapping (DNS) - redirect to another IP leads to mimiced website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Application based attacks

A

target specific software/apps such as databaess or website to gain access or disrupt functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

SQL Injection

A

Attacker injects malicious sql code into exisitng code on website to gain access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cross-Site Scraping

A

Inject code website attcks visitors of website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

race condition

A

exploits system/app that relies on specific sequence of operations - but forcing to perform 2 or more out of order or at the same time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

mobile code

A

software program designed to move from compter to computer to infect other applications by altering to icnlude code- VIRUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Host based attacks

A

attack single host - laptop, mobile device or server to disrupt fucntionaity or obtain access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Brute force

A

password hacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

malware

A

software or firmware intended to perform an unauthroized process that has adverse impact on confidentilality integrity or availability of info systems. - virus, worm, trojan horse adware, spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

rouge mobile apps

A

use of malicious apps that appear legititate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Phising

A

digital social engineering uses email that requests users or direct them to fake websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Spear Phising

A

poses as employee - HR/IT to try and get username/passwords or personal datahat can used for explotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Business Email Compromise

A

targets exec and high ranking- transfer money via wire transfer, pay fake foreign survivors, send sensative data aka whaling

34
Q

Pretexting

A

creating fake identity/scenario so there is a sense of urgency to act

35
Q

Pharming

A

used in combo w/ phising - entering personal info into website/portal that imitates a legititate site

36
Q

Vishing

A

telphonic system voice over internet protocol- spoofed/fraudlent callder ID that is tied to a ligitate business/person

37
Q

Supply Chain Attack - Embedded Software Code

A

inserting code into prepackage software/firmware being sold to a companny that later insalls it

38
Q

Foreign sourced attack

A

govt use produces to conduct surveillanceor deliver malicious code

39
Q

pre-intalled malware or hardware

A

installing malware on devices that will be used by companies in the supply chain (USB,cameras, or phones)

40
Q

water hole attacks

A

identify websites of suppliers, customers or regular entitites that are known to be used by several companies - look for weakness

41
Q

esclated cyberattack

A

Internet of Things devices used as an attack base to infect more machines or as an entry point for access to connected network

42
Q

treat modeling

A

process of identifying, analyzing and mitigating threats to a network, system or application

43
Q

Perform Reduction Analysis

A

decomposing asset being protected from threat w/ inten tot gain a greater understanding of how assets interact w/ potential threats. Decomposition process - involves understanding trust and security changes, flow of data, where input can be received, security clearance, and related P&P

44
Q

Process for Attack Simulation and Threat Analysis

A

threat model - 7 stages that focus on risks and countermeasures that are prioritized by the value of the asset being protected. :
1. definition of objectives for analysis of risk
2. definition of technical steps
3. application decomposition and analysis
4. threat analsysi
5. weakness/vulnerablity analysis
6. attaching and modeling simulation
7. risk analysis and management.

45
Q

Visual, Agile, and Simple Threat Analysis

A

based on agile project mgmt - goal to integrate threat mgmt into programming enviornment on a scalable basis.

46
Q

STRIDE

A

developed by microsoft used for assessing threats related to applications and operating systems.

47
Q

COSO Framework - Operational Objective

A

Performance measures and safegaurds help increase likehood that IT assets are protected-focus on effectivness and efficiency of business operations

48
Q

COSO Framework - Reporting Objective

A

Increaseing likelyhood that cybersecurity controls are in place so that they do not affect the interanl/external financia land non financial reporting. Focus on transparency, reliablity, timeliness, and trustworthyness as determined by standard setting bodies, regulators, policies

49
Q

COSO Framework - Compliance Objective

A

adhearnce to laws and regs = NIST, HIPPA, GDPR

50
Q

Five compenents of COSO framework

A

Control Env., RA, Control Activities, Infor/Communication, Monitoring

51
Q

COSO Control Env.

A

tone at the top, ethical values, - sr. mgmt should raise awareness, guide/develop IT p&P, incident response mgmt, educate workfoce on roles of safegaurding

52
Q

COSO Risk Assessment

A

evaluate internal/external factors

53
Q

Security policies

A

foundation for security framework - comprehensive guide for implemenation. Clear terms, roles/responsibilties, acceptbale levels of risk.

54
Q

acceptable use policy

A

control document to regulate and protect technology resources by assigning various levels of responsiblities to job roles, listing acceptable behavrio, and consequences for violations.

55
Q

security standards

A

organizational requirements that are either mandatory by law or adopted by company guidelines for best practices. Serve as course of action to achieve security policies- NIST, GDPR, PCI

56
Q

security standard operating procedures

A

lower level of documention that provides detailed instructionson how to perform specific security tasks or controls

57
Q

access point

A

wireless connection point to allow users to connect to wired network.

58
Q

bidge

A

connects separate networks that use the same protocol - operates as the data link level.

59
Q

hubs

A

connection points that link multiple systems and devices using the same protocol within a single network.

60
Q

proxies

A

form of gateway that doesn’t translate protocols but acts as a mediator that performs functions on behalf of another network using the same protocol

61
Q

Service Set Identifier

A

name assigned to wireless network

62
Q

zero trsut

A

assumes always at risk - continusous validation of users interaction with a network, designed to prevent data breaches by implementing a set of system design principals and coordidated cybersecuirty and system management

63
Q

least privledge

A

users and systems are graned the minimum authorization and system resources needed to perform function

64
Q

need to know

A

employees are only given what theymust know to perofrm their job.

65
Q

whitlisting

A

identifying list of appliations that are authorized to run on a system and only allowing those to execute

66
Q

context aware authentication

A

idetnify mobile device users by using contextual data poitns such as time, geographic lcoation, point of access, IP address

67
Q

digital signature

A

electronic stamp of auth encrypted and attached to a message

68
Q

NIST recommended password

A

8 characters

69
Q

vulneratbilty management

A

proactive security practice designed to prevent the explotation of IT vulnerabiities that could potentially harm a system or organization. ID, classifying, mitigating, and fixing known vulnerablities.

70
Q

common vulnerabilities and exposure dictionary

A

database of security vulnerabilities that provide unique identifiers for different vulnerablities and risk exposures.

71
Q

layered security

A

using a diversified set of security tactics so single event does not compromise entire system.

72
Q

defense in depth

A

multilayered that does not rely on technology alone, but combines people, policies, technology, and physical/logical access controls.

73
Q

redudnacy can be administered through

A

layering, isolating, concealing data, segmenting hardware

74
Q

layering

A

add redunancy by breaking up an operation into smaller chunck that can be manage by different people, performed by a machine/computer, or complely isolated.

75
Q

abstraction

A

process of hiding the complexity of certain tasks so that only the relevant info to a specific person perforing the function is presented. - primary intention is to simplfy complex tasks but also limits user access to level of detail they need to know

76
Q

concealment

A

hiding data - asign users to same security level of data they will access

77
Q

discreationay access control

A

decentralized control that allowes data owners, custodians, or creators to manager their own access

78
Q

access control list

A

list of rules that outlines which users have permission to access certain resources, administers account restrictions (type of action)

79
Q

NIST RM Framework

A

defining or framing the enviornment in which risk based decisions are made - assess, respond and monitor risk

80
Q

what does the NIST RM Framework require to be identified?

A

Risk assumptions, contraints, tolerance, prorities and trade-offs

81
Q

NIST RM FW - Goal of assessing risk?

A

Identify risks to nations, orgs individuals, assets or operations, vulnerablities internal and external, harm, likehoood of harm