IS 414 Flashcards
Determining Risk Infographic
https://byu.app.box.com/s/vzl0tx8nkjj3y019altmb7e286c00ba0
Asset - threat - vulnerability - controls
impact - likelihood
level of risk
FAIR Institute Asset Value is determined by:
Criticality
Cost
Sensitivity
Control Identification
- Effective Controls decrease threats and/or decrease
likelihood
■ Process Controls
■ Security Controls
– Physical
– Network
– Host
Risk Treatment Options
- Reduction/ Mitigation
- Retention
– Give up, agree to live with it - Avoidance
– Peace out. Leave the market - Transfer
– Give risk to someone else.
insurance.
Define Fraud
-Gaining an unfair advantage over another person
Legally, for an act to be fraudulent there must be:
- a false statement, representation or disclosure
- a material fact that induces a person to act
- an intent to deceive
- a justifiable reliance; the person relies on the misrepresentation to take an action
- an injury or loss suffered by the victim
What are the 3 parts of the Fraud Triangle?
Opportunity, rationalization, &
pressure
What’s the definition of ‘Fraud’?
Any deceptive activity carried out online to illegally gain access to sensitive information or assets, typically with the intent to steal money, personal data, or other valuables, often achieved through tactics like phishing, identity theft, or malicious software (malware) like ransomware
What is Risk?
Risk is the potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability
What is the Risk Formula?
Risk = Threat x Vulnerability x Asset Value
Risk = Impact x Livelihood
What is the Security Formula?
SECURITY =
MANAGING AN ACCEPTABLE
LEVEL OF RISK
How do controls affect the risk equation?
Level of Risk = ASSET * (VULNERABILITY * THREAT) / CONTROL
What are the Forms of Loss Associated with Assets
- Decreased Productivity
- Replacement Cost
- Expenses Incurred Handling Loss
- Fines or Legal Judgments
- Diminished Competitive Advantage
- Reputation
What is Primary v. Secondary Asset Loss
■ Primary Loss
– Related to asset itself
– E.g., replacement cost of asset
■ Secondary Loss
– Related to organization and external factors
– E.g., GDPR fine for data breach
How is asset value determined?
- Criticality
- Cost
- Sensitivity
■ Reputation (embarrassment)
■ Competitive advantage
■ Legal/Regulatory
■ Other
What does OWASP use for estimating likelihood?
Threat Agent Factors
■ Skill level
■ Motive
■ Opportunity
■ Size
Vulnerability Factors
■ Ease of Discovery
■ Ease of Exploit
■ Awareness
■ Intrusion Detection
What does OWASP use for estimating impact?
Technical Impact Factors
■ Loss of confidentiality
■ Loss of integrity
■ Loss of availability
■ Loss of accountability
Business Impact Factors
■ Financial damage
■ Reputation damage
■ Non-compliance
■ Privacy violation
Define each of these Risk Treatments/Responses:
■ Reduction/Mitigation
■ Retention
■ Avoidance
■ Transfer
Reduction/Mitigation
– Implementing controls to lower the impact or likelihood of a risk.
– Example: A company installs a firewall and anti-virus software to reduce the risk of cyberattacks.
Retention
– Accepting the risk without taking action because it is deemed low impact or cost-prohibitive to mitigate.
– Example: A business acknowledges the possibility of minor system downtime but chooses not to invest in backup servers.
Avoidance
– Eliminating the risk entirely by removing the activity or asset associated with it.
– Example: A company decides not to store customer credit card information to avoid the risk of a data breach.
Transfer
– Shifting the risk to a third party, often through insurance or outsourcing.
– Example: A business purchases cybersecurity insurance to cover potential financial losses from cyber incidents.
What is an Asset?
Anything of value that is owned
What are Controls?
Any safeguard or a countermeasure which can avoid, detect, counteract or minimize a loss.
Stuff we put in place to mitigate vulnerabilities and prevent threats
Often times, they don’t impact the value of an asset, but they greatly impact the vulnerability and threat.
What is a Threat?
A potential cause of an unwanted incident, which may result in harm to a system or organization. It can be any circumstance or event with the potential to exploit vulnerabilities and adversely impact assets, thereby causing loss or damage.
What is a vulnerability?
A flaw or weakness in a system’s design, implementation, operation, or management that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing. It is the gap through which attackers can infiltrate a system.
What is Impact?
Refers to the potential damage or adverse effects on the organization if a specific risk is realized. This could involve financial loss, reputational damage, legal consequences, or operational disruption.
What is Likelihood?
Likelihood: Measures the probability of a particular risk event occurring. Factors influencing likelihood include the presence of vulnerabilities, the effectiveness of current controls, and the activity level of potential threats.
What is Vulnerability?
Indicates the weaknesses or flaws within the system that could potentially be exploited. A higher number or severity of vulnerabilities increases the risk.
Can you eliminate risk?
No, You can only mitigate it.
What are the main 3 risk frameworks?
-Octave Forte
-NIST SP 800-30
-ISO 27005
What is Asset Identification?
Often times automated
—Endpoint management tools
—SNMP network monitoring
—Ad hoc scripting
Identification often includes valuation
—Cost to replace
—Value provided to org.
—Value to hacker
— cost of noncompliance with laws or regulation (fines)
What are Forms of Loss Associated with Assets? (FAIR Institute)
- Decreased Productivity
- Replacement Cost
- Expenses Incurred Handling Loss
- Fines or Legal Judgments
- Diminished Competitive Advantage
- Reputation
What is the CIA Triad?
The CIA Triad is a foundational model in cybersecurity that ensures the security of information systems. It consists of three key principles:
Confidentiality – Ensuring that information is accessible only to authorized individuals.
— Example: Using encryption to protect sensitive data from unauthorized access.
Integrity – Ensuring that data remains accurate, unaltered, and trustworthy.
—Example: Implementing checksums and hash functions to verify that files have not been tampered with.
Availability – Ensuring that information and systems are accessible when needed.
—Example: Using redundant servers and backup power supplies to prevent downtime.
Together, these principles help maintain the security and functionality of information systems.
What do Effective Controls do? (their purpose)
-Effective Controls decrease threats and/or decrease likelihood
-Process Controls
-Security Controls
- - Physical
- - Network
- - Host
What is an example of a qualitative assessment and a quantitative assessment?
Qualitative: Risk Level Matrix
Quantitative: CVSS
What does Nmap do?
Nmap is a network scanning tool used for port scanning, host discovery, and service enumeration. It helps security professionals map a network, identify active devices, and determine what services and operating systems are running.
Example Use: A penetration tester uses Nmap to scan a company’s IP range to find open ports and running services before attempting an attack.
What does Nessus do?
Nessus is a vulnerability scanner used to identify security flaws in a network. It detects misconfigurations, missing patches, and known vulnerabilities by scanning systems against an extensive vulnerability database.
Example Use: A company runs Nessus to scan its network for unpatched software vulnerabilities and compliance issues.
What is the Cyber Kill Chain Model?
A stop at any of these steps kills the entire cyber attack:
Cyber Kill Chain (Attack Stages)
Reconnaissance – Gather target info (OSINT, scanning).
Weaponization – Create malware/exploit.
Delivery – Send payload (email, USB, website).
Exploitation – Execute attack via vulnerability.
Installation – Deploy malware/backdoor.
Command & Control (C2) – Connect to attacker’s server.
Actions on Objectives – Steal data, disrupt, or ransom.
Purpose: Helps detect, prevent, and respond to cyberattacks.
What is attack surface?
The amount of exposure a system has to attacks.
How can we tell what OS is being used?
OS Fingerprinting responds to scans in certain ways from Nmap or Nessus that helps us guess which OS it is.
What is TAP?
TAP (Traffic Access Point): A hardware device that passively copies network traffic for monitoring without interfering with normal operations.
TAPs are hardware-based, ensuring full packet capture without dropping data.
What is SPAN?
SPAN (Switched Port Analyzer): A switch feature that mirrors network traffic from one or more ports to a monitoring port for analysis.
Explanation:
SPAN is software-based, but can miss packets under heavy loads due to switch prioritization.
What is Heartbleed?
A critical vulnerability in OpenSSL that allowed attackers to steal sensitive data from memory of affected servers.
Explanation:
* Exploited a bug in OpenSSL’s Heartbeat feature, allowing access to unencrypted passwords, private keys, and session data.
* Affected millions of websites, including Yahoo and government agencies.
Example:
* Attackers used Heartbleed to steal private encryption keys, allowing them to decrypt sensitive user communications.
What are honeypots?
Definition:
A decoy system designed to attract attackers and study their behavior.
Explanation:
* Can be low-interaction (fake services) or high-interaction (realistic OS).
* Helps organizations learn about new attack techniques and distract attackers from real assets.
Example:
* A company sets up a honeypot server with fake credentials, tricking attackers into revealing their tactics.
What is session hijacking?
Definition:
An attacker takes control of an active user session by stealing or guessing a session token.
Explanation:
* Can be done through packet sniffing, predictable session IDs, or XSS attacks.
* Often targets web applications and online banking sessions.
Example:
* A hacker steals a victim’s authentication cookie using an XSS exploit, then logs in as the victim without needing credentials.
What is hardening?
Hardening refers to strengthening the security of a system, application, or network by reducing vulnerabilities and attack surfaces.
________________________________________
Goals of Hardening
* Reduce attack surface by removing unnecessary services, applications, and privileges.
* Increase system resilience against cyber threats like malware, unauthorized access, and exploits.
* Ensure compliance with security standards (e.g., NIST, CIS, ISO 27001).
* Prevent unauthorized access by enforcing least privilege and strong authentication.
________________________________________
How and Why to Do Hardening?
How to Harden a System:
1. Apply security patches and updates to fix vulnerabilities.
2. Disable unnecessary services and applications to reduce the attack surface.
3. Enforce strong authentication and access control (e.g., MFA, least privilege).
4. Implement security monitoring and logging to detect anomalies.
5. Enable encryption for data protection.
6. Use firewalls and anti-malware solutions to block threats.
Why Hardening is Important?
* Minimizes security risks by removing potential attack vectors.
* Improves system stability and reliability by preventing exploits.
* Reduces insider threats by restricting access and monitoring activities.
What is patch management?
fix security vulnerabilities and improve performance.
How It Works:
* Regularly check for patches from vendors (e.g., Microsoft, Linux, Adobe).
* Test patches in a controlled environment before deployment.
* Apply patches promptly to prevent exploitation of known vulnerabilities.
* Automate patching where possible using tools like WSUS, SCCM, or third-party solutions.
Example:
* The WannaCry ransomware attack exploited an unpatched SMB vulnerability in Windows. Organizations that applied the MS17-010 patch were protected
What are firewalls?
Definition:
A firewall is a security system that monitors and controls network traffic based on predefined security rules.
Types of Firewalls:
* Packet Filtering Firewall: Examines packets and blocks traffic based on IP addresses, ports, and protocols.
* Stateful Firewall: Tracks active connections and blocks unauthorized sessions.
* Application-Layer (Next-Gen) Firewall: Inspects application data (e.g., HTTP, FTP) to detect threats.
Example:
* A firewall blocks incoming traffic from an attacker’s IP address after detecting repeated failed login attempts
What is anti-virus/ anti-malware?
Software that detects, blocks, and removes malicious programs such as viruses, worms, Trojans, and ransomware.
How It Works:
* Signature-based detection: Compares files against a database of known malware signatures.
* Behavioral analysis: Identifies suspicious activities, such as unauthorized file encryption (ransomware).
* Heuristic scanning: Detects unknown malware by analyzing code patterns and behaviors.
Example:
* An anti-malware solution detects a malicious email attachment containing a trojan and quarantines the file before it executes
What is sandboxing?
A controlled, isolated environment where untrusted or suspicious code is executed without affecting the main system.
How It Works:
* Suspicious files, applications, or scripts are executed in a virtual environment.
* The system monitors behavior and determines if the code is malicious before allowing execution.
Example:
* A security analyst runs a suspicious email attachment in a sandbox to check for malware without endangering the network
What is encryption?
Encryption is the process of converting plaintext into unreadable ciphertext using an algorithm and a secret key.
Types of Encryption:
* Symmetric Encryption (AES, DES): Uses a single key for encryption and decryption.
* Asymmetric Encryption (RSA, ECC): Uses a public key for encryption and a private key for decryption.
* Hashing (SHA-256, MD5): Converts data into a fixed-length hash value that cannot be reversed.
Example:
* HTTPS encryption protects sensitive data (passwords, credit card info) during online transactions
What are password best practices?
Best Practices for Strong Passwords:
* Minimum length of 12-16 characters
* Use a mix of uppercase, lowercase, numbers, and symbols
* Avoid common words and predictable sequences
* Use password managers to store complex passwords
* Implement Multi-Factor Authentication (MFA)
Example:
* Instead of using “password123”, use “G$9k&4!bTz7@Qp” stored in a password manager
What is mobile hardening?
Security measures applied to smartphones, tablets, and other mobile devices to prevent unauthorized access, malware, and data breaches.
Key Strategies:
* Enable encryption: Encrypt internal storage and SD cards.
* Use biometrics & strong PINs: Prevent unauthorized access.
* Disable unnecessary permissions & apps: Reduce attack surface.
* Keep OS and apps updated: Patch vulnerabilities.
* Use Mobile Device Management (MDM): Enforce security policies in corporate environments.
Example:
* An organization enforces device encryption and remote wipe capabilities on all employee smartphones
- What is the primary goal of system hardening?
A. Increasing system speed
B. Reducing vulnerabilities
C. Allowing remote access
D. Improving network latency
B. Reducing vulnerabilities ✅
- What is the main advantage of using a sandbox for malware analysis?
A. Malware can be executed safely without harming the main system
B. It improves network performance
C. It prevents all cyberattacks
D. It allows unrestricted execution of all files
A. Malware can be executed safely without harming the main system ✅
- Which of the following statements about firewalls is true?
A. They can only be used on enterprise networks
B. They block all incoming traffic by default
C. They monitor and filter network traffic based on security rules
D. They replace the need for anti-virus software
C. They monitor and filter network traffic based on security rules ✅
- What is a benefit of full-disk encryption?
A. It speeds up system performance
B. It protects data even if the device is physically stolen
C. It prevents all types of cyberattacks
D. It eliminates the need for passwords
B. It protects data even if the device is physically stolen ✅
- Which of the following mobile hardening techniques ensures that a lost or stolen device does not expose sensitive data?
A. Installing third-party apps
B. Enabling remote wipe capabilities
C. Using an older OS version
D. Disabling screen lock security
B. Enabling remote wipe capabilities ✅
What are defensible networks?
A defensible network is designed with layers of security to detect, delay, and respond to cyber threats effectively.
Explanation:
* Uses network segmentation, zero trust principles, and least privilege access.
* Incorporates firewalls, IDS/IPS, logging, and monitoring for proactive security.
Example:
* A company segments its internal network so that sensitive HR and finance systems are isolated from general employee access.
What are Denial-of-Service (DoS) Attacks?
An attack that floods a target system with traffic or requests, making it unavailable to legitimate users.
Explanation:
* DoS (Denial-of-Service): Single-source attack, overloading a system.
* DDoS (Distributed DoS): Multiple compromised devices (botnets) flood a target.
Example:
* A hacker uses a botnet to overwhelm an online retailer’s website with fake traffic, causing downtime and lost revenue.
What is Intrusion Prevention Systems (IPS)?
A security device that monitors network traffic and actively blocks malicious activity before it reaches a system.
Explanation:
* Works inline with network traffic (compared to an IDS, which is passive).
* Can block attacks like SQL injections, malware, and port scans.
Example:
* An IPS detects and blocks an attacker’s attempt to exploit a web server vulnerability in real time.
What is Intrusion Detection Systems (IDS)?
Intrusion Detection Systems (IDS)
Definition:
A system that monitors network traffic for suspicious activity but does not take direct action.
Explanation:
* Host-based IDS (HIDS): Monitors system logs and files for anomalies.
* Network-based IDS (NIDS): Monitors network traffic for suspicious patterns.
Example:
* A NIDS alerts security analysts to unusual outbound connections that could indicate a data exfiltration attempt
What are Man-in-the-Middle Attacks?
Man-in-the-Middle (MitM) Attack
Definition:
An attacker intercepts and alters communication between two parties without their knowledge.
Explanation:
* Can be done via rogue Wi-Fi hotspots, ARP spoofing, or SSL stripping.
* Often used for eavesdropping, credential theft, or injecting malicious content.
Example:
* A hacker sets up a fake public Wi-Fi network at a coffee shop and captures users’ login credentials when they access their bank accounts
What’s the list of Wireless Security Threats?
KRACK (Key Reinstallation Attack)
Evil Twins
Rogue APs (Access Points)
ARP/DNS Spoofing
What is KRACK (Key Reinstallation Attack)?
An attack on WPA2 encryption that allows an attacker to decrypt Wi-Fi traffic.
* Example: An attacker forces a device to reuse an encryption key, allowing them to intercept network traffic.
What are Evil Twins attacks?
A fake Wi-Fi access point that mimics a legitimate one to trick users into connecting.
* Example: A hacker sets up a fake “Starbucks Free Wi-Fi” to steal passwords.
What are Rogue APs (Access Points)
Unauthorized Wi-Fi access points connected to a secure network.
* Example: An employee plugs in their own Wi-Fi router, unintentionally exposing the corporate network to attackers.
What is ARP/DNS Spoofing?
Manipulating network address resolution to redirect traffic to a malicious actor.
* Example: An attacker spoofs DNS records, directing users to a fake banking website
What is Cloud Security?
Protecting data, applications, and services hosted in cloud environments from cyber threats.
Explanation:
* Shared responsibility model: Cloud providers secure infrastructure; users secure data and access controls.
* Risks include misconfigured storage (S3 buckets), insider threats, and API vulnerabilities.
Example:
* A company fails to properly configure cloud storage, exposing sensitive customer data to the public
What is virtualization?
o Virtualization is the process of creating a virtual version of computing resources, such as servers, storage, networks, or operating systems, rather than relying on physical hardware. It allows multiple virtual machines (VMs) to run on a single physical machine, each with its own OS and applications.
Benefits of Virtualization
o Resource Efficiency – Maximizes hardware utilization by running multiple VMs on a single physical server.
o Cost Savings – Reduces the need for physical hardware, lowering capital and operational costs.
o Scalability – Enables quick deployment and scaling of virtualized environments.
o Isolation & Security – Each VM operates independently, reducing the risk of malware spreading between them.
o Disaster Recovery – Virtual machines can be backed up, cloned, and easily restored.
o Portability – VMs can be moved across different physical machines, even in different locations
What is a Hypervisor?
o A hypervisor (or Virtual Machine Monitor, VMM) is the software that allows multiple virtual machines to share the same physical hardware. It manages the allocation of CPU, memory, and other resources to each VM.
What’s the difference between type 1 and type 2 hypervisors?
Type-1 Hypervisor (Bare-Metal Hypervisor)
o Runs directly on the physical hardware without a host operating system.
o More efficient and secure because it has direct access to system resources.
o Used in enterprise environments and cloud computing.
o Use Case: Large-scale data centers and cloud providers like AWS, Google Cloud, and Azure use Type-1 hypervisors for efficient resource allocation and scalability.
o ________________________________________
o Type-2 Hypervisor (Hosted Hypervisor)
o Runs on top of an existing operating system (like Windows, macOS, or Linux).
o Easier to set up but has more overhead since it relies on the host OS for resource management.
o Used for development, testing, and running multiple OS environments on a single machine.
o Use Case: Developers use Type-2 hypervisors to test applications across different operating systems on a single device
What is Elicitation?
The process of subtly extracting information from a target without raising suspicion.
Example: An attacker casually asks an employee about company security policies during a friendly chat.
What is preloading?
Using prior exposure to influence perception or behavior.
Example: A scam email includes a fake security warning to make the recipient more likely to comply with a request.
What are the persuasion principles?
Authority
Reciprocity
Commitment & Consistency
Social Proof
Liking
Scarcity
In persuasion principles, what is Authority?
People tend to comply with figures of authority.
* Example: An attacker impersonates a high-ranking executive in a phishing email, demanding urgent action (e.g., wiring money or resetting credentials).
In persuasion principles, what is Reciprocity
People feel obligated to return favors.
* Example: A scammer offers a “free” security audit in exchange for login credentials or confidential information.
In persuasion principles, what is Commitment & Consistency
Once people commit to something, they tend to stick with it.
* Example: An attacker first gets a small agreement from a target (e.g., confirming their role) and later requests access to sensitive information
In persuasion principles, what is Social Proof
People follow the actions of others, especially in uncertain situations.
* Example: A phishing email claims that “90% of employees have already completed this security training—click here to finish yours!”
In persuasion principles, what is Liking
People are more likely to comply with requests from those they like.
* Example: An attacker builds rapport with a target over shared interests before making a request.
In persuasion principles, what is Scarcity
People place higher value on things that seem limited or urgent.
* Example: A phishing email warns that an account will be locked in 24 hours unless the target acts immediately.
What are rapport principles?
Techniques used to build trust and familiarity with a target.
Example: An attacker mirrors the speech and interests of a target to make them feel comfortable and open up.
What is Pretexting?
– Creating a fabricated scenario to obtain information or access.
Example: A hacker pretends to be an IT support technician to trick an employee into revealing login credentials.
What is impersonation?
Posing as someone else to gain trust and manipulate a target.
Example: An attacker dresses as a delivery driver to gain entry into a secure building
What is phishing?
Mass email scams designed to steal information.
Example: A fake PayPal email asks users to update their passwords via a malicious link.
What is spearphishing?
: Targeted phishing attacks against specific individuals.
Example: A fake email tailored for a CFO tricks them into wiring money
What is Vishing?
Voice-based phishing attacks over the phone.
Example: A scammer calls pretending to be a bank representative to obtain account details
What is password profiling?
Gathering personal information to guess or crack passwords.
Example: An attacker studies a target’s social media for pet names, birthdays, and favorite bands to generate likely passwords
Sony Case: Who are the key stakeholders?
Rogen and James Franco (writer/actor/director
Kim Jong-Un
North Korea
moviegoers
free-speech advocates
hackers and nation-state actors
Sony leadership and employees
Sony Case: What did the organization do in advance of the attack (from a security or business perspective)?
Basic security controls
Some access controls
Poor IT infrastructure and patch management
Poor threat detention
Underestimated nation-state cyber threats
Sony Case: How was the hack started? How did it progress? What was the outcome?
Sony had a reputation of being hackable. Sony was putting questionable stuff on CD’s that also made the user’s stuff more vulnerable.
“The Interview” movie made North Korea mad, threatened Sony. Sony employees had easy passwords, unencrypted emails.
Started by spearphishing using false Apple ID links to a fake sign in page that stole account passwords. Not current antivirus programs. Hackers moved unilaterally across Sony systems, transfers of data went undetected for months.
Hackers put violent images and warnings on Sony computers announcing hack.
Systems shut down extremely. Lost data. Data was released to public. Leaked movies, salaries, criminal background checks, medical data, etc.
First time FBI attributed cyberattack to a nation-state
In response, Sony adjusted data storage practices, only retained info in current-use projects, rest to be encrypted and stored separate. Downgrading admin privileges. Limited employee internet access until they rebuilt a more secure network.
Sony Case: What did the organization do right? What did they do wrong?
Did right:
involved the FBI and others quickly to mitigate further damage.
Regained public trust
Worked with government agencies
Made long-term cybersecurity improvements after the fact
Did wrong:
Lack of Strong Cybersecurity Measures
Failure to Detect & Respond Quickly
Weak Internal Security Policies
Insufficient Backups & Recovery Plans
Delayed and Controversial Response
What is Information Privacy?
Refers to the desire of individuals to control or have some influence over data about themselves?
What is the difference between confidentiality and privacy?
Confidentiality focuses on protecting an organization’s intellectual property.
Privacy deals with protecting customer information rather than internal company information
What are the 8 GDPR privacy rights?
8 GDPR privacy rights (also called data subject rights):
The right to be informed – Individuals must be informed about the collection and use of their personal data.
The right of access – Individuals can request access to their personal data and understand how it is being used.
The right to rectification – Individuals can request corrections to inaccurate or incomplete personal data.
The right to erasure (right to be forgotten) – Individuals can request the deletion of their personal data under certain conditions.
The right to restrict processing – Individuals can request to limit or restrict how their personal data is used.
The right to data portability – Individuals can obtain and reuse their personal data across different services.
The right to object – Individuals can object to the processing of their personal data, including for marketing purposes.
Rights related to automated decision-making and profiling – Individuals have rights related to decisions made without human involvement, including profiling.
What is Rights related to automated decision-making and profiling?: GDPR privacy rights
Rights related to automated decision-making and profiling – Individuals have rights related to decisions made without human involvement, including profiling.
What is The right to object?: GDPR privacy rights
The right to object – Individuals can object to the processing of their personal data, including for marketing purposes.
What is The right to data portability?: GDPR privacy rights
The right to data portability – Individuals can obtain and reuse their personal data across different services.
What is The right to restrict processing?: GDPR privacy rights
The right to restrict processing – Individuals can request to limit or restrict how their personal data is used.
What is The right to erasure (right to be forgotten)?: GDPR privacy rights
The right to erasure (right to be forgotten) – Individuals can request the deletion of their personal data under certain conditions.
What is The right to rectification?: GDPR privacy rights
The right to rectification – Individuals can request corrections to inaccurate or incomplete personal data.
What is The right of access?: GDPR privacy rights
The right of access – Individuals can request access to their personal data and understand how it is being used.
What is The right to be informed?: GDPR privacy rights
The right to be informed – Individuals must be informed about the collection and use of their personal data.
What are HIPAA Key Terms?
Covered Entity - plan, provider, or clearinghouse transmitting health info electronically
Required implementation specification - Must be implemented
Addressable implementation specification - Somewhat optional - Either must be implemented, an alternate, or demonstrate that specification is not required
What is Covered Entity? (HIPAA Key Terms)
Covered Entity - plan, provider, or clearinghouse transmitting health info electronically
What is Required implementation specification? (HIPAA Key Terms)
Required implementation specification - Must be implemented
What is Addressable implementation specification? (HIPAA Key Terms)
Addressable implementation specification - Somewhat optional - Either must be implemented, an alternate, or demonstrate that specification is not required
Weaponization: Cyber Kill Chain
Definition: The second phase of the Cyber Kill Chain, where attackers create a deliverable payload (e.g., malware, exploit) to compromise the target.
Key Actions:
- Coupling an exploit with a backdoor
- Creating malicious documents (e.g., PDFs, Word files)
- Developing weaponized malware (e.g., trojans, ransomware)
Example: Attackers craft a phishing email with a malicious attachment that exploits a software vulnerability.
Delivery: Cyber Kill Chain
Phase 3. How do I get it to my target?
Key Methods:
- Phishing emails (malicious attachments or links)
- Drive-by downloads (compromised websites)
- USB drops (infected removable media)
- Exploiting vulnerabilities in exposed services
Example: A hacker sends a phishing email with a malicious PDF that exploits a software vulnerability when opened.
Exploitation: Cyber Kill Chain
Fourth phase in the cyber kill chain. The delivered payload is executed to exploit a vulnerability and gain control over the target system.
Key Actions:
- Running malicious code on the target device
- Exploiting software vulnerabilities (e.g., zero-days, buffer overflows)
- Gaining initial foothold and privilege escalation
Example: A phishing email delivers a malicious PDF, which exploits an unpatched Adobe Reader vulnerability to execute malware.
Installation: Cyber Kill Chain
Fifth part of the cyber kill chain. Where attackers establish persistence by installing malware or backdoors on the compromised system.
Key Actions:
- Installing remote access trojans (RATs)
- Creating scheduled tasks or registry modifications
- Deploying rootkits or bootkits for stealth
Example: An attacker installs a RAT that allows continuous remote access, even after a system reboot.
Command and Control: Cyber Kill Chain
The sixth phase of the Cyber Kill Chain, where attackers establish a communication channel with the compromised system to maintain remote control. Hacker is able to remotely control the malware once installed on the victims’ machines
Key Actions:
- Using malware to create a covert communication channel
- Employing protocols like HTTP, HTTPS, DNS tunneling, or custom C2 frameworks
- Encrypting C2 traffic to evade detection
Example: A compromised system connects to a malicious server via an encrypted HTTPS request, allowing attackers to issue commands remotely.
Actions on Objectives: Cyber Kill Chain
The final phase of the Cyber Kill Chain, where attackers achieve their ultimate goal, such as data theft, system disruption, or destruction.
Key Actions:
- Data exfiltration (stealing sensitive information)
- Privilege escalation (gaining higher access)
- Lateral movement (spreading within the network)
- Destruction or encryption (deploying ransomware or wiping data)
Example: An attacker exfiltrates customer data from a database and sells it on the dark web.
Who are The Guardians of Peace (GOP), AKA Lazarus group?
The Guardians of Peace (GOP) was the hacker group responsible for the 2014 Sony Pictures hack. They infiltrated Sony’s network, stealing and leaking confidential data, including unreleased films, employee emails, and financial records. The attack also involved destructive malware that wiped company systems.
What are the 4 security threats?
Interception
modification
Interruption
Fabrication
What are the 5 Security Principles?
Confidentiality (threatened by interception)
Integrity (modification)
Availability (Interruption)
Authenticity (fabrication)
Non-Repudiation (fabrication)
Encryption - Symmetric vs Asymmetric Key
Symmetric - a single private cryptographic key is used by sender and receiver for encryption and decryption
Stream cipher - encrypt one bit at a time
Block cipher - encrypt group bits at a time
Asymmetric - Public key is sent, Receiver has their private key to decrypt
What is AES?
Advanced Encryption Standard
-very fast encryption
