Week 11 Flashcards
Why do we need security and controls for Information systems?
IS share data and provide resources to lots of people including those who shouldn’t have access. Controls upon information systems are based upon two underlying principles:
– The need to ensure accuracy of data
– The need to protect against loss or damage
Why are systems vulnerable?
System complexity –Testing not extensive enough
Unauthorised access is always possible
Human error – People couldn’t be bothered with procedures - a system programmed to do checks will do all the time whereas sometimes people won’t. Don’t use virus checkers, etc., Fail to backup data
Poor audit means that nobody checks
Biggest Cyber threats in 2024
Cloud-related threats
Ransomware
Third-party breach
How might small companies deal with network security management
Outsourcing or using cloud software may be safer as this is giving responsibility to specialists.
Whats the trend of % of IT spend on security? Why is this trend in place for IT spending?
IT spend on security is growing
Recent growth was driven by more extensive use of IT in the pandemic
- Electronic rather than physical interactions with customers
- Remote working by employees
Give examples/ statistics of cybercrime in Ireland
HSE Attack
Cybercrime ≈ €10 Billion in 2022
Garda cybercrime division tripled in size
Define cyber risk
Cyber Risk is the risk of any financial loss, disruption or negative reputational impact because of a failure in IT systems; whether through people, process or technology.
* risks emanating from the use of electronic data and its transmission, including tools such as the Internet
* physical damage caused by cyber-attacks;
* fraud committed by misuse of data;
* liability arising from data use, storage and transfer
* availability, integrity, and confidentiality of electronic information
Give examples of specific cyber risks
- Business interruption
- Data and software loss
- Intellectual property theft
- Network Security/Security
- Breach of Privacy Compensation
- Reputational Damage (excluding legal protection)
- Compensation for crisis management/remediation actions requiring internal or external experts
- Cyber ransom and extortion
- Fine and Penalties
Explain how to insure against cyber attacks
Most cyber-attacks are not covered by standard insurance policies, even though Cybercrime is the fastest growing criminal act in the world. But you can take out cyber insurance. However direct costs can be very considerable even with insurance and reputational damage is substantial. You can be held liable for third party data such a customer data or credit card data
What expenses does cyber insurance cover?
– Investigation: to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring again
– Business losses: network downtime, business interruption, data loss recovery, repair/replace damaged equipment etc.
– Privacy and notification: to customers and other affected parties,
– Lawsuits and extortion: includes legal expenses for the release of confidential information, legal settlements and fines
Includes expert help in some cases - legal help consultancy support, liability support
Why is cyberinsurance not a mature market?
People are uncertain what the risks are and how to price the insurance
What are some simple measures everyone should do - cyber first aid
- Wi-fi: Change default router password, Don’t use public wifi without vpn
- Passwords: Secure devices with passwords, pins, biometrics, Use encryption and two factor authentication
- Back up data: Check the back ups work!
- Use antivirus software
- Review app permission
- Keep personal and work data separate
What are security planning principles
Risk analysis - balancing threat and protection costs for assets, goal is to reduce risk to an economically rational level.
Comprehensive security - close off all avenues of attack
Defence in depth - attacker should have to break through several lines of defence to succeed
Define internal audit
Internal Audit
Third force that checks the adequacy of the controls in place. This might include some external assistance from experts.
Explain risk management department
Centralised control of the enterprise, including compliance, legal, quality control and financial control.
What is the key principle of security planning
Minimum permissions : access control is limiting who can use resources and limiting their permissions to the minimum required to do their job but also so they cannot do unauthorised things
How do you reduce exposure to security threats
- Containment – Controlling access to an information system
- Deterrence – Threat of punishment to discourage potential intruders
- Obfuscation – Hiding or distributing assets to limit damage
- Recovery – Ensuring normal operation resumes as quickly as possible with as little disruption as possible
What are some other control techniques - some of which do not prevent problems but allow you to recover form them.
- User Validation or Access Controls
- Back-up Procedures
- Auditing – Regular stock-take of procedures, hardware,
software and data
What are the different categories of controls
Physical protection
Software controls
Biometric controls - ex individuals unique characteristics
What’s an important control measure when physical parts are disposed of
Ensure data is deleted/destroyed
Explain access control
Controlling access to resources so only the right people get access
Authentication involves supplicant sending credentials to verifier proving its identity from a distance
What is password authentication and the benefits
Reusable Passwords
– Strings of characters typed to authenticate the use of a username (account) on a computer.
– They are used repeatedly and so are called reusable passwords.
Benefits
– Ease of use for users (familiar)
– Inexpensive because built into operating systems
Why are passwords often guessed/ reason for concern? How can protection be enhanced
People use weak and easily guessed passwords
Constant password changes enhance protection, but people cannot remember them.
Word and name passwords are never adequately strong.- need to be complex and long which can cause problems as people often tend to write them down.
How does the speed of computers influence passwords
Faster computers make it easier to break passwords so we need longer more complex passwords than would have sufficed in the past.
What is 2 factor authentication
Adds another layer other than just the traditional password
Ex: Text your phone when you change PW
Phone app verification
What are some other forms of authentication other than password
Access cards
Biometrics - uses body measurements
ex: fingerprint scanning, iris scanning, facial scanning
Bring your own device - What are the issues with this?
Data theft, malware, lost or stolen devices, Improper mobile management, Insufficient employee training, shadow IT
Explain the UCD networks and firewalls
UCD wireless firewall is quite restrictive, UCD Eduroam wireless has fewer
restrictions and UCD staff wired network less again, because in the latter cases there is a record of who is generating the traffic
Explain how does a firewall work
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.
What is cryptography give an example fo its application IT security
The art of writing or solving codes. Ex: Message integrity - can tell if message has been altered on route
What are the stages of responding to an attack
– Detecting the attack
– Stopping the attack
– Repairing the damage
– Punishing the attacker?
What is key to incident response
Response should be in line with a plans. You need a plan when you have time to think about it, and then merely modify it when there is an actual attack.
What classifies a major incident response
Major incidents are incidents the on-duty security staff cannot handle.
Company must convene a computer security incident response team (CSIRT)
A major IT problem is not only a technical issue, it needs a response from the
entire organisation.
What does IT disaster recovery usually consist of
Dedicated backup sites and transferring personnel
or
Having two sites mutually back up each other
What does business continuity recovery involve
Business continuity recovery
– Getting the whole firm back into operation
– IT is only one concern
Why are rehearsals for incident response necessary
Serious incidents are infrequent, fortunately. However, you need to rehearse or simulate the event in advance to make sure that your continuity arrangements work.
What are some recent IT threats to be aware of as an individual
- Password-stealing Web sites will increase
- Hackers will target video files
- Mobile phone attacks will become more prevalent
- Identity theft and data loss will continue to be a
public issue - More Adware
- Ransomware
How to manage internet threats
- Use of firewalls
- Adopt procedures for internet usage
- Establish a protocol for incoming mail
- Keep all virus checkers and OS software up to
date - Harden new machines before connecting to
Internet
What problems digital money presents and how to overcome it?
Digital information has the following property - easy to duplicate and could copy digital money and double spend it
To a solve double-spending - using a peer to peer network, a public ledger using blockchain data structure will also protect
