Cyber Security Intro

What is an information asset?

An information asset is a body of information (usually of value), defined and managed as a single unit, so that it can be
understood, shared, protected and utilised effectively. This includes: databases, records, system tools, passwords, encryption keys

1 of 107

Why should information assets be protected?

Everyone has a responsibility to ensure that sensitive information and assets are appropriately protected from the moment they are created until their verified destruction. Failure to protect this data can lead to financial loss, reputational damage and r

2 of 107

Definition of tangible assets and examples

assets that are physical; they include cash, inventory, vehicles, equipment, buildings and investments.

3 of 107

Definition of intangible assets and examples

assets that lacks physical substance and cannot be "touched". Examples of intangible assets include brand recognition, copyrights, patents, trademarks, trade names, and customer lists.

4 of 107

What is the Data Protection Act 2018

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).2018,

5 of 107

What impact can a security incident have on a business?
a) Financial

Loss of revenue, legal fees, PR fees, cost of investigations, possibly money to pay off hackers (if ransomware), compensating affected customers, setting up incident response efforts and investment into new security measures.

6 of 107

What impact can a security incident have on a business?
b) Operational

Business disruption, failure of IT systems, further
attacks, system downtime

7 of 107

What impact can a security incident have on a business?
c) Reputational

Loss of customers, loss of suppliers, impact on future investment opportunities, loss of vital stakeholders etc

8 of 107

What impact can a security incident have on a business?
d) Legal

Customers, vendors, and even employees may sue the company for having their data breached. This especially if your company was negligent in handling their data.

9 of 107

What impact can a security incident have on a business?
e) Regulatory

Fines and penalties, regulatory sanctions.

10 of 107

Why do organisations need to understand which of their information assets are most critical?

a) It is very expensive to protect all assets to the same degree
b) Not all information assets are so critical to the business
c) Not all information assets shou

Answer: A & B

11 of 107

What is non-repudiation?

Assurance that the sender of information is provided with proof of delivery, and the recipient is provided with proof of the sender's identity, so neither can later deny having process the information

12 of 107

What does the CIA triad stand for?

Confidentiality, Integrity and Availability
(Three Security Objectives)

13 of 107

What is the asymmetric nature of cyber security threats?

this refers to cyber-warfare that inflicts a proportionally large amount of damage compared to the resources used by targeting the victim's most vulnerable security measure. In these types of attacks, the perpetrator will have an unfair advantage over the

14 of 107

What is the NIST?

National Institute of Standards and Technology

15 of 107

What is a Risk?

a _ is the likelihood and impact (or consequence) of an actor exercising a vulnerability

16 of 107

What is a Threat?

a _ is the potential for a malicious actor to exercise a vulnerability. It is also the path or tool used by the actor

17 of 107

What is a control?

A _ is a system or procedure put in place to mitigate risk

18 of 107

What is a vulnerability?

A _ is a weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

19 of 107

What is a hazard?

A _ is a situation that poses a level of threat to life, health, property, or environment due to nature, technology or caused by humans

20 of 107

What does FIPS stand for?

Federal Information Processing Standards

21 of 107

What are the features of an Asymmetric attack?

Technology
Tactics
Exploitation
Impact

22 of 107

Explain technology as a feature of an asymmetric cyber attack?

unconventional as technology requires less planning and lower costs.

23 of 107

Explain tactics as a feature of an asymmetric cyber attack?

the nature of asymmetry makes the plan of attack unfair, uneven, hard to track and removes any of the victim's advantages

24 of 107

Explain exploitation as a feature of an asymmetric cyber attack?

In order to increase chances of success, attackers will research their victim's vulnerabilities and create strategies around them

25 of 107

Explain impact as a feature of an asymmetric cyber attack?

Asymmetric attacks are employed to cause as much damage as possible physically and psychologically, including inflicting distress, shock and confusion

26 of 107

What is a root cause analysis?

_ analysis is a systematic process used to identify the fundamental risks that are embedded within the project. To do one, you 1) define the problem, 2) collect data in relation to the problem, 3) identify the cause, 4) prioritise the causes, 5) identify

27 of 107

How could you use the "Five Whys" approach to root cause analysis?

Begin with a specific problem. What is it that you are having an issue with? This can also help the team focus on the same problem.
Ask why the problem happened and write the answer down below the specific problem you listed in step one.
Keep asking “why”

28 of 107

What is a SWOT analysis?

Strengths, Weaknesses, Opportunities and Threats.

29 of 107

What is a risk register?

The risk register is a strategic tool to control risk in a project. It works to gather the data on what risks the team expects and then a way to respond proactively if they do show up in the project. It has already mapped out a path forward to keep the pr

30 of 107

What is a Risk Assessment Template for IT?

A risk assessment template is a tool used to identify and control risks in the workplace. It involves a systematic examination of a workplace to identify hazards, assess injury severity and likelihood, and implement control measures to reduce risks.
It al

31 of 107

Probability and Impact Matrix

This technique combines the probability and impact scores of individual risks and then ranks them in terms of their severity. This way each risk is understood in context to the larger project, so if one does occur, there’s a plan in place to respond or no

32 of 107

Risk Data Quality Assessment?

With a risk data quality assessment technique, project managers use data that has been collated for the risks they’ve identified. This is used to then find the level to which information about the risk is relevant to the project manager. It helps the proj

33 of 107

What are inductive criminal profiles?

These are developed by studying statistical data involving known behavioural patterns and demographic characteristics shared by criminals.

34 of 107

What is deductive profiling?

Uses a range of data e.g. forensic evidence, crime scene evidence, victimology and offender characteristics.

35 of 107

What is a BIA (Business Impact Analysis)

A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment.

36 of 107

What is the difference between trusted and trustworthy?

Trusted: based on what the function is of that particular process, that we trust it do that function. The security of the system depends on it. If the component is insecure, so is the system.

Trustworthy: The component deserves to be trusted. E.g. it is

37 of 107

What is Trusted Computing Base?

The trusted computing base of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security. Bugs or vulnerabilities occurring inside the TCB might jeopardise the security properties of the entire sys

38 of 107

What consists of the conceptual Trusted Computing Base in a Unix/Linux system?

Hardware, kernel, system binaries , system configuration files , etc

39 of 107

What is "Trusted Path"?

A mechanism that provides confidence that a user (through an input device) can communicate directly with the security functions of the information system (usually TCB) with the necessary confidence to support the system security policy, e.g. ctrl+alt+dele

40 of 107

What is the Trusted Computing Group?

Alliance of Microsoft, Intel, HP and AMD which promotes a standard for a "more secure" PC.

41 of 107

What is the purpose of security assurance?

To provide business leaders with an accurate and realistic level of confidence in the protection of 'target environments' for which they are responsible. This involves presenting relevant stakeholders with evidence regarding the effectiveness of controls.

42 of 107

What is inductive profiling?

Inductive is based on history, retrospective analysis, criminal interviews, databases etc.

43 of 107

What is deductive profiling?

Deductive is behaviour analysis which examines the forensic evidence, reports based on the crime and is more specific that inductive profiling.

44 of 107

What is TCB?

Trusted Computing Base: The set of all hardware, software and procedural components that enforce the security policy.

45 of 107

What is Trusted Path/Trusted Channel?

Mechanism that provides confidence that the user is communicating with what the user intended to communicate with. E.g., attackers can’t intercept or modify the information that is being communicated.

46 of 107

What is Trusting Computing?

TCG – an alliance of Microsoft, Intel and others which promote a standard for a “more secure” PC
Ensure that users can’t tamper with the application software and these applications can communicate securely with their authors and with each other.

47 of 107

What makes a trusted OS?

Extra security features (compared to ordinary OS)
• Stronger authentication mechanisms
• More security policy options
• Logging and other features
More secure implementation
• Apply secure design and coding principles (code audit of formal verification)
•

48 of 107

What is Formal verification?

Formal verification is the overarching term for a collection of techniques that use static analysis based on mathematical transformations to determine the correctness of hardware or software behaviour in contrast to dynamic verification techniques such as

49 of 107

What is Intrinsic Assurance?

• Relates to how the system is built
• Intrinsic Assurance is the security quality and rigour provided by the developer of the system.

50 of 107

Factors of intrinsic assurance?

• Factors considered can include the professional qualifications of the engineers who built the system, the level and credibility of review and the presence (or otherwise) of an appropriate quality management system.

51 of 107

What is Configuration management?

• Configuration management is an IT management process that tracks individual configuration items of an IT system. IT systems are composed of IT assets that vary in granularity. An IT asset may represent a piece of software, or a server, or a cluster of s

52 of 107

What is Change Management?

• Change management is an IT practice designed to minimize disruptions to IT services while making changes to critical systems and services.
• Change management practices are designed to reduce incidents and meet regulatory standards

53 of 107

What is extrinsic assurance?

Extrinsic Assurance
Defined as any activity independent of the development environment which provides a level of trust in the product, system or service.

54 of 107

What is Supply Chain Assurance?

Allows acquires and suppliers to understand, comply and assure information security arrangements required based on risk, regulation, functional, geographic and other requirements.

55 of 107

What is Common Criteria?

• The Common Criteria for Information Technology Security Evaluation is an international standard (ISO/IEC 15408), providing an infrastructure within which participating organisations can specify functional and assurance requirements;
• Common Criteria g

56 of 107

What are security requirements?

The controls we put in place to fulfil our security objectives

57 of 107

What are functional requirements?

These are the requirements that the end user specifically demands as basic facilities that the system should offer. All these functionalities need to be necessarily incorporated into the system as a part of the contract

58 of 107

What is the difference between functional and non-functional requirements?

While functional requirements define what the system does or must not do, non-functional requirements specify how the system should do it. Non-functional requirements do not affect the basic functionality of the system (hence the name, non-functional requ

59 of 107

What are non functional requirements?

Non-functional requirements:
These are basically the quality constraints that the system must satisfy according to the project contract.

60 of 107

What is PCI-DSS?

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Indus

61 of 107

What is Fips 140-2?

The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic k

62 of 107

What is CESG?

The UK government's National Technical Authority for Information Assurance (CESG), advises organisations on how to protect their information and information systems against today's threats.

63 of 107

What is COBIT?

COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management best practices. The COBIT framework is published by the IT Governance Institute (ITGI) and ISACA.

64 of 107

What is horizon scanning?

•Horizon scanning is used to monitor and identify potential threats to an organisation and considers longer term change and underlying trends

65 of 107

What is the Delphi Technique?

• The Delphi method or Delphi technique is a structured communication technique or method, originally developed as a systematic, interactive forecasting method which relies on a panel of experts. The technique can also be adapted for use in face-to-face m

66 of 107

What is a risk register?

The risk register is the ‘mother of all’ risk management tools and techniques. It tracks the risks throughout the project lifecycle. It acts like a snap-shot of what’s going on with project risks. Risk registers are normally Excel spreadsheets

67 of 107

What is a security kernel?

A security kernel is essentially the nucleus of a computer or network security implementation. It is the core of a secure computing environment, which can be implemented in the form of a hardware component installed in a computer or network topology, a so

68 of 107

What is the purpose of security assurance

Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy.

69 of 107

examples of extrinsic assurance

- security testing
- supply chain assurance
- common criteria

70 of 107

examples of intrinsic assurance

-configuration management
- change management
- threat intelligence
-vulnerability scan

71 of 107

What is least privilege?

The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access – or permissions – needed to perform his/her job functions

72 of 107

What is economy of mechanism?

Economy of mechanism, aka “Simple design”: Keep the design as simple and small as practical (e.g., by adopting sweeping simplifications where practical). Complex designs can easily hide defects, including defects that are vulnerabilities.

73 of 107

what is separation of privilege

Separation of privilege is an information technology best practice applied by organizations to broadly separate users and processes based on different levels of trust, needs, and privilege requirements.

74 of 107

What is a security objective?

Security objectives are goals and constraints that affect the confidentiality, integrity, and availability of your data and application. The objectives, once created, can be used to direct all the subsequent security activities that you perform.

75 of 107

what are functional security requirements

Functional Security Requirements, these are security services that needs to be achieved by the system under inspection. Examples could be authentication, authorization, backup, server-clustering, etc.

76 of 107

Functional Requirements?

Functional requirements define the basic system behaviour. Essentially, they are what the system does or must not do, and can be thought of in terms of how the system responds to inputs. Functional requirements usually define if/then behaviours and includ

77 of 107

Non-functional requirements?

While functional requirements define what the system does or must not do, non-functional requirements specify how the system should do it. Non-functional requirements do not affect the basic functionality of the system (hence the name, non-functional requ

78 of 107

What problems arise from weaknesses in the network design / architecture?

Single points of failure
Complex dependencies
Availability over confidentiality and integrity
Lack of documentation and change control
Overdependence on perimeter security

79 of 107

What are the effects of a misconfigured firewall/OS?

One of the most significant threats to an organisation is exposing your internal network or servers to the internet. When exposed, threat actors are easily able to spy on your traffic, steal data, or compromise your network.

80 of 107

What is Secure coding?

Secure coding is the practice of writing software that's protected from vulnerabilities.

81 of 107

What can happen as a result of insecure software?

Denial of service to a single user
Compromised secrets.
Loss of service.
Damage to the systems of thousands of users.
Loss of life.

82 of 107

What is packet level firewall?

-operate inline at junction points where devices such as routers and switches do their work.
-These firewalls compare each packet received to a set of established criteria, such as the allowed IP addresses, packet type, port number and other aspects of t

83 of 107

What is a circuit level firewall?

- Considered 2nd generation firewalls
-They operate at the Transport Layer of the OSI Model (Layer 4) and monitor TCP/IP sessions
- Instead of analysing each individual packet, they monitor the TCP handshake

84 of 107

What is an Application-Level Firewall?

Also known as proxy servers , these firewalls operate at the Application Layer of the OSI Model (Layer 7)
Filter: Filter packets based on an application or service (SMTP, FTP, etc)

85 of 107

What is a Stateful Multilayer Inspection Firewall?

The stateful multi-layer inspection (SMLI) firewall uses a sophisticated form of packet-filtering that examines all seven layers of the Open System Interconnection (OSI) model. Each packet is examined and compared against known states of friendly packets.

86 of 107

What are hierarchical learned routes?

Organises routers in domains
Backbone / border routers communicate between domains
Internal routers can only communicate within a domain or out of a domain via a backbone router
Supports route summarization

87 of 107

What are Distance-vector learned routes?

Propagate entire routing table
Slower convergence

88 of 107

What are flat learned routes?

All routers are peers of one another
Each network ID requires a separate routing table entry

89 of 107

What are link state learned routes?

Propagate updates to routing table only
Faster convergence and better support for larger networks
Require more advanced hardware

90 of 107

What is port mirroring and its functions?

Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. It helps administrators keep a close eye on network performance and alerts

91 of 107

What is Spanning Tree Protocol (STP)?

The Spanning Tree Protocol (STP) is a network protocol that is used to eliminate bridge loops in Ethernet LANs. STP prevents network loops and associated network outage by blocking redundant links or paths. The redundant paths can be used to keep the netw

92 of 107

What is network flooding?

In a computer network, flooding occurs when a router uses a nonadaptive routing algorithm to send an incoming packet to every outgoing link except the node on which the packet arrived. Flooding is a way to distribute routing protocols updates quickly to e

93 of 107

How to conduct switch hardening?

Disable unused ports
Secure the switch's management console
Use a secure interface
Disable unused management console access methods
Restrict the hosts that can be used to access the management console
Install the latest firmware updates
Configure the

94 of 107

what is client-server?

client-server is a software architecture model consisting of two parts, client systems and server systems, both communicating over a computer network or on the same computer. A client-server application is a distributed system made up of both client and s

95 of 107

What is a control objective?

A control objective is a statement about how an organisation plans to effectively manage risk.

96 of 107

What are Administrative controls?

Refer to policies, procedures, or guidelines that define personnel or business practices in accordance with the organisation's security goals.
These can apply to employee hiring and termination, equipment and Internet usage, physical access to facilities

97 of 107

What are Technical controls (also known as logical controls)?

Include hardware or software mechanisms used to protect assets.
Some common examples are authentication solutions, firewalls, antivirus software, intrusion detection systems (IDSs), intrusion protection systems (IPSs), constrained interfaces, as well as

98 of 107

What are Physical controls?

describe anything tangible that’s used to prevent or detect unauthorised access to physical areas, systems, or assets.
This includes things like fences, gates, guards, security badges and access cards, biometric access controls, security lighting, CCTVs,

99 of 107

What are 3 types of control functions?

Preventative
Detective
Corrective

100 of 107

What are the five Functions included in the NIST Framework Core?

Identify
Protect
Detect
Respond
Recover

101 of 107

What is the Computer Misuse Act?

The Computer Misuse Act protects personal data held by organisations from unauthorised access and modification). This refers to entering a computer system to steal data or destroy a device or network (such as planting a virus ) Unauthorised modification o

102 of 107

What is the Data Protection Act / General Data Protection Regulation

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government. The Data Protection Act 2018 is the UK's implementation of the General Data Protection Regulation (GDPR). ... They must make sure t

103 of 107

What is the Official Secrets Act?

An Official Secrets Act (OSA) is legislation that provides for the protection of state secrets and official information, mainly related to national security but in unrevised form (based on the UK OSA 1911) can include all information held by government bo

104 of 107

What is Cyber Essentials Scheme?

Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks and will provide certification.

105 of 107

What does the digital millennium copyright act cover?

The DMCA was passed in 1998 as an anti-piracy statute effectively making it illegal to circumvent copy protections designed to prevent pirates from duplicating digital copyrighted works and selling or freely distributing them

106 of 107

What is horizon scanning?

Horizon scanning is used to monitor and identify potential threats to an organization and considers longer term change and underlying trends. Horizon Scanning does not aim to assist you in predicting the future, but facilitates you in systematically inves

107 of 107

Get Revising

Cyber Security Intro

Other cards in this set

Card 2

Front

Back

Card 3

Front

Back

Card 4

Front

Back

Card 5

Front

Back

Comments

Similar Computing resources:

Other cards in this set

Card 2

Front

Back

Card 3

Front

Back

Card 4

Front

Back

Card 5

Front

Back

Comments

Related discussions on The Student Room

Similar Computing resources: