Webinar Key Points Flashcards
What are the key steps in cybersecurity frameworks?
1) Identify - your valuable assets
2) Protect - with appropriate security framework
3) Detect - any compromised account or device
4) Respond - quarantine the problem and identify counter measures
5) Recover - replace, restore, fix compromised assets
What are the different layers that APTs must to through to get to the data?
1) Perimeter
2) Network
3) Host
4) Application
5) Data
What are the 5 essential cyber defenses?
1) Firewalls
2) Configuration - secure settings for devices and software
3) Access permissions - control access to data and services
4) Nextgen Anti-malware - protect from malware
5) Patching - keeping devices and software up-to-date
What is the 14 point framework for defence?
1) Exec support
2) Reduce attack surface
3) Security architecture
4) Classify information assets
5) Zone the attack surface
6) Remove low value data
7) Use next-gen anti-malware
8) Strong user access controls
9) Dual authentication
10) Patch promptly
11) Other technical counter-measures
12) Set security settings high
13) Educate users
14) Ensure security reqmts included and tested
What are the 6 OECD principles of governance?
1) Fair and transparent markets
2) Investments market duties
3) Clarity and accuracy of reporting
4) All classes of shareholders treated the same
5) Rights of stakeholders
6) Board resopnsibilities
What are McKinsey’s 6 imperatives for FinTech attackers?
1) Find - opportunities for mass recruitment
2) Reduce - costs of servicing customers
3) Identify - new indicators of credit worthiness
4) Target - specific market segments
5) Cooperate - with established financial services firms
6) Anticipate and digitise - responses to reg reqmts
What are the 6 ways to counter FinTech attackers?
1) Use other analytics e.g. Facebook
2) Reduce costs
3) Design customer interface to equal online platforms
4) Tailor services to mobile phone access
5) Acquire marketing skills of online retailing platforms
6) Streamline org to allow implementation
What are 3 key elements of GPTs?
- Pervasive
- Can spawn new technologies
- Improve over time
What are 4 benefits of using AI for predictive models?
The predictive models are:
- more accurate
- unbiased
- fast
- cheap
What does PACED in the context of Risk Mgmt mean?
Proportionate - to size of org and nature of risks
Aligned - to objectives of org and needs of stakeholders
Comprehensive - covering all types of risk
Embedded - in ongoing processes for strategic and operational decision making
Dynamic - able to change as the org and environment changes
What are Hopkin’s 8 Rs of risk management?
Recognition Rating Ranking Responding Resourcing Reaction Planning Reporting Reviewing
What does the COSO ERM Double Helix include?
- Governance and Culture
- Strategy and Objective-setting
- Performance
- Review and Revision
- Information Communication and Reporting
What are the 3 components of risk assessment?
1) Risk identification - what might happen?
2) Risk analysis - how likely? what impact?
3) Risk evaluation - so what? is it within Risk Appetite and Risk Tolerance?
What are the 7 stages of a cyber attack?
1) Reconnaissance
2) Tooling / Preparation
3) Infection
4) Persistence - stuxnet
5) Communication
6) Control
7) Realising Value
What are the 3 reasons that Advanced Persistent Threats usually occur?
1) Hackers use opportunistic tactics
2) Hackers use highly evolved tactics
3) Hackers use inside information
