Module 2 Flashcards

1
Q

What is risk?

A

Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance
or event occurs; and (ii) the likelihood of occurrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is residual risk?

A

Residual risk: portion of risk remaining after security measures have been applied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is NIST’s phases and descriptions?

A

NIST Cybersecurity Framework (CSF) phases and descriptions:
● Govern: Covers people, process, and technology elements. It includes roles,
responsibilities, policies, procedures, and oversight, in addition to the technology
● Identify: Asset management, business environment, governance, risk assessment,
risk management strategy
● Protect: Access control, awareness training, data security, information protection
processes and procedures, maintenance, protective technology
● Detect: Anomalies and events, security continuous monitoring, detection processes
● Respond: Response planning, communications, analysis, mitigation, improvements
● Recover: Recovery planning, improvements, communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does govern mean?

A

Govern: Covers people, process, and technology elements. It includes roles,
responsibilities, policies, procedures, and oversight, in addition to the technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does identify mean?

A

Identify: Asset management, business environment, governance, risk assessment,
risk management strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does protect mean?

A

Protect: Access control, awareness training, data security, information protection
processes and procedures, maintenance, protective technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does detect mean?

A

Detect: Anomalies and events, security continuous monitoring, detection processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does respond mean?

A

Respond: Response planning, communications, analysis, mitigation, improvements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does recover mean?

A

Recover: Recovery planning, improvements, communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is risk framing?

A

Risk framing: The set of assumptions, constraints, risk tolerances, and
priorities/trade-offs that shape an organization’s approach for managing risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does assessing risk mean?

A

Assessing risk: Identifying, prioritizing, and estimating the risks to corporate assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is responding to risk?

A

Responding to risk: Organization determines the appropriate approach to
addressing an identified risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is monitoring risk?

A

Monitoring risk: Monitoring the effectiveness of implemented risk controls and compliance-focused measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is RMF?

A

RMF: A structured approach used to oversee and manage risk for an enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an assest?

A

Asset: An item of value to stakeholders.

An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation).

The value of an asset is determined by stakeholders in consideration of loss concerns across
the entire system life cycle. Such concerns include but are not limited to business or
mission concerns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a threat?

A

Threat: Any circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is risk?

A

Risk: A measure of the extent to which an entity is threatened by a potential
circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

what is vulnerability?

A

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what does exploit mean?

A

Exploit: a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Rogue access point?

A

Rogue access point is an unauthorized access point connected to a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what is ransomware?

A

Ransomware disables the victim’s access to data until a ransom is paid. (e.g., Ryuk).

22
Q

What does fileless malware mean?

A

Fileless malware changes files native to the OS (e.g., Astaroth).

23
Q

What is spyware?

A

Spyware collects user activity data without the user’s knowledge (e.g., DarkHotel).

24
Q

what is adware?

A

Adware serves unwanted advertisements (e.g., Fireball types of malware and their
characteristics).

25
Q

What is a trojan?

A

Trojans disguise themselves as desirable code (e.g., Emotet).

26
Q

How does a worm work?

A

Worms spread through a network by replicating themselves (e.g., Stuxnet).

27
Q

What is a rootkit?

A

Rootkits give hackers remote control of a victim’s device (e.g., Zacinlo).

28
Q

What is a keylogger?

A

Keyloggers monitor a user’s keystrokes (e.g., Olympic Vision).

29
Q

what does bots mean?

A

Bots launch a broad flood of attacks (e.g., Echobot).

30
Q

What is mobile malware?

A

Mobile malware infects mobile devices (e.g., Triada).

31
Q

What is malware?

A

Malware is a broad term used to describe malicious software, including spyware,
ransomware, viruses, and worms. Malware breaches a network through a vulnerability,
typically when a user clicks a dangerous link or email attachment that installs risky software.

32
Q

Once inside a system, what does malware do?

A

Once inside the system, malware can do the following:
● Block access to key components of the network (ransomware).
● Install malware or additional harmful software.
● Covertly obtain information by transmitting data from the hard drive (spyware).
● Disrupt certain components and render the system inoperable.

33
Q

what is phishing?

A

Phishing involves sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.

34
Q

what is an On-Path attack?

A

On-Path attacks are also known as eavesdropping attacks, which occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.

35
Q

What are two common points of entry for On-Path attacks?

A

The following are two common points of entry for On-Path attacks:
1. Attackers can insert themselves between a visitor’s device and the network on
unsecured public Wi-Fi. Without knowing, the visitor passes all information through
the attacker.
2. Once the malware has breached a device, an attacker can install software to process
all of the victim’s information.

36
Q

What are the 5 components of Risk Treatment? Describe…

A

Risk Treatment:
Accept: Risk is accepted, and no measures are implemented to reduce its probability or
impact.

Avoid: Choose operations that do not lend themselves to a particular risk (e.g., relocating a factory from a region prone to a particular natural disaster to one that is not prone to that disaster).

Mitigate: Implement controls to reduce the probability and impact of the threat/risk
materializing.

Share: Engage others in the operations, so multiple parties assume the risk.

Transfer: Through the purchase of insurance, an organization can transfer risk to another party.

37
Q

What is a computer security incident?

A

Computer security incident is a violation or imminent threat of violation of computer
security policies, acceptable use policies, or standard security practices.

38
Q

What is an event?

A

An event is any observable occurrence in a system or network.

Events include a user connecting to a file share, a server receiving a request for a webpage, a user sending email, or a firewall blocking a connection attempt.

Adverse events have negative consequences, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data.

39
Q

what does a central incident response team handle?

A

Central incident response team handles incidents throughout the organization.

40
Q

What is a distributed incident response team do?

A

Distributed incident response team may be one of several teams within an organization
with responsibility for a particular logical or physical segment of the organization.

41
Q

What does a coordinating team do?

A

Coordinating team is an incident response team that provides advice to other teams
without having authority over those teams.

42
Q

What are the phases of incident response/
?

A

The Phases of Incident Response:
Preparation, Detection and analysis, containment and eradication, post incident activity

● Preparation: By establishing its incident response capability, an organization is ready
to respond to incidents and prevent incidents by ensuring that systems, networks, and applications are sufficiently secure. Although the incident response team is not typically responsible for incident prevention, it is fundamental to the success of incident response programs.

● Detection and analysis: Organizations need to be focused on being prepared to
handle incidents that use common attack vectors. Different types of incidents merit
different response strategies; knowing and preparing for common attack vectors is
very important to success.

● Containment and eradication: With a focus on minimizing the impact of an
incident, containment and eradication strategies provide time for developing a tailored remediation plan. An essential part of containment is decision-making (e.g., shutting down a system, disconnecting it from a network, disabling certain functions).

● Post Incident activity: Learning and improving from an incident improves an
organization’s preparedness for the next attack. Documenting lessons learned and
plans for future action and response plan updates are important post incident
activities.

43
Q

What are the services a Incident Response Team performs?

A

Intrusion detection: The first tier of an incident response team often assumes
responsibility for intrusion detection. The team generally benefits because it should be poised to analyze incidents more quickly and accurately, based on its knowledge of
intrusion detection technologies.

● Advisory distribution: A team may issue advisories regarding new vulnerabilities
and threats within the organization. Automated methods should be used whenever appropriate to disseminate information; for example, the National Vulnerability Database (NVD) provides information via XML and RSS feeds when new vulnerabilities are added. Advisories are often necessary when new threats emerge, such as a high-profile social or political event (e.g., a celebrity wedding) that attackers are likely to leverage in their social engineering. Only one group within the organization should distribute computer security advisories to avoid duplicated effort and conflicting information.

● Education and awareness: Education and awareness are resource multipliers—the
more the users and technical staff know about detecting, reporting, and responding to incidents, the less drain there should be on the incident response team. This
information can be communicated through many means: workshops, websites,
newsletters, posters, and even stickers on monitors and laptops.

● Information sharing: Incident response teams often participate in information
sharing groups, such as information sharing and analysis centers (ISACs) or regional
partnerships. Accordingly, incident response teams often manage the organization’s
incident information-sharing efforts, such as aggregating information related to
incidents, sharing that information with other organizations, and ensuring that
pertinent information is shared within the enterprise.

44
Q

What is Artificial Intelligence?

A

Artificial Intelligence: the simulation of human intelligence in machines that are
programmed to think and perform tasks like problem-solving, learning, reasoning, and
decision-making. It involves creating computer systems that can mimic and replicate human cognitive abilities, enabling them to perform tasks that typically require human intelligence.

45
Q

What is AI Narrow Intelligence?

A

AI Narrow Intelligence: also known as Weak AI, refers to artificial intelligence systems that are designed and programmed to perform specific tasks or solve particular problems with a high level of proficiency.

However, these systems lack general intelligence and are limited in
scope, focusing solely on the predefined task they were designed for. Narrow AI is adept at performing single tasks but cannot adapt or transfer its knowledge to other unrelated tasks.

46
Q

What is AI General Intelligence?

A

AI General Intelligence: also known as Strong AI, refers to a hypothetical form of artificial intelligence that possesses the ability to understand, learn, and reason across a wide range of tasks and domains, similar to human intelligence.

Unlike Narrow AI, which is specialized in
specific tasks, General AI would have the capacity to apply its intelligence to various new and diverse challenges, exhibiting versatility and adaptability much like a human being. However, as of now, General AI remains a theoretical concept and has not been fully realized in
practice.

47
Q

What is AI Super Intelligence?

A

AI Super Intelligence: Super Artificial Intelligence could be seen as a hypothetical state where AI systems possess cognitive capabilities far beyond human abilities and can excel in virtually every intellectual task. This level of AI development remains speculative and is often a topic of discussion in science fiction and futurism.

48
Q

What is Machine Learning (ML)?

A

Machine Learning (ML): Machine Learning is like teaching computers to learn from
experience. It’s a way for computers to use information (or data) they have to make decisions or predictions.

49
Q

What is Robotics?

A

Robotics: Robotics is about making and using robots, which are machines that can move and do tasks without human help.

50
Q

What is computer vision?

A

Computer Vision: Computer Vision is when computers can see and understand pictures
and videos like humans do.

51
Q
A

Generative AI: refers to a category of artificial intelligence techniques and models designed
to generate new and original content, such as images, text, audio, or videos, based on
patterns and data it has learned from existing examples. Unlike traditional AI systems that
are designed for specific tasks, Generative AI is focused on creativity and generating novel
outputs.: refers to a category of artificial intelligence techniques and models designed to generate new and original content, such as images, text, audio, or videos, based on patterns and data it has learned from existing examples. Unlike traditional AI systems that are designed for specific tasks, Generative AI is focused on creativity and generating novel outputs.