ITSAC - Module 3 Flashcards

1
Q

Refers to the practice of protecting digital devices, systems, and networks from unauthorized access, theft, damage, or other malicious activities.
It includes various methods and technologies that are used to safeguard information, such as firewalls, encryption, authentication, and intrusion detection systems.

A

Cyber Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malicious software designed to harm, exploit, or disrupt devices, networks, or data. Examples include viruses, ransomware, and spyware.

A

malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A cyber attack where attackers impersonate legitimate entities (e.g., banks, companies) to trick users into providing sensitive information like passwords or credit card details.

A

phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A targeted form of phishing where attackers customize messages to a specific individual or organization to gain access to confidential data.

A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An attack where a hacker intercepts and alters communication between two parties without their knowledge, often to steal sensitive information.

A

Man-in-the-middle attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An attack that overwhelms a system, network, or website with excessive traffic, causing it to slow down or crash, making services unavailable.

A

Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A cyber attack that exploits vulnerabilitiesin a website�s database by injecting malicious SQL code to gain unauthorized access to sensitive data.

A

SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A type of cyber attack that manipulates the Domain Name System (DNS) to redirect users to fraudulent websites or disrupt network services.

A

DNS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

is constantly evolving and changing as new threats and vulnerabilities emerge. In recent years, there has been a significant increase in cyber attacks, data breaches, and other cyber threats, which has led to a heightened focus on cyber security.

A

Cyber Security Landscape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the most prevalent emerging business risk

A

ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

THE ANATOMY OF RANSOMWARE

A
  1. Reconnaissance - gathering and analyzing infos to select vulnerabiities to enter the org
  2. Delivery - gaining access to org’s networks and data (phishing, SQL inject, web)
  3. Exploitation - installing backdoors, exploiting alternative vulnerabilities, and exfiltrating or destroying data
  4. Impact - demand for ransom and operational capabilities after recovery efforts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

� refers to adhering to laws, Regulations, and industry standards that govern the use and protection of digital data

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Developing and implementing strategies to prevent, detect, respond, and recover from cyber attacks
  • requires testing and updating security measures regularly to adapt to new threats and vulnerabilities
A

Resilience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

THE NIST CYBERSECURITY FRAMEWORK

A
  1. Identify - what procecesses and assets need protection?
  2. Protect - implement appropriate safeguards to ensure protection of the enterprise’s assets
  3. Detect - implement approriate mechanisms to identify the occurence of cybersecurity incidents
  4. Respond - develop techniques to contain the impacts of cybersecurity events
  5. Recover - implement the appropriate proccesses to restore capabilities and services impaired due to cybersecurity events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • what procecesses and assets need protection?
A

Identify

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • implement appropriate safeguards to ensure protection of the enterprise’s assets
17
Q
  • implement approriate mechanisms to identify the occurence of cybersecurity incidents
18
Q
  • develop techniques to contain the impacts of cybersecurity events
19
Q
  • implement the appropriate proccesses to restore capabilities and services impaired due to cybersecurity events