ITSAC - Module 3 & 4 Flashcards
Refers to the practice of protecting digital devices, systems, and networks from unauthorized access, theft, damage, or other malicious activities.
It includes various methods and technologies that are used to safeguard information, such as firewalls, encryption, authentication, and intrusion detection systems.
Cyber Security
Malicious software designed to harm, exploit, or disrupt devices, networks, or data. Examples include viruses, ransomware, and spyware.
malware
A cyber attack where attackers impersonate legitimate entities (e.g., banks, companies) to trick users into providing sensitive information like passwords or credit card details.
phishing
A targeted form of phishing where attackers customize messages to a specific individual or organization to gain access to confidential data.
Spear phishing
An attack where a hacker intercepts and alters communication between two parties without their knowledge, often to steal sensitive information.
Man-in-the-middle attacks
An attack that overwhelms a system, network, or website with excessive traffic, causing it to slow down or crash, making services unavailable.
Denial of Service
A cyber attack that exploits vulnerabilitiesin a website’s database by injecting malicious SQL code to gain unauthorized access to sensitive data.
SQL injection
A type of cyber attack that manipulates the Domain Name System (DNS) to redirect users to fraudulent websites or disrupt network services.
DNS attack
is constantly evolving and changing as new threats and vulnerabilities emerge. In recent years, there has been a significant increase in cyber attacks, data breaches, and other cyber threats, which has led to a heightened focus on cyber security.
Cyber Security Landscape
the most prevalent emerging business risk
ransomware
THE ANATOMY OF RANSOMWARE
- Reconnaissance - gathering and analyzing infos to select vulnerabiities to enter the org
- Delivery - gaining access to org’s networks and data (phishing, SQL inject, web)
- Exploitation - installing backdoors, exploiting alternative vulnerabilities, and exfiltrating or destroying data
- Impact - demand for ransom and operational capabilities after recovery efforts
– refers to adhering to laws, Regulations, and industry standards that govern the use and protection of digital data
Compliance
- Developing and implementing strategies to prevent, detect, respond, and recover from cyber attacks
- requires testing and updating security measures regularly to adapt to new threats and vulnerabilities
Resilience
THE NIST CYBERSECURITY FRAMEWORK
- Identify - what procecesses and assets need protection?
- Protect - implement appropriate safeguards to ensure protection of the enterprise’s assets
- Detect - implement approriate mechanisms to identify the occurence of cybersecurity incidents
- Respond - develop techniques to contain the impacts of cybersecurity events
- Recover - implement the appropriate proccesses to restore capabilities and services impaired due to cybersecurity events
- high-level overview or the org
- long term plan (5+ years)
- forward looking
- each level of division translates plan objectives into more specific objectives
- executive team (CEO, COO, CFO, CIO)
Strategic Planning
- methods used to achieve the strategy
- short term plan (1-2 year or less)
- includes specific goals, budget, resources
- breaks down strategil goals
- eg. project plans, resource acquisition, project budgets, project reviews
- Chief Information Security Officer (CISO) and security managers
Tactical Planning
- plan day to day running
- controlled via daily/weekly/monthly/annual
- inclued necessary tasks for all departments, communication, and reporting requirements
Operational Planning
High-level statements which define roles, responsibilities, and expectations for specific domain areas.
- general
- what to do & not to do in org
- “all company data should be protected from unauthorized access”
Policies
Specific low-level, mandatory controls that help enforce and support policies.
- how to comply to a certain policy
Standards
Recommended controls that help support standards or serve as a reference for when no applicable standard is available.
- not mandatory
- “use password manager”
Guidelines
Step-by-step instructions to accomplish policies, standards, and guidelines.
- specific
- how to change password
Procedures
- isa management-level document, often written by the company’s CIO, detailing the company’s philosophy on security.
- general policy to a whole
1. Enterprise information security policies
– is developed by an organization to outline the guidelines that govern the use of individual technologies in that organization.
- specific
2. Issue-specific security policies (ISSP)
- focus on the information security policies of particular systems. For example, policies for customer-facing applications, payroll systems, or data archive systems.
- identtify security needed
3. Systems-specific security policies
: An Introduction to Computer Security: The NIST Handbook
SP 800-12
: Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-14
: Guide for Developing Security Plans for Federal Information Systems
SP 800-18 Rev. 1
: Guide for Conducting Risk Assessments
SP 800-30 Rev. 1
: Guide for Applying the Risk Management Framework to Federal Information Systems: ASecurity Life Cycle Approach
SP 800-37 Rev. 1
: Managing Information Security Risk: Organization, Mission, and Information System View
SP 800-39
: Building an Information Technology Security Awareness and Training Program
SP 800-50
: Performance Measurement Guide for Information Security
SP 800-55 Rev. 1
: Information Security Handbook: A Guide for Managers
SP 800-100
