Unit 4 Digital Risk Management Approaches and Security Flashcards

1
Q

Five steps in a cybersecurity framework

A
Identify
	your valuable assets
Protect
	with appropriate security framework
Detect
	any compromised account or device
Respond
	quarantine the problem and identify counter   
        measures
Recover
	replace, restore, fix compromised assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Four attributes of data which determine its value

A

Confidentiality
Integrity
Availability
Consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Six cyber defence points

A
Data
Devices
Applications
Systems
Networks
Other communication channels
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Five levels of defence in depth

A
Perimeter
Network
Host
Application
Data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Seven human factors which may reduce cyber security

A

Inadequate cybersecurity subject knowledge
Poor capture and communication of risks
Culture and relationship issues
Under-investment in security training
Using trust instead of procedures
Absence of single point of accountability
Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Seven stages of cyber attack

A
Reconnaissance
Tooling preparation
Infection
Persistence - Stuxnet
Communication
Control
Realising value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Four types of cybersecurity control

A

Physical
Technical
Procedural
Legal (Regulatory and compliance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Ten types of technical control

A
Anti malware/advanced endpoint protection solutions
Firewalls
Intrusion Prevention & Intrusion Detection
Data Loss Prevention (DLP)
Encryption/cryptography
Proxy servers
Identity and access controls
Containerisation and virtualisation
Penetration testing
Vulnerability assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is encryption?

A

The art of encoding messages so that if they are intercepted by an unauthorised party they cannot be read unless the encoding mechanism can be deciphered.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a control?

A

A method of regulating a process, technology or behaviour to reduce risk. Controls can be protective, detective or preventive,
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is information classification?

A

The assignment of one or more values to a collection of knowledge to understand how alike it is to another set of knowledge based on its confidentiality, integrity and availability .
Cybersecurity for beginners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do we mean by confidentiality when classifying information?

A

The assignment of a value to a set of information to indicate its level of secrecy and level of access permitted eg public use, internal use, confidential, strictly confidential, restricted.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do we mean by integrity when classifying information?

A

The assignment of a value to a set of information to indicate how sensitive it is to degradaton of accuracy often expressed as a scale of time eg frequency of back up need for permanent secondary fallover system if no data loss permitted.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do we mean by availability when classifying information?

A

The assignment of a value to a set of information to indicate how much disruption or outage the owner considers acceptable. Often scale of time. Data with best possibility must be readily accessible at all times often through the use of a redundant fail safe.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do we mean by consent when classifying information?

A

Consent is often required from individuals who have to give their consent for how their data can be processed.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is physical security?

A

Measures to deter, prevent, detect or alert unauthorised real world access to a site of material item eg a burglar alarm.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are technical controls?

A

Use of an electronic or digital method to influence how a digital device can be used eg preventing it from being used to cut and paste.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a procedural control?

A

An instruction during a sequence of required steps to limit how something is or is not permitted to be used eg the procedure to be followed to ensure data is backed up.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a legal control?

A

Use of legislation to help promote and invest in positive security methods and also to deter, punish and correct infringements eg EU GDPR.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a preventive control?

A

A control we put in place to protect a device before the risk occurred eg a firewall.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a detective control?

A

To monitor and alert if something happens eg anti malware, Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a corrective control?

A

A control to rectify any gaps after the problem has been identified.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a control mode?

A

An umbrella term for preventive, detective and corrective methods of defence.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is an APT Advanced Persistent Threat

A

Term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks via digital devices then leave malicious software in place for as long as possible.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is Single point of accountability SPA or SPOA

A

The principle that all critical assets, processes and actions must have clear ownership and traceability to a single person. Shared ownership is regarded as a significant security gap due to the consistent demonstration that security flaws have an increased probability of persisting where more than one person is accountable eg Sony.
Cybersecurity for beginners

26
Q

What is social engineering?

A

Art of manipulating people through personal interaction to gain unauthorised access to something.
Cybersecurity for beginners

27
Q

What is the attack surface?

A

The sum of the different points where an unauthorised use (the attacker) can try to enter data into or extract data from an environment.
Cybersecurity for beginners

28
Q

What is network segmentation?

A

Splitting a single collection of devices wiring and applications or data into smaller sections to allow more discrete management of different sections and reducing the impact of a disruptive event.
Cybersecurity for beginners

29
Q

What is an infection?

A

An unnwanted invasion by an outside agent that an attacker uses to create damage or disruption,
Cybersecurity for beginners

30
Q

What is persistence?

A

To seek continued existence despite opposition.

Cybersecurity for beginners

31
Q

What is the master boot record?

A

The first sector of any electronic device which defines which operating system should be loaded when it is initialised or restarted.
Cybersecurity for beginners

32
Q

What is an exploit?

A

To take advantage of a security vulnerability.

Cybersecurity for beginners

33
Q

What is a buffer overflow?

A

Exceeding the region of electronic memory used to temporarily store data when it is being moved between locations. Process used by some malware to exploit an electronic target.
Cybersecurity for beginners

34
Q

What is shell access?

A

Command level permission to perform electronic control over an electronic device.
Cybersecurity for beginners

35
Q

What is a bot herder?

A

Hacker who uses automated techniques to seek vulnerable networks and systems in order to install bot programs.
Cybersecurity for beginners

36
Q

What is a bot?

A

Computer program designed to perform specific tasks usually simple, small and repetitive. When the purpose of program conflicts with an organisation’s goals bots are forms of malware. Short for robot.
Cybersecurity for beginners

37
Q

What is ransomware?

A

A form of malicious software that either encrypts our information ie renders it unreadable/unusable or prevents us using a device or application until a sum of money is paid to the attacker. The WannaCry ransomware attack in 2016 is perhaps the most famous and widespread.
Cybersecurity for beginners

38
Q

What do we mean by host based?

A

Something that is installed immediately on the device it is protecting, servicing or subverting.
Cybersecurity for beginners

39
Q

What do we mean by network based?

A

Something that is installed to protect, serve or subvert a community of devices and application i.e. a network.
Cybersecurity for beginners

40
Q

What is an endpoint?

A

Any electronic device that can be used to store or process information eg laptops, smartphones, smart watches.
Cybersecurity for beginners

41
Q

What is anti-malware?

A

Computer program designed to look for specific files and behaviours that indicate the presence or attempted installation of malicious software eg a virus. If or when detected seeks to isolate the attack ie quarantine or block or remove the malware and can also alert appropriate people.
Cybersecurity for beginners

42
Q

What do we can by signature?

A

Unique attributes eg file size, file extension, data usage patterns that define a specific computer program. Anti malware use this information to identify and manage malware and other rogue communications.
Cybersecurity for beginners

43
Q

What is a firewall?

A

Hardware (physical device) or software (computer program) used to monitor and protect inbound and outbound data. Usually deployed at a minimum at each network access point.
Cybersecurity for beginners

44
Q

What is a firewall policy?

A

Rules applied to the operation of a firewall.

Cybersecurity for beginners

45
Q

What do we mean by unified threat management?

A

A security device that integrates a large number of security technologies and services e.g. a single gateway device that includes proxy firewall, intrusion prevention, gateway, anti malware and VPN functions.
Cybersecurity for beginners

46
Q

What is a protocol?

A

A set of established rules to send information between different locations.
Cybersecurity for beginners

47
Q

What is an internet protocol?

A

Set of rules used to send or receive information from or to a location on a network including information about the source, destination and route. Each electronic location (host) has a unique address (the IP address) that is used to define the source and destination.
Cybersecurity for beginners

48
Q

What is a port number?

A

Used as part of an electronic communication to denote the method of communication being used. This allows the packet to be directed to a program that will know what to do with it.
Cybersecurity for beginners

49
Q

What is a packet?

A

A bundle of electronic information grouped together for transmission . Bundle usually includes control information to indicate destination, source and type of content and the content (user information) itself.
Cybersecurity for beginners

50
Q

What is packet filtering?

A

Passing or blocking bundling of electronic information based on rules.
Cybersecurity for beginners

51
Q

What is spoofing?

A

Concealing the true source of electronic information by impersonation or other means. Often used to bypass internet security filters by pretending the source is from a trusted location.
Cybersecurity for beginners

52
Q

What is an Intrusion Detection System (IDS)?

A

Computer programs that monitor and inspect electronic communications log (record) them that pass through them to detect and raise alerts of any suspicious malicious or unwanted information.
Cybersecurity for beginners

53
Q

What is an Intrusion Detection and Prevention Systems (IDPS)?

A

Computer programs that inspect electronic communications that pass through them that can block and log unwanted streams of information.
Cybersecurity for beginners

54
Q

What is DLP Data Loss Prevention?

A

Blocking specific types of information from leaving an electronic device.
Cybersecurity for beginners

55
Q

What is a proxy server?

A

Program used to provide intermediate services between a requested transaction and its destination often adjusts some of the information in a transaction in order to help secure the anonymity of the sender. It may also store information that is accessed often to speed up response times.
Cybersecurity for beginners

56
Q

What are identity and access controls?

A

Method used to regulate how each person access data by confirming they are who they claim to be (authentication ) and their permissions are monitored.
Cybersecurity for beginners

57
Q

What is a Pen test (Penetration test)

A

Checks or scans any application or system to identify potential security vulnerabilities then identifies the extent to which those vulnerabilities could be exploited in an attack, Usually performed in a test area and emulate same techniques as an attacker.
Cybersecurity for beginners

58
Q

What is a vulnerability assessment?

A

Assessment/test that Identifies gaps in protection in computer. software application or network but not how they can be exploited.
Cybersecurity for beginners

59
Q

What is a vulnerability?

A

A weakness usually in the design, implementation or operation of software (including operating systems) that could be compromised and result in damage or harm.
Cybersecurity for beginners

60
Q

What is port scanning?

A

A process usually run by a computer to detect open access points (ports) that could be used to infiltrate or exfiltrate electronic information into or out of an enterprise.
Cybersecurity for beginners

61
Q

What do we mean by exfiltrate?

A

To move something with a degree of secrecy to be not noticed, Used to describe moving stolen data through detection systems.
Cybersecurity for beginners

62
Q

What do we mean by decapitation?

A

Preventing any compromised device from being able to communicate, receive instruction, send information or spread malware to other devices often stopping it working. A stage of threat removal.