Week 1 - Intro

Question 1

What does Cyber Security comprise?

Answer 1

Technologies and mechanisms that are designed to protect systems, networks and data from cyber attacks

Question 2

Cyber Security Objectives

Answer 2

prevent unauthorised:
- disclosure of data
- modification of data
- use of network or computing resources

Question 3

Cyber Security challenges:

Answer 3

• Considering potential attacks.
• Where to use security mechanisms: Physical placement and logical sense
• Security Key management

Question 4

Asset

Answer 4

Anything of value to the organisation and requires protection

Question 5

Vulnerability

Answer 5

Weakness of an asset or group of assets that can be exploited.

Bugs, protocol flaws, default passwords

Question 6

Threat

Answer 6

Cause of harm. Can be human or environmental etc

Internal (authorised)/External (unauthorised)/Partner (in between)

Question 7

White hat hackers

Answer 7

Ethical hackers or pen testers

Question 8

Black hat hacker

Answer 8

Violate computer security for personal gain

Question 9

Grey hat

Answer 9

In between white and black hat. Will look without owner permission and report the issue or publish it if the owner does not comply.

Question 10

Security Risk

Answer 10

Possibility that threats will exploit vulnerabilities of an asset and cause harm.

Question 11

models of Info Security: CIA

Answer 11

Overall security
- Confidentiality
- Integrity
- Availability

Question 12

Models of information security: CAIN

Answer 12

Important for transport
- Confidentiality
- Authenticity (verified sender)
- Integrity
- Non-repudiation

Question 13

Confidentiality

Answer 13

Need to ensure that info is disclosed only to those authorised.

Question 14

Privacy

Answer 14

Refers to individual desire to control data access

Question 15

6 example Threats to confidentiality
HSLMUI

Answer 15

• Hackers
• Shoulder Surfing
• Lack of paper shredding
• Malicious code
• Unauthorised employee activity
• Improper access control

Question 16

Integrity

Answer 16

Making sure that information is correct and unmodified.

Question 17

Risks to integrity: Attack vectors

Answer 17

Phishing, website downloads, externally facing resources and infected attachments.

Malware inserted through these vectors can then corrupt data.

Question 18

Business Value in terms of data

Answer 18

What impact does this data have for the business etc

Question 19

Technical controls to protect data integrity

Answer 19

• Email digital signatures
• File integrity verifier utilities for operating systems

Question 20

Behavioural Controls to protect data integrity (think about users and duties)

Answer 20

• Separation of duties
• Rotation of duties
• End user security training

Question 21

Availability

Answer 21

Ensure timely and reliable access.

Assurance that data is accessible when needed by those authorised.

Question 22

Ways to ensure availability

Answer 22

• Maintenance
• Redundancy
• Backups
• Cloud Computing

Question 23

Threats to availability

Answer 23

Disaster, hardware fail, human error, malice, loss of power, malicious code, loss of personnel.