Unit 4 - Basic Cybersecurity Concepts Flashcards
What is NIST?
US National Institute for Standards and Technology
What are the five cybersecurity components for ‘Security by Design’?
- Identify (your valuable assets)
- Protect (with appropriate security)
- Detect (any compromised account or device)
- Respond (quarantine the problem and identify countermeasures)
- Recover (replace, restore or otherwise fix compromised assets)
Which of the five cybersecurity framework stages supports security by design?
The proactive stages…
- Identify
- Protect
Which of the five cybersecurity framework stages deals with what to do after things have gone wrong (protection through detection)?
The Reactive stages…
- Detect
- Respond
- Recover
What is Cybersecurity in it’s simplest form?
Cybersecurity is intended to protect digital devices from being exploited or compromised
What question can you ask yourself when looking at the cybersecurity position of something?
Do I feel confident that we have sufficiently considered and addressed all of the possible methods that might be used to attack or compromise this digital device or digital landscape?
What information do you need to have to know whether all cybersecurity measures have been considered?
Need to consider:
1) all locations within digital landscape
2) all potential vectors of either point of failure or attack
3) inherent value that each digital location has
What do you need to have to Identify what to protect?
- Information Classification (to sort out which groups of info are the most valuable)
- Cyber Defense Points (determine where info is located and where it passes through)
When working out how to Protect our assets appropriate to the potential value and impact they could have, we consider…
- Control Types (Physical, Procedural, Technical and Legal)
- Control Modes (Preventive, Detective and Corrective)
How do we Identify what information we want to protect?
- Information Asset Register (list of the sets of data we need to evaluate and protect)
- Information Classification (evaluation of each info asset to help understand how it should be protected
What do we assign values to when undertaking Information Classification?
- Confidentiality
- Integrity
- Availability
- Consent
What is the difference between ‘Data’ and ‘Information’?
‘Data’ only refers to electronic information, whereas ‘Information’ also includes physical forms, such as paper records.
What are the six Cyber Defense Points?
1) Data - any info in electronic or digital format.
2) Devices - any hardware used to create, modify, process, store or transmit data. E.g. Computers, smartphones, USB drives.
3) Applications - any programs (software) that reside on any device.
4) Systems - groups of applications that operate together to serve a more complex purpose.
5) Networks - the group name for a collection of devices, wiring and applications used to connect, carry, broadcast, monitor or safeguard data.
6) Other Communication Channels - any other routes used to transmit or transfer any electronic data of value between devices.
Why is ‘Data’ itself considered to be a cyber defense point?
Because security controls can be applied directly to data. E.g. Encryption, so even if intercepted cannot immediately be accessible without further effort.
How do we go about determining the ‘What’, ‘Where’ and ‘How’ of what we need to defend?
What = Information Classification Where = Cyber Defense Points How = Security Control Types
What are the four major categories of security controls?
The Security Control Types are:
1) Physical
2) Technical
3) Procedural
4) Legal (also known as regulatory or compliance ctrls)
Why are physical controls important?
Almost all technical controls are ineffective if physical access can be gained to restricted equipment.
What are the three Control Modes?
1) Preventive controls - protect before event
2) Detective controls - monitor and alert if something occurs
3) Corrective controls - rectify gaps after problem identified
What should an environment with robust security include?
Routine ‘lifecycle’ repetitions that encompass both initial security measures and later re-evaluations and updates.
What does cybersecurity for the digital landscape require to be effective?
Cybersecurity for the digital landscape requires multiple layers, checks and balances to be effective.
What is required for ‘megabreaches’ to occur?
Three or more critical or major security controls that should be in place are either missing or inadequate.
How can you tell if cybersecurity is running badly?
The department relies on reactive measures and devotes a disproportionate amount of manpower to reactive approaches.