SB Flashcards
What is a model for persuasion and explain what it is
Elaboration Likelihood Model:
there are two routes to persuasion:
- Central = presenting a series of statements that, if accepted, convinces
- Peripheral = how the cues are said e.g. adapting according to who you’re talking to
**These strategies can be complimentary and work together too
Principles of persuasion with their meanings and who came up with this
Cialdini put forward ‘The psychology of persuasion’
1) Reciprocity = creating a feeling of indebtedness through gifts (convince to make someone do something for you by giving them something, not always something they want) or concessions (salesman comes up with obscene price but makes you feel as though you have to accept after lowering to actual price)
2) Consistency and commitment = ask someone to agree to prevent a crime or get someone to agree on a small inconvenience before a larger one
3) Social proof = create impression that other people agree with or approve of something
4) Liking = advertise a pretty or relatable person doing something (we tend to trust them)
5) Authority = we do what people (who seem to be) in charge (seem to) tell us to do
6) Scarcity = opportunities are seen as more valuable when their availability is limited
What is a pretext?
The identity used in the approach, and their supposed reason for making the request
Pretext guide
1) Research = know organisational structure, individual’s interests and personality
2) Seem the part = dress for the part, sound professional or how you should
3) Use the truth = use parts of your real experience
4) Keep it simple = don’t over-plan your identity
5) Appear spontaneous = don’t be obviously working from a script, respond like your assumed identity would
What is HUMINT
Human intelligence, what a person can tell you from direct experience of your target
What is SIGINT
Signals intelligence, what a wiretap can tell you from observing your target’s communications
What is OSINT
Open-source intelligence, what normal public sources of information can tell you about your target
What is a killchain?
Model that describes the steps an attacker takes to perform an attack
Cyber-killchain steps
1) Reconnaissance - attacker identifies possible targets e.g. scanning network for vulnerabilities
2) Weaponisation - attacker creates attack payload, typically software but can be a false profile
3) Delivery - attacker transmits payload to victim e.g. advert on server, email with attachment
4) Exploitation - payload exploits target’s vulnerability e.g. gaining access
5) Installation - access through long term back door
6) Command and control - attacker connects target machine to wider infrastructure/establishing communication channel to be used discretely to control machine
7) Actions on objects - attacker benefits from attack
What are countermeasures for the killchain?
Detect - identify attack is happening
Deny - make it impossible for attack to proceed
Disrupt - make it difficult for attack to succeed
Degrade - slow down attack
Deceive - mislead or misdirect attacker
Limitations of killchain
Says little about what came before the attack (how or why attack happens) and what we can do after (recovery)
Structure of attack tree
Root node is goal of attacker
Child nodes are means by which the parent node would be achieved
Lead node is necessary requirement for attaining final result
OR or AND relationships between child nodes
Rules for labelling tree node
If node is an OR node, it is labelled possible if any of its children are possible otherwise impossible and vice verca for AND node
M in MAPE-K
Monitoring through a combination of technical controls
