Parcial 1

Question 1

What is cybersecurity?

Answer 1

protection of networked system and data from unathorized use or harm

Question 2

what is offline identity

Answer 2

your identity that interacts on a regular basis at home, school or work

Question 3

what is online identity?

Answer 3

your identity while you are in cyberspace

Question 4

what does the online identity should have?

Answer 4

limited amount of information and username or alias

Question 5

what are the rules to have a safe online identity?

Answer 5

not include any personal information. be apropiate and respectful, and not attract unwanted attention

Question 6

What types of data do you have?

Answer 6

medical records, education records and employment and financial records

Question 7

how do the criminals get your moneu?

Answer 7

online credentials and creative schemes

Question 8

what does online credential means?

Answer 8

give thiefs access to your accounts

Question 9

what does creative schemes mean?

Answer 9

trick into wiring money to your friends or family

Question 10

why do the criminals want your identity

Answer 10

for long term profits, medical benefits, file a fake tax return, open credit card accounts and obtain loans

Question 11

what are the types of organizational data?

Answer 11

Traditional data and internet of the things and big data

Question 12

what data does traditional data has?

Answer 12

personell (application materials, payroll, offer), intellectual (patents, trademarks, trade secrets), and financial (income statements, balance sheets)

Question 13

what data does the internet of things and big data has?

Answer 13

IoT (large network of pyshical objects such as sensors) and big data (data from the IoT)

Question 14

what does confidentiality means

Answer 14

privacy

Question 15

what does integrity means

Answer 15

accuracy and thrustworthiness of the information

Question 16

what does availability means

Answer 16

information is accesible

Question 17

what are the types of attackers?

Answer 17

amateurs, hackers and organized hackers

Question 18

what does amateurs mean

Answer 18

script kiddies with little to no skill, and the use of existing tools or instructions found online for attacks

Question 19

what kind of hackers are?

Answer 19

white hats, grey hats and black hats

Question 20

what does white hats mean

Answer 20

people that break into a system with permission to discover weakness so that the security of these systems can be improved

Question 21

what does gray hats mean

Answer 21

people who compromise systems without permission

Question 22

what does black hats mean

Answer 22

people who take advantage of any vulnerability for illegal personal, financial or political gain

Question 23

what does organized hackers mean

Answer 23

organizations of cyber criminals, hacktivists, terrorits and state-sponsored hackers

Question 24

whats one example of internal security threats

Answer 24

an employee or contract partner

Question 25

why is an employee or contract partner an internal security threat

Answer 25

because they can mishandle confidentia data, threaten the operations of internal servers or network infraestructure devices, facilitate outisde attacks by connecting infected USB media into the corporate computer system, accidentally invite malware onto the network through malicious email or websites and can cause great damages because of direct access

Question 26

what does esternal seurity threats mean

Answer 26

exploit vulnerabilities in network or computing devices and the use of social engineering to gain access

Question 27

what is the cyberwarfare

Answer 27

conflict using the cyberspace

Question 28

what does the stucnet malware did?

Answer 28

designed to damage irans nuclear enrichment plan, using modular coding and stole digital certificates

Question 29

what is one example of an impact of security breach

Answer 29

vtech a toy maker for children that exposed sensitive information including customer names, etc hackers could create email accounts and apply for credits and commit crimes using the children’s information

Question 30

what is an example of cyberwarfare

Answer 30

stuxnet malware

Question 31

what is the purpose of the cyberwarfare

Answer 31

to gain advantage over adversaries, nations or competitos

Question 32

what does the cyberwarfare can do

Answer 32

sabotage the infraestructure of other nations, give the attackers the ability to blackmail governmental personnel, citizens may lose confidence in the government’s ability to protect them and can affect the citizen’s faith in their government without ever physically invading the targeted nations

Question 33

what is a security policy?

Answer 33

A directive that defines a specific behavior for one or more individuals within the corporation

Question 34

for what is designed a security policy?

Answer 34

to reduce a specific set of security risks to a level accpetable to manage

Question 35

what is the essential foundation of an effective information security program?

Answer 35

policy

Question 36

why is policy so important

Answer 36

because it sets the tone and emphasis on the importance of information security

Question 37

what are the objetives of a security policy

Answer 37

reduce risk, compliance with laws and regulations and assurance of operational continuity, information integrity and confidentiality

Question 38

what are the least expensive means of control and often the most difficult to implement

Answer 38

policies

Question 39

what are the basic rules for shaping a policy

Answer 39

should never conflict with the law, must be able to stand up in court if challenged and must be properly supported and administrated

Question 40

what are the types of information securoty policy

Answer 40

enterprise information security program policy, issue-specific information security policies and systems specific policies

Question 41

what is the basic security polity process

Answer 41

indetify what assets you need to protect, identify the threats to those assets, use frameworks and industry specific guidelines to select and implement controls to mitigate threats, monitor compliance and effectiveness of controls(metrics) and periodically review and update controls

Question 42

what type of controls are to mitigate threats in a bsaic security policy?

Answer 42

policies and procedures, technical controls and human controls

Question 43

a security policy is created through an analysis of what information?

Answer 43

pertinent legislation and regulations, agreements with other parties, higher level policies, detailed knowledge of the target IT system, anticipated threats, implementation and operational costs, and managment risk tolerance

Question 44

success is dependent on four interdependent components

Answer 44

strong upper level managment support, practival security policies and procedures, properly implemented controls and quantifiable performance metrics and analysis

Question 45

what are the common problems of policies

Answer 45

systems are already developed, personnel are already in place with various levels of training, some policy may exist, some proceudres may be in place, some controls are in place and some metrics may be used to measure compliance

Question 46

what should i do to build an effective security policy

Answer 46

organize your security policy development team, conduct a security self assessment, assess security risks, develop a risk mitigation strategy, measure your security controls, and formalize and write your security policy

Question 47

what should the security policy development team should do

Answer 47

obtain leadership and involment of senior managment, identify and recruit internal and external stakeholders and obtain ther input and support