Lecture 1 - Introduction Flashcards

1
Q

What is the Milennium Bug?

A

An example of a classic cybersecurity issue is the millenium bug. These were coding errors that people assumed would happen at the turn of the millenium. Luckily, this didn’t turn out to be a problem. But did it turn out this way because organisations actually did something about it or was the risk overhyped?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What happened at Cambridge Analytica?

A

Cambridge Analytica is an organization that profiled and characterized individuals in order to show them specific ads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What happened with Strava?

A

Strava lets you track your running and riding with GPS. To show how much people used their software, the company uploaded a map with all the locations where Strava was used, accidentally exposing a secret US military base.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What happened at the OPCW?

A

The OPCW (Organisation for Prohibition of Chemical Weapons) was victim of a hacking attempt, involving on site infiltration. Russia was accused of this cyberattack on the chemical weapons watchdog.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happened at diginotar?

A

Diginotar is a company that gives out certificates for confirmed authentic websites, but because of lack of security they were hacked and were consequently not trusted anymore.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What happened at Maastricht University

A

Maastricht University was attacked with ransomware and was eventually forced to pay the ransom money.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Stuxnet?

A

Stuxnet is a worm created for the specific purpose of harming the systems of a nuclear power reactor in Iran. It spread to other systems, but as it was designed only to harm the reactor systems, it did no damage to others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What happened at Schiphol?

A

Schiphol airport had a bug in the fuelling system, so workers weren’t able to refuel the planes properly, resulting in extensive delays. (oopsie) Sometimes it is easier to say its a cyberattack instead of a bug, as to avoid admitting incompentency. However, sometimes it is easier to do it the other way around as well. Saying something was a bug instead of a cyberattack could result in less consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What happened to Dutch Banks?

A

Dutch banks were targeted by heavy some time. DDoS attacks and their websites were down for These attacks disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How to do Data-backup properly?

A

You can back up data according to the 3-2-1 method; 3 copies of your data, 2 are local and 1 is further away like in the form of external harddisks or external harddrives. Using this method will make sure that there is no single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why do we care about Cybersecurity?

A
  1. Protection of critical national infrastructure
  2. Privacy and sensitive data
  3. Financial reasons
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is cybersecurity illustrated in the three-layer onion model.

A

The inner core consists of three-layer model: technical solutions to make cyberspace safe.

The middle layer is socio-technical, as it is where the people come in. Meaning how the people work with the technical systems.

The outer layer is the governance layer, consisting of how society deals with cybersecurity issues on a political, legal and public administration level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the CIA-Triad?

A

Confidentiality The protected information is only available to authorised entities. Confidentiality can not only be breached through hacking, but also through accidental wrong attachments in an email or materials not removed or disposed of correctly.
Integrity It is certain that the data is true with no unauthorised undetected changes made to the data. Integrity is breached through: Deleting data Changing data Adding data
Data is available when needed and people who should have access, do have access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does CIA-Confidentiality entail?

A

a. The assignment of a value to a set of information to indicate the level of secrecy and the access restrictions required to prevent unauthorized people from viewing it. A typical example of a confidentiality scale is: (i) Public Use (ii) Internal Use (iii) Confidential (iv) Strictly Confidential and (v) Restricted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does CIA-Integrity
entail?

A

a. A value that can be assigned to a set of information to indicate how sensitive it is to degradation of accuracy (such as unauthorized modification) or data loss. Loss in this context is about losing information without the ability for anyone to recover it from the system it was entered into (it is not about theft). Often this value is expressed or translated into a scale of time. For example, data with the highest possible integrity rating could be given a value of ‘no data loss permitted.’ If it were permitted to lose up to 4 hours of data that had been processed, the value would be ‘4 hours.’ Usually, if any data loss is permitted, it means that there will be other processes in place to address the loss of the electronic information. The integrity value assigned to any system or application is used to set the frequency that the information is subject to backup, or in very sensitive systems with no data loss permitted, establishes the need for a permanent secondary failover system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does CIA-Availability entail?

A

a. The assignment of a value to a set of information to indicate how much disruption or outage the owner considers to be acceptable. Often this is expressed or translated into a scale of time. Data with the highest possible availability rating would be required to be readily accessible at all times (no downtime permitted), often through the use of a fully redundant failsafe. The value assigned to the information’s availability is used by the owner of an application or service to set the recovery time objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Cybersecurity?

A

Cybersecurity is the protection of digital devices and their communication channels to keep them stable, dependable and reasonably safe from danger or threat. Usually the required protection level must be sufficient to prevent or address unauthorized access or intervention before it can lead to substantial personal, professional, organizational, financial and/or political harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Digital Device?

A

A Digital Device is any electronic appliance that can create, modify, archive, retrieve or transmit information in an electronic format. Desktop computers, laptops, tablets, smartphones and Internet-connected home devices are all examples of digital devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Defense in Depth?

A

Defense in depth is the use of multiple layers of security techniques to help reduce the chance of a successful attack. The idea is that if one security technique fails or is bypassed, there are others that should address the attack. The latest (and correct) thinking on defense in depth is that security techniques must also consider people and operations (for example processes) factors and not just technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a Virus

A

Virus is a form of malicious software that spreads by infecting (attaching itself) to other files and usually seeks opportunities to continue that pattern. Viruses are now less common than other forms of malware. Viruses were the main type of malware in very early computing. For that reason, people often refer to something as a virus when it is technically another form of malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the Darwin Effect in Cyberspace

A

Darwin effect in cyberspace is that those who adapted to the advantages of connected technologies were (and are) gaining advantages and thriving. Those organizations that were (and are) not evolving to use connected technologies are mostly shrinking or perishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is Cryptoanalysis?

A

Cryptoanalysis is the art of examining ciphered information to determine how to circumvent the technique that was used to encode or hide it. In other words; analyzing ciphers (coded messages).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the Cloud?

A

The Cloud = An umbrella term used to identify any technology service that uses software and equipment not physically managed or owned by the person or organization (customer) using it. This usually provides the advantage of on-demand scalability at lower cost. Examples include applications that are hosted online, online file storage areas, and even remote virtual computers. Using a cloud means the equipment managing the service is run by the cloud provider and not by the customer. But although the customer does not own the service, he or she is still accountable for the information that he or she chooses to store and process through it. Usually a cloud service is identified by an ‘aaS’ suffix. For example – SaaS (Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a Vulnerability?

A

Vulnerability = a weakness, usually in design, implementation or operation of software (including operating systems), that could be compromised and result in damage or harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is an Attack Vector?

A

In the cybersecurity world, any potential vulnerability that might be leveraged is called an attack vector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the bleeding edge?

A

Bleeding edge is Using inventions so new, they have the likelihood to cause damage to their population before they become stable and safe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are Cyber Controls?

A

Controls = A method of regulating something, often a process, technology or behavior, to achieve a desired outcome, usually resulting in the reduction of risk. Depending on how it is designed and used, any single control may be referred to as preventive, detective or corrective.

28
Q

What is a Hacker?

A

Hacker a person who engages in attempts to gain unauthorized access to one or more digital devices. Can be black hat (unethical) or white hat (ethical) hacker, depending on the person’s intent.

29
Q

What is a Cyber Attack?

A

Cyber Attack to take aggressive or hostile action by leveraging or targeting digital devices. The intended damage is not limited to the digital (electronic) environment.

30
Q

What is a Threat Actor?

A

Threat Actors is an umbrella term to describe the collection of people and organizations that work to create cyber attacks. Examples of threat actors can include cyber criminals, hacktivists and nation states.

31
Q

What is an Exploit?

A

Exploit To take advantage of a security vulnerability. Well-known exploits are often given names. Falling victim to a known exploit with a name can be a sign of low security, such as poor patch management.

32
Q

What is a Patch Management

A

Patch management a controlled process used to deploy critical, interim updates to software on digital devices. The release of a software ‘patch’ is usually in response to a critical flaw or gap that has been identified. Any failure to apply new interim software updates promptly can leave open security vulnerabilities in place. As a consequence, promptly applying these updates (patch management) is considered a critical component of maintaining effective cybersecurity.

33
Q

What is Malware

A

Malware shortened version of malicious software. A term used to describe disruptive, subversive or hostile programs that can be inserted onto a digital device. People can intentionally or unintentionally make these types of programs harmful. Intentionally-harmful versions are usually disguised or embedded in a file that looks harmless so the attacker who uses them can intentionally compromise a device. Malware that someone does not intend to be harmful can still disrupt a device or leak information; however, the harmful qualities can result from unintentionally poor construction quality, bad design or insecure configuration. There are many types of malware; adware, botnets, computer viruses, ransomware, scareware, spyware, trojans and worms are all examples of intentional malware. Hackers often use malware to mount cybersecurity attacks.

34
Q

What is a Botnet?

A

Botnet shortened version of robotic network. A connected set of programs designed to operate together over a network (including the Internet) to achieve specific purposes. The purpose can be good or bad. Some programs of this type are used to help support Internet connections; malicious uses include taking over control of some or all of a computer’s functions to support large-scale service attacks (see denial of service). Botnets are sometimes referred to as a zombie army.

35
Q

What is a Breach Notification Procedure?

A

Some types of information, when suspected or known to be lost or stolen, must, by law, be reported to one or more authorities within a defined time period. Usually, this type of regulation applies to personal information. The required notification time period varies, but is often within 24 hours after the known or suspected breach takes place. In addition to reporting the known or suspected loss to the authorities, the lead organization responsible for the information (referred to as the data controller) is also required to swiftly notify anyone who is affected, and later on, must submit (to appropriate regulators) a full root cause analysis and information about how the organization responded and fixed any issues that were identified. To meet these legal obligations, larger companies usually have a pre defined breach notification procedure to ensure that the timelines are met.

36
Q

What is Cyber Incident Response

A

A prepared set of processes that should be triggered when any known or suspected event takes place that could cause material damage to an organization. The typical stages are (i) verify the event is real and identify the af ected areas, (ii) contain the problem (usually by isolating, disabling or disconnecting the af ected pieces), (iii) understand and eradicate the root cause, (iv) restore the affected components to their fixed state and (v) review how the process went to identify improvements that should be made. An incident response may also be required to trigger other response procedures, such as a breach notification procedure, if any information has been lost that is subject to a notification requirement. For example – the loss of any personal information beyond what might be found in a phone book entry is usually considered a notifiable event.

37
Q

What are the cybersecurity tasks?

A
  1. Management
    a. Chief Information Security Officer / Chief Cybersecurity Officer
    b. Cyber Risk Manager
    c. Cybersecurity Architect
  2. Cyber Audit & Assessment
    a. Audit Manager, Auditor, Assessment Specialist, …
  3. Event Monitoring and Alerts
    a. Security Incident & Events Manager
    b. Security Incident Responder
    c. Cybersecurity and Network Intrusion Analysts
  4. Proactive Operations
    a. Access Administrators
    b. Security Device Administrators (firewalls and more)
    c. Encryption / Cryptography Consultant
    d. Security Risk Consultants
    e. Cybersecurity Analysts
  5. Environment Testing
    a. Attack & Penetration Testers (Ethical Hackers)
    b. Vulnerability Assessors
  6. Specialists
    a. Security Controls Designer
    b. External Security Specialist
    c. Digital Forensics Specialist
    d. Cryptologist
    e. Cryptanalyst
    f. Anti-Malware / Anti-Virus Specialist
    g. Software Security Specialist
38
Q

What is Policy in cyberspace?

A

A high-level statement of intent, often a short document, that provides guidance on the principles an organization follows. For example, a basic security policy document could describe the intention for an enterprise to ensure that all locations (physical and electronic) where information for which they are accountable must remain secure from any unauthorized access. A policy does not usually describe the explicit mechanisms or specific instructions that would be used to achieve or enforce the intentions it expresses; this would be described in a procedure. (ii) Alternatively, it can also be used to mean the settings (including security settings) inside a software program or operating system

39
Q

What is a procedure in cyberspace?

A

Provides guidance or specific instruction on the process (method) that should be used to achieve an objective. Traditionally provided as a document available to appropriate personnel, but increasingly replaced by instructions that are built into computer systems to enforce the required steps. In a traditional quality model, procedures may reside under a policy as an explicit instruction for meeting a particular policy objective

40
Q

Where is a Cyber Risk Manager responsible for?

A

Responsible for collecting and monitoring the cumulative set of open security risks across the digital landscape for the CISO.

41
Q

What is Risk in cyberspace?

A

A situation involving exposure to significant impact or loss. In formal frameworks, risk can be quantified using probability (often expressed as a percentage) and impact (often expressed as a financial amount). Other parameters for risk can include proximity (how soon a potential risk may be encountered, and information about which assets, services, products and processes could be affected).

42
Q

What does a cybersecurity architect do?

A

Cybersecurity Architect is A cybersecurity architect’s role is to ensure that there is a clear understanding of the permitted methods for securely integrating and extending an organization’s digital ecosystems to interact with others. Essentially they are responsible for designing a strong overall cybersecurity plan.

43
Q

What is Cyber Audit & Assessment?

A

The cyber audit and assurance function exists to check samples of operations to verify whether or not they are being performed securely and correctly – and to identify any significant gaps and any corrective actions that need to be taken. Any immediate critical risk items must be escalated up to the cyber risk register (the master list of active risks) or directly to the CISO as appropriate

44
Q

What are the Cyber Defense Points?

A

Digital locations where we could add cybersecurity controls
1. Data – any information in electronic or digital format.
2. Devices – any hardware used to create, modify, process, store or transmit data. Computers, smartphones and USB drives are all examples of devices.
3. Applications – any programs (software) that reside on any device. Usually, programs exist to create, modify, process, store, inspect or transmit specific types of data.
4. Systems – groups of applications that operate together to serve a more complex purpose.
5. Networks – the group name for a collection of devices, wiring and applications used to connect, carry, broadcast, monitor or safeguard data. Networks can be physical (use material assets such as wiring) or virtual (use applications to create associations and connections between devices or applications.)
6. Other communication channels – any other routes used to transmit or transfer any electronic data of value between devices.

45
Q

What are the cybersecurity control types?

A
  1. Physical
  2. Technical
  3. Procedural
  4. Legal (also referred to as regulatory or compliance controls)
46
Q

What are the control modes?

A

Control Modes
To protect a digital device I can use:
1. Preventive controls To protect the device before an event happens.
2. Detective controls To monitor and alert me in the event something happens.
3. Corrective controls To rectify any gaps after the problem has been identified.

47
Q

What is APT?

A

Advanced Persistent Threats (APTs) = A term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices and to then leave malicious software in place for as long as possible. The cyber attack lifecycle usually involves the attacker performing research & reconnaissance, preparing the most effective attack tools, getting an initial foothold into the network or the target digital landscape, spreading the infection and adjusting the range of attack tools in place to then exploit the position to maximum advantage. The purpose can be to steal or corrupt an organization’s digital data or to extort money from the organization and/or disrupt its operations, for financial gain, brand damage or other political purposes. This form of sophisticated attack becomes harder and more costly to resolve the further into the lifecycle the attackers are and the longer they have managed to already leave the malicious software in place. A goal with this threat type is for the intruder to remain (persist) undetected for as long as possible in order to maximize the opportunities presented by the intrusion – for example, to steal data over a long period of time

48
Q

What is DLP?

A

Data Loss Prevention (DLP) = This term can describe both (i) the technologies and (ii) the strategies used to help stop information from being taken out of an organization without the appropriate authorization. Software technologies can use heuristics (patterns that fit within certain rules) to recognize, alert and/or block data extraction activities on digital devices. For example, a DLP technology may prohibit specific types of file attachments from being sent out via Internet mail services. These technologies can also prevent or monitor many other attempts at removing or copying data. There are workarounds that can be used by skilled hackers to evade detection by these solutions, including encryption and fragmentation. Although these solutions are becoming an essential line of defense, the most secure environments aim to prevent any significant set of data from being available for export in the first place. For this reason, Data Loss Prevention is often thought of as the last line of defense (a final safety net if all other security controls have not been successful).

49
Q

Why are human the weakest links?

A
  1. Inadequate cybersecurity knowledge
  2. Poor capture and communication of risks
  3. Culture and relationship issues
  4. Under-investment in security training
  5. Using trust instead of procedures
  6. Absence of a single point of accountability (Gedeelde verantwoordelijkheid = geen verantwoordelijkheid)
  7. Social Engineering
50
Q

What is the Attack Surface?

A

Attack Surface is The sum of the potential exposure area where an unauthorized user (the attacker) can try to enter data into or extract data from a digital landscape. This area usually includes perimeter network hardware such as firewalls and web servers hardware that hosts Internet-enabled applications. It can also include extended areas of the landscape such as external applications, supplier services and mobile devices that have permission to access information or services of value.

51
Q

What is Network Segmentation?

A

Splitting a single collection of devices, wiring and applications that connect, carry, broadcast, monitor or safeguard data into smaller sections. This allows for more discrete management of each section, allowing greater security to be applied in sections with the highest value, and also permitting smaller sections to be impacted in the event of a malware infection or other disruptive event.

52
Q

What are the steps in the killchain?

A
  1. Reconnaissance
  2. Tooling / preparation
  3. Infection
  4. Persistence
  5. Communication
  6. Control
  7. Realizing the value
53
Q

What is IDS, IDPS and IPS?

A

Intrusion Detection System (IDS) = Computer programs that monitor and inspect electronic communications that pass through them, with the purpose to detect, log (record) and raise alerts on any suspected malicious or otherwise unwanted streams of information. IDS are a variation of Intrusion Detection and Prevention Systems, as they have no ability to block the activity; they only monitor, inspect and alert.
Intrusion Detection and Prevention Systems (IDPS) = Computer programs that monitor and inspect electronic communications that pass through them, with the purpose and ability (i) to block and log (record) key information about any known malicious or otherwise unwanted streams of information and (ii) to log and raise alerts about any other traffic that is suspected (but not confirmed) to be of a similar nature. These are usually placed in the communication path to allow the IDPS to prevent unwanted information from entering or leaving a network by dropping or blocking packets. IDPS can also clean some electronic data to remove any unwanted or undesirable packet components
Intrusion Prevention Systems (IPS) = A slight variation in IPS, compared to IDPS, is that they may not collect any detection information and may only serve to block (prevent) unwanted traffic based on direct rules or instructions they receive

54
Q

What are the main challanges of IDPS?

A

Two key challenges for these systems are:
1. Determining what a malicious or unwanted communication looks like, achieved by:
a. Storing known attack communication patterns, which are known as signatures.
b. Statistical anomaly-based detection; the programs review statistics and look for any behavior that is unusual or anomalous.
c. Stateful protocol analysis detection; detecting significant variations in protocol format.
2. People want their communications to be transmitted and received quickly and without interruption.
a. If too many rules and restrictions are in place, electronic traffic (communications) can be lost or delayed

55
Q

What is DLP?

A

Data Loss Prevention DLP
Is a term that describes blocking specific types of information from leaving an electronic device if taken out of an organization without the appropriate authorization. There are dedicated types of hardware and software that can be used to facilitate this objective.

56
Q

What are the Categories of cyber attackers (Threat actors)

A
  1. Nation States
  2. Terrorist groups
  3. Organized criminal groups
  4. Hacktivists
  5. Skilled professional hackers
  6. Disaffected or opportunistic insiders
  7. Amateur hackers and journalists
  8. Anyone
57
Q

What is Stacked Risks?

A

Stacked Risk is the phenomenon of allowing seemingly separate potential issues with potential impact (risks) affecting the same digital landscape to accumulate. Without adequate identification and resolution, individual risks can form a toxic accumulation of issues that can be leveraged together to create a risk substantially greater than the individual components suggest. Megabreaches are usually the result of stacked risk in combination with a motivated attacker.

58
Q

What is a Secure Configuration?

A

Secure configuration are ensuring that when settings are applied to any item (device or software), appropriate steps are always taken to ensure (i) default accounts are removed or disabled, (ii) shared accounts are not used and (iii) all protective and defensive controls in the item use the strongest appropriate setting(s).

59
Q

What is SIEM?

A

Security Incident & Event Management (SIEM)

60
Q

What is a Security Event?

A

Security event = A term used to describe a minor disruption to the digital landscape that is thought to be unintentional. Examples include a single failed device or a single user forgetting his or her password. Unusual patterns of security events can be an indicator of a security incident.

61
Q

What is a Security Incident?

A

The intentional damage, theft and/or unauthorized access that has direct or indirect impact to any substantial part of an organization’s information, systems, devices, services or products.

62
Q

What is the Lifecycle of a security incident?

A
  1. Detection & reporting.
  2. Verification.
  3. Isolation (also known as quarantining).
  4. Cleaning (mitigation and restoration).
  5. Review (Analysis of patterns and process deficiencies).
63
Q

What is Individual Risk?

A

Managing individual risks effectively requires a consistent approach to the way in which each risk is captured and managed

64
Q

What are the key ingredients in all risk frameworks?

A
  1. Ownership: Ensure that each active risk has a clearly accountable owner.
  2. Lifecycle: Define and use consistent risk lifecycle to ascertain what state the risk is in.
  3. Risk information: Ensure that adequate information about the risk is captured, including its probability and impact.
65
Q

What is MDM?

A

Mobile Device Management (MDM) = A technology used to securely control the operation and use of mobile devices such as tablets and smartphones. Able (for example) to remotely wipe information from a mobile device and control which applications and functions are permitted to be installed or run

66
Q

What is a Honeypot?

A

Honeypot = An electronic device or collection of data that is designed to trap would-be attackers by detecting, deflecting or otherwise counteracting their efforts. Designed to look like a real part of an enterprise’s attack surface, the honeypot will contain nothing of real value to the attacker, but will contain tools to identify, isolate and trace any intrusion.