Lecture 1 - Introduction

Question 1

Some cyber attacks?

Answer 1

• phishing
• ransomware (publication or blockage of personal data)
• malware attacks ( file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker want)
• insider threats (insider information on security etc.)
• trade secrets and insider data theft
• data leaks and breaches

Question 2

Steps of the high level plan for a secure system?

Answer 2

• goal (the goal of the system is to protect assets from unauthorized entities)
• aspects of cyber security should be followed
• threat model
• policy
• mechanism

Question 3

What is the goal of a cyber security system?

Answer 3

To protect assets, so that only authorized or legible entities should be able to use certain features / read files / write files etc.

Question 4

What are the aspects of cyber security?

Answer 4

• confidentiality
• integrity
• availability
• authenticity
• accountability
• non-repudiation

Question 5

What is a high level plan for a secure system?

Answer 5

a systematic thought required to set up a successful defense

Question 6

What is a threat model?

Answer 6

assumptions about attacker i.e. what they can do to the system and how they would want to exploit it

Question 7

What is a policy?

Answer 7

plan/rules that will get your system to achieve a goal e.g. having user access levels, having file permissions. Note human components can also be part of the policy.

Question 8

Can a policy have human components? Example?

Answer 8

Yes. For example : no password sharing

Question 9

What is a mechanism?

Answer 9

Software/ hardware that will enforce the policy set out for the system.

Question 10

Is the a specific order required for the high level plan to work?

Answer 10

No, there isn’t a specific order, however some layering will be required to make a successfully secure system e.g. mechanism will always be after the policy (as it implements it)

Question 11

Why is cyber security necessary?

Answer 11

To protect assets (digital, but not always files)

Question 12

What is a another name for aspects of cyber security?

Answer 12

aspects of asset protection

Question 13

What is Confidentiality? (aspect 1)

Answer 13

protection of information so that unauthorized persons cannot access it

Question 14

What does Confidentiality imply?

Answer 14

That there are access control levels in the system and authentication.

Question 15

What is Integrity? (aspect 2)

Answer 15

Ensuring nothing is lost or deleted (neither accidentally or deliberately). Nothing should be changed against permissions or user wishes. e.g. having a message digest to check for file alteration

Question 16

What is Privacy?

Answer 16

Confidentiality but in relation to personal data/information. e.g. file encryption

Question 17

What is Availability? (aspect 3)

Answer 17

• Having the capacity and uptime to meet demands.
• It is ensuring resources are allocated fairly
• It is also fault tolerance and recovery from faults

e.g. recovering from DDOs
e.g. Protect against denial of service attacks

Question 18

What is denial of service attack?

Answer 18

cyber attacks designed to render a service inaccessible

Question 19

What is Authenticity? (aspect 4)

Answer 19

The property of being genuine and being able
to be verified and trusted; confidence in the
validity of a transmission, a message, or
message originator.

It validates the source or origin of data and
other file transfers through proof of identity
– This ensures that the message (email, payment
transaction, digital file, etc.) was not corrupted or
intercepted during transmission

Question 20

What is Accountability? (aspect 5)

Answer 20

• one of the key principles of good governance
• A responsible, responsive, and
  democratic security sector cannot be conceived
  without accountable personnel, institutions, and
  procedures.
• crucial element of building integrity (BI) initiatives
• pointed towards who is responsible for each cyber
  role in an organization

Question 21

What is Non-Repudiation?

Answer 21

• Assurance that the sender of information is
  provided with proof of delivery and the recipient is
  provided with proof of the sender’s identity, so
  neither can later deny having processed the
  information
• Non-repudiation provides evidence of data’s
  origin, authenticity, and integrity
• Possible with digital file tracking and users’
  action logging

Question 22

What is a threat designed to do?

Answer 22

Typically designed to attack or target a specific aspect of cybersecurity.

Question 23

When protecting an asset what do we have to consider?

Answer 23

We need to consider all possible threats and what aspect they will attack. There are different techniques for doing this.

Question 24

What are the 2 ways we can check security of a system

Answer 24

• attacker’s POV
• defender’s POV

Question 25

What is an attack surface?

Answer 25

All vulnerabilities collected together for a system.

Question 26

Different ways of protection lead to ?

Answer 26

Different vulnerabilities for a system.

Question 27

As a defender what do we want to do (in relation to attack surface)?

Answer 27

Reduce the attack surface as much as possible.

Question 28

What does protection have and what do we need to compare it to?

Answer 28

Protection has a cost (different protection methods have different costs) and assets have a value. We need to choose a protection method that doesn’t outweigh the value of the asset being protected.

Question 29

What is risk?

Answer 29

Risks involve the probability of something
happening, together with the effect of the attack
succeeding.

Question 30

Some technical solutions for protection?

Answer 30

• file encryption
• digital signatures (So that signatures can’t be forged)
• Secure message digests to provide document fingerprints
  without revealing the document content
  -secure protocols that ensure the user of message digests or digital signatures or other technical solutions

Question 31

What is the main vulnerability in any system?

Answer 31

PEOPLE

Users may not comply with security policies.
* Organizations may develop policies that users find very
difficult to use.
* Developers may not adhere to security guidelines when
building systems.
* Regulatory bodies may not provide appropriate policies and
rules and then may not enforce them.
* Need to consider socio-technical systems.
– Consider people as well as the technical aspects of any system.