Module 1 - Introduction to Security Flashcards
Introduction to Security
What is Security?
To be free from danger & the process that achieves that freedom
As security is increased, what happens to convenience?
Decreases
How is digital information secured?
1) Manipulated by a microprocessor
2) Preserved on a storage device
3) Transmitted over a network
What are the 3 types of information protecting, & what is the acronym?
CIA Triad:
1) Confidentiality
2) Integrity
3) Availability
Define Confidentiality
Only approved individuals may access information
Define Integrity
Ensures information is correct & unaltered
Define Availability
Ensures information is accessible to authorized users
What is a Threat Actor?
An individual or entity responsible for cyber incidents against the technology equipment of enterprises & users; aka “attacker” or “hacker”
What 3 categories is Financial Crime divided into based on targets?
1) Individual Users
2) Enterprises
3) Governments
What are the 3 types of hackers?
1) Black hat hackers
2) White hat hackers
3) Gray hat hackers
What are Black Hat Hackers?
Threat actors who violate computer security for personal gain or to inflict malicious damage (ex: corrupt a hard drive)
What do White Hat Hackers do?
Attempt to probe a system (with an organization’s permission) for weaknesses & then privately provide that information; aka “ethical hackers”
What are Gray Hat Hackers?
Attackers’ who attempt to break into a computer system without the organization’s permission (illegal) but not for their own advantage; instead, they publicly disclose the attack in order to shame the organization into taking action
What are the 5 distinct categories of hackers?
1) Script kiddies
2) Hacktivists
3) State actors
4) Insiders
5) Others (Competitors, Criminal Syndicates, Shadow IT, Brokers, Cyberterrorists)
What are Script Kiddies?
Individuals who want to perform attacks, yet lack technical knowledge to carry them out. They download freely available automated attack software & use it to attack
What are Hacktivists?
Individuals strongly motivated by ideology (for the sake of their principles or beliefs);
Often involved breaking into a website & changing its contents as means of a political statement
What are State Actors?
Launches cyberattacks on their foes (instead of an army walking in); directed towards businesses in foreign countries with the goal of causing financial harm or damage to the enterprise’s reputation;deadliest of any threat actors
Which type of threat actor is the deadliest?
State Actors
What is APT, what does it stand for, & who does it?
A class of attacks that use innovative attack tools to infect & silently extract data over an extended period of time;
Advanced Persistent Threat (APT)
Most commonly associated w/ state actors
What are Insiders?
Employers, contractors, & business partners can pose an insider threat of manipulating data from the position of a trusted employee; harder to recognize because they come from within the enterprise
What are the “Other” threat actors?
1) Competitors
2) Criminal Syndicates
3) Shadow IT
4) Brokers
5) Cyberterrorists
What are Competitors?
Launch attacks against an opponent’s system to steal classified information; may steal new product research or a list of current customers to gain a competitive advantage
What are Criminal Syndicates?
Move from traditional criminal activities to more rewarding and less risky online attacks
What are Shadow ITs?
Employees become frustrated with the slow pace of acquiring technology, so they purchase and install their own equipment or resources in violation of company policies;