LO3 Flashcards
What does it mean by mitigating a risk?
testing systems and networks for vulnerabilities
What does it mean by monitoring and controlling a system?
how assets can be monitored and controlled
What is vulnerability testing?
identification of a list of vulnerabilities that can be prioritised in order of severity
What is penetration testing?
where an attack is simulated; it is designed to achieve a specific goal
What is fuzzing?
inputting large amounts of data in an attempt to make the system crash
What is sandboxing?
test environment that isolates untested code changes to ensure that any issues are not transmitted to other areas of the system
What is an intrusion detection system (IDS)?
device or software used to monitor systems for malicious activity
What is a Network intrusion detection system (NIDS)?
monitors all inbound and outbound network activity to identify any suspicious patterns that indicate a cyber security attack
What are two examples of Host intrusion detection system (HIDS)?
firewall or anti virus software
what is a distributed intrusion detection system (DIDS)?
multiple ID’s over a large network that communicate with each
What is anomaly based testing?
monitors network and system activity and clarifies whether the activity as expected or not
what is signature based testing?
monitors specific patterns for network traffic or known instruction sequences used by malware. it must be kept up to data to be effective and require regular signature updates
what is a honeypot system
a computer system that acts as a decoy to detect, deflect and even counteract any unauthorised use of the system
What is IPS?
Intrusion Prevention System
proactive detection and prevention against unwanted intruders, for example a firewall.
what are the physical cyber security controls?
biometrics
swipe cards
alarms
what are the hardware cyber security controls?
safe
cable locks
engraving
Smartwater
what are the software cyber security controls?
firewall
anti-malware
operating system updates
patch managements
what are the two types of encryption?
asymmetric
symmetric
what is asymmetric encryption?
also known as public key cryptography. it uses two keys to encrypt plaintext. anything encrypted using a public key can only be decrypted using a private key. it tends to be used in day to day communication channels, especially over the internet.
what is symmetric encryption?
only uses one key shared among the people who need access to the data.
what is cryptography?
cryptography protects information and resources on open and closed networks.
what are the procedures?
access management
data backup
remote working
what is access management?
the process of granting authorised users access to a computer system, network and associated data, as well as preventing access by unauthorised users.
what is data backup?
the process of copying and/or archiving data including files and folders, so that they can be restored should the data be lost from a system.
