Unit 3 Digitisation risk and Cybersecurity Risk Flashcards

1
Q

What is the difference between digitisation risk and cybersecurity risk?

A

Digitisation risk - risk of digitising business

Cybersecurity risk - protecting data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5 digital business models (Evans 2017)

A
Digitising products and services
	Amazon
Running or participating on industry platforms
	Selling on Amazon
Tapping into sharing economy
	Airbnb
Reshaping value networks
	Uber
New models of monetisation
	Facebook
	Zipcar
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

6 risks of digitising a business

A
Customer dissatisfaction
Web site design poor
Email correspondence - bad impression
Digital payment systems
Online anonymity - fraud
IT systems require renewal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

4 cyber threats

A

External malicious attacks
Process gaps
Unexpected user actions
Rogue insider activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

6 cyber security functions

A

Management
Chief Information Security Officer/Chief Cybersecurity
Officer
Cybersecurity Architect
Cyber Audit and Assessment
Audit Manager, Auditor Assessment Specialist
Event Monitoring and Alerts
Security & Events Manager, Security Incident
Responder, Cybersecurity and Network Intrusion
Analysts
Proactive Operations
Access administrators, Security Risk Consultants,,,
Environment Testing
Attack and Penetration Testers (Ethical Hackers),
Vulnerability Assessors
Specialists
Security controls designer, Cryptologist, Cryptoanalyst

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is cybersecurity?

A

The protection of digital devices and their communication channels to keep them stable, dependable and reasonably free from danger or threat usually by preventing unauthorised access.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a digital device?

A

Any electronic appliance that can create modify, archive, retrieve or transmit information eg desktop computers, smartphones, internet connected home devices.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is defence in depth?

A

The use of multiple layers of security techniques to reduce the chance of a successful attack so if one security technique is bypassed there are others to address the attack. Should consider people and operations factors not just technology.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is cryptanalysis?

A

Art of examining ciphered information to determine how to circumvent the technique that was used to encode or hide it.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the cloud?

A

Any technology service that uses software and equipment not physically managed or developed by the organisation using it eg applications hosted online SaaS (Software as a Service) IaaS (Infrastructure as a Service) PaaS (Platform as a Service).
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a vulnerability?

A

A weakness usually in the design, implementation or operation of software (including operating systems) that could be compromised and result in damage or harm.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a vector?

A

Another word for method eg there were multiple vectors of attack.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do we mean by bleeding edge?

A

Using inventions so new they have likelihood to cause damage to their population before they become stable or safe eg BYOD.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do we mean by BYOD?

A

Bring your own device network allowing employees to purchase any phone or tablet then use it for company related work.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a control?

A

A method of regulating a process or behaviour to achieve a desired outcome usually the reduction of risk eg a firewall.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is cyber insecurity?

A

Suffering from a concern that cyber security weaknesses are going to cause you personal or professional harm.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a hacker?

A

A person who engages in attempts to gain unauthorised access to one or more digital devices.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a cyber attack?

A

To take aggressive or hostile action by leveraging or targeting digital devices. The intended damage is not limited to the digital (electronic environment).
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is an exploit?

A

To take advantage of a security vulnerability.

Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a threat actor?

A

Umbrella term for people and organisations who work to create cyber attacks eg cyber criminals, hactivists, nation states.
Cybersecurity for beginners

21
Q

What is patch management?

A

Controlled process used to deploy critical interim updates to software. Patches are often released to remove flaws or gaps in a software’s security.
Cybersecurity for beginners

22
Q

What is malware?

A

Malicious software - disruptive, subversive or hostile programs that are inserted onto a digital device eg adware, ransomware.
Cybersecurity for beginners

23
Q

What is a botnet?

A

Shortened version of robotic network a connected set of programs designed to operate together over the internet to achieve specific purposes good and bad eg denial of service attacks.
Cybersecurity for beginners

24
Q

What is incident response?

A

Prepared set of responses to be triggered when an event could cause material damage to an organisation eg breach notification procedures.
Cybersecurity for beginners

25
Q

What is a breach notification procedure?

A

Some types of information when suspected they have been lost or stolen must be reported to the authorities within a certain period also the organisation may be required to notify those affected eg customers. Large companies have pre defined breach notification procedures to meet these obligations.
Cybersecurity for beginners

26
Q

What is a firewall?

A

Hardware (physical device) or software (computer program) used to monitor and protect inbound and outbound data. Usually deployed at a minimum at each network access point.
Cybersecurity for beginners

27
Q

What do we mean by Governance?

A

Methods used by an organisation executive to keep his or her organisation on track with management’s goals and within acceptable performance standards.
Cybersecurity for beginners

28
Q

What is the CISO Chef Information Security Officer?

A

A single point of accountability within any organisation for ensuring that an appropriate framework for managing dangers and threats to electronic and physical information assets is operating and effective.
Cybersecurity for beginners

29
Q

What is a policy?

A

A high level statement of intent that provides guidance that an organisation follows eg the basic security policy is to prevent unauthorised access to the enterprise’s information.
Cybersecurity for beginners

30
Q

What is a procedure?

A

Guidance on the process and methods that should be used to achieve a policy objective.
Cybersecurity for beginners

31
Q

What is risk?

A

A situation involving exposure to a significant impact of loss often quantified in terms of its potential impact and likelihood.
Cybersecurity for beginners

32
Q

What is a denial of service attack?

A

An attack designed to stop or disrupt usage of an organisations systems usually by targeting a specific device accessible by the internet.
Cybersecurity for beginners

33
Q

What is a Distributed denial of services attack DDoS

A

Denial of service attack from multiple source locations. eg a botnet?
Cybersecurity for beginners

34
Q

What is DLP (Data Loss Prevention)?

A

Technologies and strategies used to prevent data being taken out of an organisation without appropriate authorisation.
Cybersecurity for beginners

35
Q

What is privileged account management?

A

Systems, technologies and processes used to monitor and control the activities of privileged accounts.
Cybersecurity for beginners

36
Q

What is ethical hacking?

A

Process by which white hat penetration testing experts assist in finding security weaknesses and vulnerabilities.
Cybersecurity for beginners

37
Q

What is a red team?

A

Team of penetration testers working together to test for potential exploits affecting any critical or sensitive system.
Cybersecurity for beginners

38
Q

What is a penetration test?

A

Checks or scans any application or system to identify potential security vulnerabilities then identifies the extent to which those vulnerabilities could be exploited in an attack, Usually performed in a test area and emulate same techniques as an attacker.
Cybersecurity for beginners

39
Q

What is a penetration tester?

A

Person who performs simulated attempts at attack of a system on behalf of the organisation who controls it.
Cybersecurity for beginners

40
Q

What is a vulnerability assessment?

A

Identifies gaps in protection in computer. software application or a network but does not assess how they can be exploited?
Cybersecurity for beginners

41
Q

What is a backdoor?

A

A covert method of accessing software or device that bypasses normal authentication requirements.
Cybersecurity for beginners

42
Q

What is a BCP Business Continuity Plan?

A

Operational document that describes how an organisation can control its critical products and services to its customers should a substantial event that causes disruption to normal operations occur.
Cybersecurity for beginners

43
Q

What is a Technical Disaster Recovery Plan?

A

Operational document that describes process, people information and assets required to put a digital system back in place within a timeline defined by the business continuity plan.
Cybersecurity for beginners

44
Q

What is EGGE

A

Acronym for the desirable characteristics of a cybersecurity team.
Ethnically,Geographically, Gender and Educationally diverse.

45
Q

What is a zero-day attack?

A

One that is discovered too late to do anything about,
either because it is a new kind of attempt on the security defences of an organisation, or because it is an attack based on a new type of malware.

46
Q

What is a Digital Quotient?

A

A measure of your knowledge or familiarity with digital practices. It can be applied to test the digital know-how of the very young (six year-olds), who in 2018 are often ahead of adults.

47
Q

What does the Cybersecurity Architect do?

A

He or she proactively designs security into an IT system through a masterplan dealing with security components, such as firewalls, password- protected access points, malware monitoring and so on. As in mainstream architecture, a ‘masterplan’ provides for the future growth of an architect- designed collection of digital devices and components.

48
Q

What is a Faraday cage?

A

A Faraday cage is an environment impervious to an electro-magnetic pulse (EMP) which can destroy all data and digital devices with its range.

49
Q

What is an EMP

A

Electro-magnetic pulse (EMP) which can destroy all data and digital devices with its range. An EMP is one of the most extreme cyber threats, and can be released as part of a military attack by one country on the digital assets of another.