Module 1: The Cyber Security Framework

Question 1

What is Phreaking?

Answer 1

Phreaking began in the 1960s when it was discovered that certain whistles could replicate the 2600 Hz pitch used in phone signalling systems in the United States.

https://en.wikipedia.org/wiki/Phreaking

Question 2

What was the Morris Worm?

Answer 2

The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention.

https://en.wikipedia.org/wiki/Morris_worm

Question 3

What was the Estonia Cyber Attacks?

Answer 3

Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country’s disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.

https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia

Question 4

What was the 2011 Playstation Network attack?

Answer 4

The 2011 PlayStation Network outage (sometimes referred to as the PSN Hack) was the result of an “external intrusion” on Sony’s PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service.

https://en.wikipedia.org/wiki/2011_PlayStation_Network_outage

Question 5

What happed during the 2013 Adobe Cyber Security Attack?

Answer 5

On October 3, 2013, the company initially revealed that 2.9 million customers’ sensitive and personal data was stolen in a security breach which included encrypted credit card information. Adobe later admitted that 38 million active users have been affected and the attackers obtained access to their IDs and encrypted passwords, as well as to many inactive Adobe accounts. The company did not make it clear if all the personal information was encrypted, such as email addresses and physical addresses, though data privacy laws in 44 states require this information to be encrypted.

Question 6

What was the WannaCry Cyber Attack?

Answer 6

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

Question 7

What is the Row Hammer security exploit?

Answer 7

Row hammer (also written as rowhammer) is a computer security exploit that takes advantage of an unintended and undesirable side effect in dynamic random-access memory (DRAM) in which memory cells interact electrically between themselves by leaking their charges, possibly changing the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times

https://en.wikipedia.org/wiki/Row_hammer

Question 8

What is Log4J vulnerability?

Answer 8

A zero-day vulnerability involving remote code execution in Log4j 2, given the descriptor “Log4Shell” (CVE-2021-44228), was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021.[12] Affected services include Cloudflare, iCloud, Minecraft: Java Edition,[42] Steam, Tencent QQ, and Twitter

Question 9

What are the three important concepts regardign the current state of Cyber Security?

Answer 9

1. No system or network is secure. Hackers find a way!
2. The more technology evolves and we rely on it, the higher the stakesare when security is compromised.
3. It is important we adopt and approach new technologies with security in mind.

Question 10

What is the average cost of a data breach?

Answer 10

$4.2 Million

Up 10% from 2012

Question 11

How long on average does it take to identify and contain a cyber incident?

Answer 11

287 Days

Question 12

Which country has the costliest data breaches?

Answer 12

USA

Question 13

How many security breaches are caused by compromised credentials?

Answer 13

1 in 5

Question 14

What percentage of of organizations suffered data breaches in the last 2 years?

Answer 14

49%

Question 15

How many businesses suffered business disruption and lost confidential data due to a data breach?

Answer 15

44%

Question 16

What is the average mitigation cost of a ransomeware attack?

Answer 16

$1.85 Million

Question 17

Of what percentage of victims who paid, experienced another attack?

Answer 17

80%

Question 18

How much on average does an investigation cost?

Answer 18

$400 per hour per consultant

Question 19

What is the average cost of a Business Critical application being down due to a Cyber incident?

Answer 19

$200,000 per hour

2022 Splunk State of Security Report

Question 20

How much do Insurance premiums go up due to a Cyber Attack?

Answer 20

10 - 30%

Question 21

What are the three points of the CIA Triad?

Answer 21

• Confidentiality
• Integrety
• Availability

Question 22

What does the concept of Authorization mean in the terms of Confidentialiy?

Answer 22

Sufficient access level granted depending on the person

Question 23

What does the concept of Authentication mean in the terms of Confidentialiy?

Answer 23

Verifying the identity of the person to make sure they are who they say they are.

Question 24

What type of data is classed as Restricted?

Answer 24

IP or Proprietary Data

Question 25

What type of data is classed as Confidential?

Answer 25

Restricted data such as PII and financial