Unit 3 Digitisation risk and Cybersecurity Risk Flashcards
What is the difference between digitisation risk and cybersecurity risk?
Digitisation risk - risk of digitising business
Cybersecurity risk - protecting data
5 digital business models (Evans 2017)
Digitising products and services Amazon Running or participating on industry platforms Selling on Amazon Tapping into sharing economy Airbnb Reshaping value networks Uber New models of monetisation Facebook Zipcar
6 risks of digitising a business
Customer dissatisfaction Web site design poor Email correspondence - bad impression Digital payment systems Online anonymity - fraud IT systems require renewal
4 cyber threats
External malicious attacks
Process gaps
Unexpected user actions
Rogue insider activities
6 cyber security functions
Management
Chief Information Security Officer/Chief Cybersecurity
Officer
Cybersecurity Architect
Cyber Audit and Assessment
Audit Manager, Auditor Assessment Specialist
Event Monitoring and Alerts
Security & Events Manager, Security Incident
Responder, Cybersecurity and Network Intrusion
Analysts
Proactive Operations
Access administrators, Security Risk Consultants,,,
Environment Testing
Attack and Penetration Testers (Ethical Hackers),
Vulnerability Assessors
Specialists
Security controls designer, Cryptologist, Cryptoanalyst
What is cybersecurity?
The protection of digital devices and their communication channels to keep them stable, dependable and reasonably free from danger or threat usually by preventing unauthorised access.
Cybersecurity for beginners
What is a digital device?
Any electronic appliance that can create modify, archive, retrieve or transmit information eg desktop computers, smartphones, internet connected home devices.
Cybersecurity for beginners
What is defence in depth?
The use of multiple layers of security techniques to reduce the chance of a successful attack so if one security technique is bypassed there are others to address the attack. Should consider people and operations factors not just technology.
Cybersecurity for beginners
What is cryptanalysis?
Art of examining ciphered information to determine how to circumvent the technique that was used to encode or hide it.
Cybersecurity for beginners
What is the cloud?
Any technology service that uses software and equipment not physically managed or developed by the organisation using it eg applications hosted online SaaS (Software as a Service) IaaS (Infrastructure as a Service) PaaS (Platform as a Service).
Cybersecurity for beginners
What is a vulnerability?
A weakness usually in the design, implementation or operation of software (including operating systems) that could be compromised and result in damage or harm.
Cybersecurity for beginners
What is a vector?
Another word for method eg there were multiple vectors of attack.
Cybersecurity for beginners
What do we mean by bleeding edge?
Using inventions so new they have likelihood to cause damage to their population before they become stable or safe eg BYOD.
Cybersecurity for beginners
What do we mean by BYOD?
Bring your own device network allowing employees to purchase any phone or tablet then use it for company related work.
Cybersecurity for beginners
What is a control?
A method of regulating a process or behaviour to achieve a desired outcome usually the reduction of risk eg a firewall.
Cybersecurity for beginners
What is cyber insecurity?
Suffering from a concern that cyber security weaknesses are going to cause you personal or professional harm.
Cybersecurity for beginners
What is a hacker?
A person who engages in attempts to gain unauthorised access to one or more digital devices.
Cybersecurity for beginners
What is a cyber attack?
To take aggressive or hostile action by leveraging or targeting digital devices. The intended damage is not limited to the digital (electronic environment).
Cybersecurity for beginners
What is an exploit?
To take advantage of a security vulnerability.
Cybersecurity for beginners