Intro Flashcards
Cybersecurity
-the practice of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information
-CIA triad
Confidentiality
-keeping important information secret so that only the right people can see it.
-keeping information confidential helps protect it from hackers or strangers who may want to change or steal it
Integrity
-making sure that information stays accurate and isn’t changed by accident or on purposes
-making sure that data stays correct and trustworthy
Availability
-making sure that the information or services you need are always there when you need them
-keeping websites, apps, and computers running smoothly so that people can use them whenever they need them.
Risk
the potential for harm or loss when a threat (hacker or malware) exploits a weakness in a system or network.
-a combination of threats and vulnerabilities
Threat
the possibility of something bad happening (cyberattack)
-Ex: viruses & phishing
Vulnerability
A weakness in the system that could be exploited by that threat
-Ex:
Control
setting rule and limits to protect information and systems.
-decide who can access certain files, websites, or apps.
-EX: passwords, firewalls, antivirus software
Firewall
A protective wall around your computer or network that decides who can come in and who can’t
Phishing
a trick where attackers pretend to be someone you trust, like a company or a friend, to steal personal information such as passwords, credit card number or login details
-Ex: Fake email
virus
a bad program that can sneak into your computer and cause problems
Malware
any software intentionally designed to cause damage to a computer, server, client, or computer network.
-Ex: Ransomware & Spyware
Ransomware
malicious software that locks or encrypts files on a computer or network, making them inaccessible to the user and the attacker demands payment in exchange for the information
-Ex: WannaCry & Petya/NoPetya
Encryption
A process that transforms readable date (plain text) into a unreadable formate (ciphertext) using a specific algorithm and encryption key.
-Ex: SSL/TSL & File Encryption
Lilkelihood
The probability or change that a specific threat or vulnerability will exploit a system or lead to a security incident.
-Key Points: Risk assessment, factors, risk calculation, & categories
Impact
The magnitude of harm expected to result from the compromise of the CIA of a resource system.
Cyber risk
The risk to a business due to the failure of a business function depended t on digital technologies
Risk framing
Creates a risk management strategy that details how risks are assessed, responded to & monitored
Assessing risk
Identifies, protists & estimates the risks to corporate assets
Monitoring risk
Effectiveness of implementing risk controls & compliance focused measures
Responding to Risk
Determines the appropriate approach to addressing an identified risk
NIST - National Institute of Standards and Technology
Cybersecurity framework is a voluntary set of guidelines, standards and best practices
-5 Primary Functions: Identify (understanding what the risks are, what needs to be protected and managing those things), Protect (putting things in place to keep those things in place and protected), Detect (activities and procedures that are put in place to quickly identify and alert people of potential risks, Respond (taking action when an incident occurs to prevent or limit damage) & Recover (develop and put plans in place to get back to normal).
Risk Management Framework
a structured approach used to identify, assess, and reduce risks to an organization’s digital systems.
-Identify: What things could go wrong
-Assess: How bad would it be it the thing(s) went wrong
-Develop a plan: How can the risks be reduced or managed?
-Implement the plan: Put the plan in action
-Monitor & Review: Keep and eye on the defenses. Update frequently.
