Week 1: basics & threat sources

What does the C.I.A of cybersecurity stand for?

Confidentiality, Integrity, Availability

What does each letter mean in CIA?

confidentiality: preventing unauthorized reading

integrity: prevent unauthorized writing

availability: ensure authorized reading/writing

What does the practice of cybersecurity focus on?

evaluating risks and deploying safeguards to reduce those risks

What is a violation of policy, procedure, standard, safeguard or configuration?

a security incident

What is a violation of the CIA of data?

a compromise

Is it called a compromise when confidentiality violated?

No, it is a data breach

T/F: A security incident doesn’t always result in a compromise of data.

True, it does not

Information security as a primary component of a __-term business strategy
a) long

b) short

a) long

To properly apply safeguards, what do you “truly” have to understand?

understand the threats and vulnerabilities on a per “asset” basis

Give an example of an asset, something of value to an organization.

• a set of data (a file)

• a system storing data (a server)

• a person handling data

What are malicious outsiders and their goals?

attackers with no authorization to a system or organization; account for majority of modern attacks

goal is to become a privileged user

What are main characteristics of black hat attackers/hackers?

highly skilled but lack ethics and violates laws by breaking into systems;

historically the primary threat type, its organized crime modern day

What are gray hat hackers?

Black or white hat hackers that discover and publicizes vulnerabilities.

What are 2 examples of APT(advanced persistent threat) groups?

APT 29 (cozy bear) or APT35 (charming kitten)