SYO 701 - Andrew

Question 1

Confidentiality

Answer 1

The measure taken to ensure that sensitive information is not disclosed to unauthorized individuals, entities, or processes.

Access Controls: use of Passwords, Bio-metric Verification, access cards.

Encryption: process of encoding information in such a way that only authorized parties can read it. Encryption Key is needed to decrypt and read information.

Secure Communications: Using Secure Protocols like SSL/ TLS for transmitting data to prevent interception by unauthorized entities.

Question 2

Integrity

Answer 2

Protecting data from unauthorized changes to ensure that it is reliable and correct. Refers to Trustworthiness and accuracy of data.

*Data Accuracy
*Data Consistency
*Data Trustworthiness

Methods used:
*Cryptographic Hash Functions
*Digital Signatures
*Access Controls

Question 3

Availability

Answer 3

Refers to ensuring that Data, Systems, and Services are accessible to authorized users when needed

The How:
*Fault Tolerance - building systems that can continue operating properly even if some of their components fail
*Backup Systems - regularly backing up data and systems to enable recovery in case of data loss or corruption

The goal is to prevent service disruptions due to system failures, infrastructure problems, or malicious attacks like DDoS

Question 4

DAD Triade

Answer 4

Opposite of the CIA:

1 - Disclosure - Refers to the unauthorized access and exposure of information
2 - Alteration - Loss of Integrity, where unauthorized changes are made to Data
3 - Denial - Direct attack to Availability. Involves attacks that will take data or systems offline resulting in no access

Question 5

Zero Trust

Answer 5

Centers on the belief that Organizations should not automatically trust anything inside or outside their perimeter and instead must verify anything and everything trying to connect to its systems before granting access.

*Strict Identity verification
*Least Privilege Access
*Multi-Factor Authentication (MFA)
*Monitor and Log all Traffic

Question 6

Authentication

Answer 6

Process of verifying the identity of a User, device, or other entity in a computer system. A prerequisite to granting access to resources in a system.

Question 6

Non Repudiation

Answer 6

Ensures that a party in a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

*can be implemented using digital signature
*digital signature binds a person to the digital data they send

Question 7

Authorization

Answer 7

Once a User is Authenticated, the Authorization process determines what that user is permitted to do by matching user or system credentials against an access control list.

Question 8

Accounting

Answer 8

(Also referred to as Auditing) is ensured by keeping a track of activities. Involves logging and monitoring of User actions.

How:
Activity Tracking - involves collecting data on user activities, such as Login times, duration of sessions, accessed resources, network services used, system changes made, and data transferred (stored in System Log).

Question 9

Accountability

Answer 9

Principle that ensures individuals or entities are held responsible for their actions within a system

Prerequisites:
Identification, Authentication, Authorization, Accounting > Accountability

Question 10

Control Categories - Technical

Answer 10

Technical Controls - (aka Logical Security Controls) are mechanisms implemented in hardware, software, or firmware that automate the process of preventing, detecting, and responding to security threats.

*Access Controls Mechanisms
*Firewalls
*IDS/ IPS
*Encryption
*Antivirus & Anti-malware Software
*Virtual Private Networks (VPN)

Question 11

Gap Analysis

Answer 11

An assessment that company’s use to compare their current security posture with a set of standards, best practices, or regulatory requirements to identify areas that need improvement.

Question 12

Control Categories - Managerial (Administrative)

Answer 12

Policies, Procedures, and guidelines that govern the behavior of people within an Organization and the operation of IT systems

*Security Policies/ Procedures
*Risk Management
*Incident Response and Recovery Plans
*Business Continuity and Disaster Recovery Planning

Question 13

Control Categories - Operational

Answer 13

Day to Day methods and procedures that are implemented by an organization to ensure and maintain the security of its information and assets.

Performed by People:
*Security Awareness training
*Physical Media Protection

Question 14

Control Categories - Physical

Answer 14

Measure taken to protect the actual Hardware and Facilities that house the systems, Networks, and Data.

*Lighting
*Signs
*Fences
*Security Guards
*Cameras

Question 15

Security Control Types

Answer 15

Preventative - attempts to stop a security incident from occurring. Firewalls, IPS, Encryption, ACLs

Detective - attempts to detect events that resulted in a security incident. IDS, SIEM, Video Surveillance, Motion Detection

Corrective - attempts to remediate an incident that has occurred. UPS, Restoring Backups, Incident Response procedures.

Deterrent - attempts to discourage a threat. Guard Dogs, Cameras, Barbed Wire

Directive - provides direction on how to systems. Policies / Procedures. Instructional “manuals”

Compensating - provides alternate controls when the Primary control may not be sufficient. Segregation of Duties.

Question 16

Defense in Depth

Answer 16

Layered Security. Information assurance concept where MULTIPLE LAYERS of security controls (defense mechanisms) are placed throughout an I.T. systems.

Data > Firewall > Procedures/ Policies > Physical Protection

Question 17

Threat Motivations

Answer 17

1 - Data Exfiltration: Stealing data from a Target, often for selling or leverage
2 - Espionage: Spying on entities to gather sensitive information, common with Nation States
3 - Service Disruption: Disabling or disturbing a service, often seen with hacktivists protesting against specific services or companies
4 - Blackmail: Threatening to release sensitive data unless a demand (usually monetary) is met.
5 - Financial gain: stealing data or directly siphoning money, a common motivation for organized crime
6 - Philosophical / Political beliefs: Acting based on personal or group beliefs, commonly seen with Hacktivist
7 - Ethical: Acting on perceived ethical obligations, sometimes seen with whistleblowers or “white hat” hackers identifying vulnerabilities
8 - Revenge: Targeting en entity out of vengeance for a perceived wrong
9 - Disruption/ Chaos: Motivated purely by the desire to create disorder, sometimes without specific political or financial goals
10 War: Cyber-operations that are a component of larger warfare, typically driven by Nation-States

Question 18

Threat Actors

Answer 18

Nation State
Unskilled attacker
Hacktivist
Insider Threat
Organized Crime
Shadow IT

Question 19

Attributes of Actors

Answer 19

Internal/ External: whether or not the threat actor originates from within or outside of the Organization

Resources/ Funding: The amount of money and resources available to the threat actor.

Level of Sophistication / Capability: The technical skill level of the threat actor. Nation states and organized crime have high sophistication

Question 20

Nation State

Answer 20

A country’s Government which can engage in or sponsor cyber activities. Well funded and sophisticated.

*espionage
*Cyber warfare
*political / economic/ military advantage

Question 21

Hacktivist

Answer 21

Someone who uses hacking techniques and digital tools to promote a political agenda, social change, or ideological beliefs.

Question 22

Shadow I.T.

Answer 22

Refers to information technology systems and solutions
built and used inside organizations without explicit
organizational approval.

Question 23

Vulnerabilities

Answer 23

A weakness or a “hole in our system” that can be exploited by a threat actor or Hacker to gain unauthorized access to or perform unauthorized actions on a computer system.

Question 24

Memory Injection

Answer 24

Inserting malicious code into a program’s memory.

Question 25

Race Conditions

Answer 25

Vulnerability that occurs when the timing of actions affects a systems state and outcome.

TOCTOU - Time of Check to Time of Use

*Code applications correctly
*Follow good secure Programming practices

Question 26

SQL Injections

Answer 26

SQL - Structured Query (ask questions) Language. Used to talk with Database.

Front End - User Interface (Web page)
Back End - Database holds all information (SQL).