IAS PRELIM

Information Assurance

is the process of protecting information and information systems from unauthorized access, modification, theft, or destruction while ensuring their confidentiality, integrity, and availability, process involves the assessment of potential risks and vulnerabilities, the development and implementation of appropriate controls and countermeasures, and the monitoring and evaluation of their effectiveness

Confidentiality

refers to the protection of sensitive information from unauthorized disclosure or access

Integrity

refers to the accuracy, completeness, and consistency of information and the protection of its authenticity and trustworthiness

Availability

refers to ensuring that information is accessible to authorized users when and where they need it.

Information Technology Infrastructure Library (ITIL)

is a set of best practices for IT service management, including information assurance, focuses on aligning IT services with business needs and providing a framework for service delivery management and improvement

National Institute of Standards and Technology (NIST) Cybersecurity Framework

framework provides a set of guidelines for organizations to manage and reduce cybersecurity risk

ISO/IEC 27001

provides a systematic approach to managing and protecting information assets through the implementation of an Information Security Management System (ISMS)

Information security

refers to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction, process involves the implementation of appropriate technical, administrative, and physical controls to ensure the confidentiality, integrity, and availability of information

Protection of Sensitive Information

is one of the primary objectives of information security

Protection of Integrity

refers to the accuracy, completeness, and consistency of information

Availability

refers to ensuring that information is accessible to authorized users when and where they need it.

Compliance

Many organizations are required to comply with regulations such as GDPR or PCI DSS.

Business Continuity

Information security is essential to ensure business continuity, this involves incident response planning, disaster recovery planning, and business continuity planning.

Conducting a Risk Assessment

helps identify potential risks and vulnerabilities to information and information systems

Developing Policies and Procedures

provide guidance and direction for the implementation of information security controls.

Implementing Access Controls

are designed to limit access to information and information systems to authorized personnel

Training and Awareness

help employees understand the importance of information security and their role in protecting it

Monitoring and Logging

enable organizations to detect and respond to security incidents in a timely manner

Incident Response Planning

helps organizations prepare for and respond to security incidents.

Cybersecurity threats

are acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or disrupt computing systems.

Malware

is an abbreviation of "malicious software," which includes viruses, worms, trojans, spyware, and ransomware, and is the most common type of cyberattack.

VIRUS

A program designed to interfere with your computer, device or networks normal operation.

WORMS

A program that can make copies of itself in computers that it comes in contact with.

TROJAN

A type of malware that disguises itself as a useful and or harmless program or file.

ADWARE

A type of malware that launches unwanted advertisements in your internet browser or your desktop

SPYWARE

is software that aims to gather information about a person or organization without their knowledge.

RANSOMWARE

is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

CRYPTOJACKING

attacks deploys sodetware on a victimd device and begin the computing resources to generate cryptocurrency without their knowledge.

ROOTKITS

software is injected into applications, firmware or operating system providing remote administritive acces to a computers

FILELESS MALWARE

no software is installed in operating system, native files like WMI and Powershell arre edited to enable malicious functions

Social Engineering Attacks

threats leverage human psychology, manipulation, or misuse of trust, these non-technical threats, tricking users into providing an entry point for malware

Phishing

Deceptive attempts, usually through email or messages, to gather sensitive information such as usernames, passwords, and credit card details.

Vishing (Voice Phishing)

The imposter uses the phone to trick the target into disclosing sensitive data or granting access to the target system.

Smishing(SMS-Phishing)

the attacker uses text messages as the means of deceiving the victim

Baiting

the attacker lures a user into a social engineering trap, usually with a promise of something attractive like a free gift card

Pretexting

similar to baiting, the attacker attacker pressures the target target into giving up information under false pretenses, this typically involves impersonating someone with authority

Piggybacking

an authorized user provides physical access to to another individual who "piggybacks" off the the user's user's credentials.

Tailgating

an unauthorized individual follows an authorized authorized user into a location, for example, by by quickly slipping in through a protected door door after after the authorized user has opened it.

Supply Chain Attacks

are a new type of threat to software developers and vendors. Its purpose is to infect legitimate applications and distribute malware via source code, build processes, or software update mechanisms.

Man-in-the-Middle (MitM) attack

involves intercepting the communication between two endpoints, such as a user and an application.

Wi-Fi eavesdropping

an attacker sets up a Wi-Fi connection, posing as a legitimate actor, such as a business, that users may connect to

Email hijacking

an attacker spoofs the email address of a legitimate organization, such as a bank, and uses it to trick users into giving up sensitive information or transferring money to the attacker

DNS spoofing

a Domain Name Server (DNS) is spoofed, directing a user to a malicious website posing as a legitimate site.

IP spoofing

an Internet Protocol (IP) address connects users to a specific website.

HTTPS spoofing

is generally considered the more secure version of HTTP, but can also be used to trick the browser into thinking that a malicious website is safe.

Denial-of-Service (DoS)

attack overloads the target system with a large volume of traffic, hindering the ability of the system to function normally

Distributed Denial-of-Service (DDoS)

attack involving multiple devices

HTTP flood DDoS

the attacker uses HTTP requests that appear legitimate to overwhelm an application or web server, this technique does not require high bandwidth

UDP flood DDoS

a remote host is flooded with User Datagram Protocol (UDP) packets sent to random ports, this technique forces the host to search for applications

ICMP flood

a barrage of ICMP Echo Request packets overwhelms the target, consuming both inbound and outgoing bandwidth.

NTP amplification

servers are public and can be exploited by an attacker to send large volumes of UDP traffic targeted at a server

SYN flood DDoS

initiating a Transmission Control Protocol (TCP) connection sequence involves sending a SYN request that the host must respond to with a SYN-ACK that acknowledges the request, and then the requester must respond with an ACK.

Injection attacks

exploit a variety of vulnerabilities to directly insert malicious input into the code of a web application.

SQL Injection

an attacker enters an SQL (Structured Query Language) query into an end-user input channel, such as a web form or comment field.

Code Injection

- an attacker can inject code into an application if it is vulnerable, the web server executes the malicious code as if it were part of the application

OS (Operating System) Command Injection

an attacker can exploit a command injection vulnerability to input commands for the operating system to execute.

XML External Entities (XXE) Injection

an attack is carried out using specially constructed Extensible Markup Language (XML) documents.

Cross-Site Scripting (XSS)

an attacker inputs a string of text containing malicious JavaScript

LDAP Injection

an attacker inputs characters to alter Lightweight Directory Access Protocol (LDAP) queries.

Data

a is considered the new oil, and it is the most valuable asset for businesses and organizations

Programs

also known as software, are sets of instructions that tell a computer what to do.

Antivirus software

is designed to detect and remove malware from a computer, it scans programs for known malware signatures and behaviors and blocks them from running or deletes them from the system

Keep the operating system updated

One of the most critical steps to securing the operating system is to keep it updated with the latest security patches and updates.

Use antivirus software

Installing antivirus software is an essential step in securing the operating system.

Use a firewal

A firewall is a security program that monitors and controls incoming and outgoing network traffic

Implement access controls

limit access to the operating system and data, ensuring that only authorized users can access sensitive information

Use strong passwords

is essential to securing the operating system.

Disable unnecessary services

Operating systems come with many services and features that are not needed for everyday use, reduces the attack surface of the system, making it more difficult for attackers to exploit vulnerabilities.

Enable encryption

: Encryption can be used to protect data from unauthorized access, operating systems that handle sensitive data should encrypt the data both at rest and in transit to prevent it from being accessed by unauthorized parties.

Securing the operating system

is essential to ensure the safety and integrity of the system

Educate and Train

Regularly train and educate employees or users about the dangers of phishing attacks and how to recognize them.

Email Filters

Use advanced email filtering solutions that can detect and filter out phishing emails based on certain patterns or suspicious behaviors.

Hover Over Links

Before clicking on any link, hover over it to see the actual URL. If the URL looks suspicious or doesn’t match the purported sender’s website, don’t click on it.

Use Two-Factor Authentication (2FA)

Even if attackers get user credentials, 2FA can prevent unauthorized access.

Regularly Update Software

Ensure that all systems and software, including email clients and web browsers, are regularly updated to benefit from the latest security patches.

Avoid Clicking on Suspicious Links

If an email seems unexpected or out of character, verify with the sender through a separate communication channel before clicking any links or downloading any attachments

Check for HTTPS

Ensure websites, especially those requiring personal information, use HTTPS. While not foolproof, HTTPS indicates that data is encrypted during transmission.

Install Anti-Phishing Toolbars

Some browsers can be equipped with toolbars that can quickly check the sites you are visiting against lists of known phishing sites.

Verify Email Senders

If you receive an unexpected email or an email from a source you do not recognize, verify the sender's identity before taking any action.

Regular Backups

Regularly back up data to ensure that, in the event of a ransomware attack (which can sometimes stem from phishing), critical data is not lost

Use Strong, Unique Passwords

Avoid using the same password across multiple sites and services. If one service is compromised, other accounts will remain safe.

Be Wary of Pop-Ups

Avoid entering any personal information into pop-ups. If you must log into an account, navigate to the website directly and log in there.

Regularly Monitor Accounts

Regularly monitor bank and other financial accounts for unauthorized activity. If you see anything unfamiliar, report it immediately.

Report Suspected Phishing

Report any suspected phishing emails to the appropriate authorities, which can help prevent others from becoming victim

Disgruntled Employee

An employee, unhappy with their treatment or the organization's decisions, decides to leak confidential company information to competitors or the public

Earthquakes

Sudden shaking or movement of the Earth's surface.

Hurricanes/Typhoons

Massive storm systems with strong winds, rain, and storm surges.

Floods

Overflow of water onto normally dry land.

Tornadoes

Violently rotating columns of air extending from thunderstorms to the ground

Wildfires

Uncontrolled fires spreading rapidly across vegetation