Unit 4 Digital Risk Management Approaches and Security Flashcards
Five steps in a cybersecurity framework
Identify your valuable assets Protect with appropriate security framework Detect any compromised account or device Respond quarantine the problem and identify counter measures Recover replace, restore, fix compromised assets
Four attributes of data which determine its value
Confidentiality
Integrity
Availability
Consent
Six cyber defence points
Data Devices Applications Systems Networks Other communication channels
Five levels of defence in depth
Perimeter Network Host Application Data
Seven human factors which may reduce cyber security
Inadequate cybersecurity subject knowledge
Poor capture and communication of risks
Culture and relationship issues
Under-investment in security training
Using trust instead of procedures
Absence of single point of accountability
Social engineering
Seven stages of cyber attack
Reconnaissance Tooling preparation Infection Persistence - Stuxnet Communication Control Realising value
Four types of cybersecurity control
Physical
Technical
Procedural
Legal (Regulatory and compliance)
Ten types of technical control
Anti malware/advanced endpoint protection solutions Firewalls Intrusion Prevention & Intrusion Detection Data Loss Prevention (DLP) Encryption/cryptography Proxy servers Identity and access controls Containerisation and virtualisation Penetration testing Vulnerability assessment
What is encryption?
The art of encoding messages so that if they are intercepted by an unauthorised party they cannot be read unless the encoding mechanism can be deciphered.
Cybersecurity for beginners
What is a control?
A method of regulating a process, technology or behaviour to reduce risk. Controls can be protective, detective or preventive,
Cybersecurity for beginners
What is information classification?
The assignment of one or more values to a collection of knowledge to understand how alike it is to another set of knowledge based on its confidentiality, integrity and availability .
Cybersecurity for beginners.
What do we mean by confidentiality when classifying information?
The assignment of a value to a set of information to indicate its level of secrecy and level of access permitted eg public use, internal use, confidential, strictly confidential, restricted.
Cybersecurity for beginners
What do we mean by integrity when classifying information?
The assignment of a value to a set of information to indicate how sensitive it is to degradaton of accuracy often expressed as a scale of time eg frequency of back up need for permanent secondary fallover system if no data loss permitted.
Cybersecurity for beginners
What do we mean by availability when classifying information?
The assignment of a value to a set of information to indicate how much disruption or outage the owner considers acceptable. Often scale of time. Data with best possibility must be readily accessible at all times often through the use of a redundant fail safe.
Cybersecurity for beginners
What do we mean by consent when classifying information?
Consent is often required from individuals who have to give their consent for how their data can be processed.
Cybersecurity for beginners
What is physical security?
Measures to deter, prevent, detect or alert unauthorised real world access to a site of material item eg a burglar alarm.
Cybersecurity for beginners
What are technical controls?
Use of an electronic or digital method to influence how a digital device can be used eg preventing it from being used to cut and paste.
Cybersecurity for beginners
What is a procedural control?
An instruction during a sequence of required steps to limit how something is or is not permitted to be used eg the procedure to be followed to ensure data is backed up.
Cybersecurity for beginners
What is a legal control?
Use of legislation to help promote and invest in positive security methods and also to deter, punish and correct infringements eg EU GDPR.
Cybersecurity for beginners
What is a preventive control?
A control we put in place to protect a device before the risk occurred eg a firewall.
Cybersecurity for beginners
What is a detective control?
To monitor and alert if something happens eg anti malware, Cybersecurity for beginners
What is a corrective control?
A control to rectify any gaps after the problem has been identified.
Cybersecurity for beginners
What is a control mode?
An umbrella term for preventive, detective and corrective methods of defence.
Cybersecurity for beginners
What is an APT Advanced Persistent Threat
Term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks via digital devices then leave malicious software in place for as long as possible.
Cybersecurity for beginners