the basics of security Flashcards
As security is increased, what is decreased?
Convenience.
What is the goal of security?
Security is to be free from danger and the process that achieves such freedom.
What are the three types of information protection (often called the CIA triad)?
Confidentiality: Only approved individuals may access information.
Integrity: Ensures information is correct and unaltered.
Availability: Ensures information is accessible to authorized users.
What is a threat actor?
Is an individual or entity responsible for cyber incidents against the technology equipment of enterprises and users.
Financial crime is often divided into three categories based on what targets?
Individual users, enterprises, governments
What are the three types of hackers?
Black hat hackers, white hat hackers and gray hat hackers.
What are script kiddies?
Individuals who want to perform attacks, yet lack the technical knowledge to do so.
They often download freely available automated attack software and use it to attack.
What are hacktivists?
Individuals that are strongly motivated by an ideology (for the sake of their principles or beliefs).
The types of attacks they tend to do often involve breaking into a website and changing its contents as a means of a political statement.
Other attacks were retaliatory: hacktivists have disabled a bank’s website that didn’t allow online payments to be deposited into accounts belonging to groups supported by them.
What are state actors?
State-sponsored attackers employed by the government to launch cyberattacks against their foes.
Many believe them to be the deadliest of any attackers.
What is an Advanced persistent threat (APT)?
It is most commonly associated with state actors and it is multiyear intrusion campaigns targeting highly sensitive economic, proprietary, or national security information.
What are Insiders?
Employees, contractors and/or business partners that pose an inside threat of manipulating data from the position of a trusted employee.
These attacks can be more difficult to recognize as they come from within the enterprise.
Six out of 10 enterprises recorded being a victim of at least one enterprise in 2019.
The focus of the insiders was:
Intellectual property (IP) theft – 43%
Sabotage – 41%
Espionage – 32%
What is social engineering?
One of the most successful types of attacks, Social engineering is a means of eliciting information (gathering data) by relying on the weaknesses of individuals.
It does not even exploit technology vulnerabilities and a successful attack has serious ramifications.
What is a vulnerability?
The state of being exposed to the possibility of being attacked or harmed.
What are some platforms for serious vulnerabilities?
Legacy platforms, on-premises platforms, cloud platforms.
What do Third party vulnerabilities include?
- Almost all business use external entities (aka third parties).
- Examples include: outsourced code development, data storage facilities
Vendor management is the process organizations use to monitor and manage the interactions with all of their external third parties. - Connectivity between the organization and the third party is known as system integration
One of the major risks of third-party system integration involves the principle of the weakest link.