Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISM3004 > InfoSec Part 1 > Flashcards

InfoSec Part 1 Flashcards

1
Q

Why secure data and information systems?

A

Data is often one of the most valuable assets a company can have, so securite for competitive advantage reasons
because customers depend on their info being private
because they process the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are digital identities and why protect them?

A

Login credentials
So info doesn’t fall into the wrong hands/identity theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three legs of the CIA Triad?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality

A

Protect the data from unauthorized access and misuse
Authorized doesn’t mean everyone in the company
Granular access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Integrity

A

Protect data from unauthorized changes
Means its whole, complete, authentic, and complete. We can trust it
Needs to be trustworthy or we’ll lose customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Availability

A

Protect the organization’s access to the data
No interruptions or delays
Risk big financial losses, missed opportunities, and lost customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does the CIA Triad guide our efforts to protect an organization’s data and information systems?

A

Each individual leg has their own ways to protect info for an organization
Organizations can choose to prioritize a leg or two over the other based on their business needs
Tradeoffs occur thru prioritizing
Find the balance that best meets your needs for you and your customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

According to the PWC report, what is the annual growth rate for security incidents? _____%

A

66%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

According to IBM’s research, the average cost of a data breach is $_________.

A

$4.24 million

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Be able to briefly explain these four main costs of experiencing an IT security breach: Detection

A

Activities that enable a company to reasonably detect the breach
Forensic investigations, assessments, crisis management, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Be able to briefly explain these four main costs of experiencing an IT security breach: Notification

A

Activities that enable a company to notify data subjects, data protection regulators, and other third parties
Emails, letters, general notice to data subjects, etc.
Determination of regulatory requirements, engagement with outside experts, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Be able to briefly explain these four main costs of experiencing an IT security breach: Lost Business

A

About 38% of the cost
Attempt to minimize the loss of customers, business disruption, and revenue loss from system downtime
Reputation losses, diminished goodwill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Be able to briefly explain these four main costs of experiencing an IT security breach: Post-Breach Response

A

Activities that help victims of a breach communicate with a company address activities to victims and regulators
Help desk and inbound communication, credit monitoring, legal expenditures, discounts
Attempt to calm the people and reduce negative impact on your reputation
Expensive!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is PII?

A

Personally identifiable information
Data that you can look at and know who it belongs to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

According to IBM’s research, the average cost for each breached record of PII is $_______.

A

$180

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Reading: Biggest hack in history
How did the hackers get in?

A

One of the computer technicians in Saudi Aramco’s info tech team opened a scam email and clicked on a bad link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Reading: Biggest hack in history
What damage was suffered?

A

Entire company had to switch to using paper
No corporate email, office phones were dead
Temporarily stopped selling old domestic gas tank trucks, then started giving away oil for free
Purchased every computer hard drive in the manufacturing line, paid higher prices to cut in line of every computer company which halted drive supplies to everyone else
Would have bankrupted a smaller company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does it mean for something to be “vulnerable”?

A

Susceptible to attack or harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Data

A

raw data/materials, facts, figures used to build info to gain competitive advantage to make business decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Intellectual property

A

coming up with ideas and knowledge that we use to sell/create products
Competitive advantage for an organization that other people want to steal and make money from

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Business processes

A

Can be interrupted or stopped by an attacker so we can’t do business anymore

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Reputation

A

If we lose trust in customers, they go to another business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Corporate survival

A

If we take enough harm in these other areas, it could be game over

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the broad categories of IT vulnerability?

A

Physical
Technological
Human

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Physical

A

Computers, storage, documents, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Technological

A

Computers network/software, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Human

A

Weaknesses resulting from people in your organization who do foolish things, or privileged outsiders

28
Q

Lost Laptops – percentage of laptops lost over their service life: ______%

A

7%

29
Q

Lost mobile devices
_____% of smartphones lost each year.
About ______% had sensitive data… and most of those were NOT protected at all!

A

5%
60%

30
Q

Flash drives – about _______% of companies surveyed experienced the loss of sensitive/confidential information because of lost USB flash drives

A

70%

31
Q

What is Shoulder Surfing? What is the attacker’s goal?

A

Watching over someone’s shoulder to see confidential data to use against you

32
Q

Dumpster Diving

A

A company’s dumpster can be a “Gold Mine of Information” to cybercriminals.

33
Q

What kinds of information might be in dumpster?

A

Phone lists, printouts, and media

34
Q

What kinds of things contain the desired information in dumpster?

A

Computers, copy machines, servers

35
Q

How would the cybercriminals use dumpster information?

A

Pre-attack research

36
Q

Equipment Disposal

A

Selling obsolete computers or returning leased copy machines at the end of a contract

37
Q

What risk must be considered when disposing of obsolete equipment?

A

Improper disposal is a huge risk

38
Q

What is a “bug”?

A

A mistake, error while programming or didn’t think about something so they didn’t protect against it
Programming flaw or oversight that can be exploited

39
Q

Is it reasonable to expect that large software systems would be truly and totally bug-free? Why?

A

No. We are human beings, we make mistakes

40
Q

What can an attacker do with a bug?

A

Only those bugs that can be exploited by an attacker cause vulnerability
Can gain full control of your machine to attack other computers and run undesired program code, unauthorized data access, gain full control; they exfiltrate your data

41
Q

What are the three user password vulnerabilities? Why is each a problem?

A

Sticky note
Guessable
Lack of complexity
Brute Force Attacks

42
Q

What is a default password? Why is this a possible vulnerability?

A

install the software or hook up equipment then use the default password to configure it
Anyone who knows the default password or could look it up and then they have entrance to your network
The manufacturer hopes you will then change the password to something else to create security, but a lot of people just leave the default password

43
Q

Organizations spend most of their IT security dollars protecting _____________.

A

the campus (castle walls)

44
Q

Mobile devices are largely unprotected because they spend much time _________________.

A

outside the castle walls

45
Q

In what sense is mobile device contact sync a tech vulnerability?

A

Contact sync can take corporate contact info from the mobile device and synchronizing it into another place like Facebook without the organization’s knowledge or consent

46
Q

What is social engineering?

A

the attempt to exploit or trick or fool a naïve insider (an employee) into doing something they shouldn’t do that harms the organization and gives the attacker leverage

47
Q

How is social engineering done?

A

The attacker manipulates our natural desire to be helpful and trusting of the other person

48
Q

What steps does an attacker take to exploit this vulnerability? (Social engineering)

A

baby steps, research your victim, and ask for help

49
Q

How does CERT define the term “insider”?

A

current or former employee, contractor or other partner who has or had authorized access and intentionally misused that access to harm your organization

50
Q

A 2021 survey of companies and insider threats discovered that…
_______% had experienced an insider data breach in the last year.
The average cost of insider security breaches was _______________ per company.

A

94%
$11.5 million

51
Q

Reading: Beautiful Social Engineering Attack
What did the chemical engineer do that enabled the hacker to find him?

A

He included his employer info on his Facebook page then posted him at trivia night

52
Q

Reading: Beautiful Social Engineering Attack
How did the hacker gain the chemical engineer’s confidence?

A

A beautiful woman approached and spoke to him about tech and working for IBM then gave him her business card, merch, and a flash drive

53
Q

Reading: Beautiful Social Engineering Attack
What method did the hacker use to gain access to the target company’s entire email system?

A

A flash drive being put into a computer and then the email network is compromised

54
Q

Some people think that the attackers are “just kids” showing off their tech skills. True?

A

They believe this bc of movies from the 80s but that’s not the reason why anymore

55
Q

What are the two real drivers behind modern cyber-attacks?

A

money and power

56
Q

What type of attacker is the source of most malicious hacking?

A

Cyber-crime syndicates

57
Q

Describe the characteristics of modern cybercrime syndicates

A

Syndicates: A large organization that is well organized with multiple departments; Large groups, very professional; Money: underground economy; Effective: Russian crime ring got 1.2 billion login credentials

58
Q

Describe the characteristics of Cybercrime-as-a-Service.

A

Service: An org can go on the dark web and buy cybercrime as a service; Ransomware kit is from $66; DDoS attacks; Spamming is $10 per 1,000,000 US emails; Pay-per-install is $100 per thousand US victims; Custom programming has variable prices and options

59
Q

What is IP?

A

intellectual property: anything you create with your brain; creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images used in commerce

60
Q

Why do IP thieves typically steal it?

A

Incredibly valuable; can be the heart of what gives a company its value; Steal and sell

61
Q

What’s a typical methodology?

A

gain access, unauthorized file access, intercept email, and stay hidden

62
Q

Be able to describe the characteristics of an “Advanced Persistent Threat.”

A

major skills, a dangerous enemy, sometimes called a determined human adversary
in it for the long haul; determined to beat you; their job is easier than yours bc they only must get it right once to break through your defenses while you have to stop them every single time without failure
Not deterred by early failures; Repeated attacks; Variety of techniques; Significant resources from sponsors

63
Q

What is a backdoor?

A

their own piece of software that lets them access your system undetected anytime they want; their own private door that lets them in whenever instead of being detected through the main door

64
Q

Hacktivists – what characteristics typify hacktivist groups?

A

combo of two words, hacking and activism; people who use hacking for the purpose of accomplishing a cause; their method of doing activism; Loosely organized groups who are dedicated to political activism and they will accomplish their goals at a strategic level through several different strategies

65
Q

What strategies do hacktivisits use to accomplish their goals?

A

monetary pain, embarrass victim, and seek public support; do this thru denial of service attacks and info exposure

ISM3004 (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions