Unit 5 Attacks, Defence and Risk Based Digital Risk Management Flashcards
Five defences in U.K. Cyber Essentials framework
Use a firewall Secure settings for devices and software Control access to data and services Protect from viruses and other malware Keep devices and software up to date
14 point framework for defence
- Executive support
- Reduce attack surface
- Security architecture
- Classify information assets
- Zone the attack surface
- Remove low value data
- Use next-gen anti-malware
- Strong user access controls
- Dual authentication
- Patch promptly
- Other technical counter measures
- Set security settings high
- Educate users
- Ensure security requirements included and tested
7 root causes of Sony 2014 data breach
Not prepared for breach of this magnitude
Gaps in the defence layers
Patches not up to date
Non existent record retention and destruction procedures for emails increased impact
Information classification processes not in place
Disaffected employee????
No single point of accountability
8 threat actors?
Nation states Terrorist groups Organised criminal groups Hactivist communities Skilled professional hackers Disaffected or opportunistic insiders Amateur hackers and journalists Anyone
2 ways to asses a threat actor?
Motivation and capability?
3 stages in risk management process,
Identify,
Evaluate and prioritise,
Manage
5 stages of typical cybersecurity approach?
Identify Protect Detect Respond Recover
4TS
Tolerate,
treat,
transfer,
terminate
3 key ingredients of cyber risk frameworks
Ownership Who is accountable? Lifecycle Identified, investigating, analyzing, treating, monitoring, closed Risk information Probability and impact
5 ways to treat a risk
Prevention Reduction Acceptance Contingency Transfer
Six step risk based approach to cybersecurity management
Identify highest-value information targets first
Identify the digital assets that information needs to flow through and onto
Verify the business case for how and where information is needed
Consider the threats to the organization and the probability of them occurring
Minimise the footprint of any sensitive data, based on a business case
Then efficiently add the appropriate security controls
What is phishing?
Using an electronic communication eg an email; to get information or install malware.
Cybersecurity for beginners
What is spear phishing?
Targeted phishing pretending to come from a trusted source.
Cybersecurity for beginners
What is polymorphic malware?
Malicious software that can change its attributes to help avoid detection. Mutation process can be automated so function of software continues but method of operation , location and other attributes change. Used in Sony data breach.
Cybersecurity for beginners
What is SSL?
Secure Sockets Layer method for providing encrypted communication between two points in a digital landscape.
Cybersecurity for beginners
What is drive by download?
The unintended receipt of malicious software onto a device through an internet page electronic service or link. Victim is usually unaware.
Cybersecurity for beginners
What do we mean by secure configuration?
Ensuring that when settings applied to any item (device or Software) appropriate steps are taken to ensure default accounts are removed or disabled, shared accounts are not used and all protective and defensive controls use the strongest appropriate setting.
Cybersecurity for beginners
What are default accounts?
Generic user and password permissions often with administrative access that is provided as standard for some software applications and hardware for use during initial set up.
Cybersecurity for beginners
What are access controls?
Rules and techniques used to manage and restrict entry to or exit from a physical, virtual or digital area through use of permissions eg passwords, fingerprints, eye scans, physical tokens.
Cybersecurity for beginners
What is patch management?
Controlled process used to deploy critical interim updates to software. Patches are often released to remove flaws or gaps in a software’s security.
Cybersecurity for beginners
What is two factor or multi factor authentication?
Means using more than one form of proof to confirm the identity of person requesting access. In digital banking this is standard practice for instance you may need to put in a password but also receive a call on your mobile and are then asked to input another code. Methods can include something you know eg a password, something you have eg an access card or something you are eg fingerprint or facial recognition . Two or dual factor authentication would require proof from at least two categories.
Cybersecurity for beginners
What is a honeypot?
An electronic device or a collection of data which is designed to trap attackers. They are designed to look like the rest of our network or attack surface but contain nothing of value but will contain tools to help us identify the attackers, isolate and trace any intrusion.
Cybersecurity for beginners
What is a honey network?
A cluster of honeypots that operate together to detect intrusions to network.
Cybersecurity for beginners
What is the dark web?
Web sites that hide their server locations which makes it difficult to determine which organisations are behind the sites but they are publicly accessible and enable criminal elements to exchange information across the web without being detected.
Cybersecurity for beginners
What is a stacked risk?
Separate risks which accumulate to cause risks on one digital landscape to accumulate so that the overall impact is much larger than the individual components suggest. Mega data breaches such as the Sony data breach usually result from stacked risks in combination with a motivated attacker.
Cybersecurity for beginners
What is MDM Mobile Device Management
Technology used to securely control operation of mobile devices eg able to wipe information from mobile device remotely or control what application can run.
Cybersecurity for beginners
What is a closed application?
Collection of applications, systems and devices that can only communicate with each other. No connection to any component outside trusted group is permitted.
Cybersecurity for beginners
What is a worm?
A form of malware that seeks to find other locations to which it can replicate . Protects the malware from removal and increase the area of the attack surface that is compromised.
Cybersecurity for beginners
What is a micromort?
A unit of risk – one in a million chance of death used to measure risk of daily activities.
Cybersecurity for beginners
What is hactivism?
An amalgamation of hacker and activism act of seeking unauthorised access to a device or network in order to promote a social or political agenda usually try to cause disruption and gain publicity.
Cybersecurity for beginners
What is a hactivist?
An amalgamation of hacker and activist an individual who participates in hactivism,
Cybersecurity for beginners
What is the threatscape?
Amalgamation of threat and landscape. An umbrella term to describe expected vectors/ methods and types of cyber attackers through or by which an organisation or individual may be attacked.
Cybersecurity for beginners
What is the internet of things?
The incorporation of the internet into everyday things to allow them to network (communicate) with other network capable devices eg smart tvs, smart ovens, security cameras.
Cybersecurity for beginners
What is materiality?
To have a level of significance or magnitude to be of concern.
Cybersecurity for beginners
What is a risk register?
A central repository that contains entries for each significant loss or damage exposure, Used to track risks until impact has been managed.
Cybersecurity for beginners
What is a risk assessment?
A systematic process for the detection of potential hazards or gaps in an existing or planned activity, asset, service, application, system or product.
Cybersecurity for beginners
What do we mean by risk based?
An approach that considers the financial impact of failure along with its probability and proximity, to determine its comparative significance and priority for treatment.
Cybersecurity for beginners