Cybersecurity Lecture Notes

Flashcards based on lecture notes about cybersecurity, risk management, and network security.

What is a Risk Register?

A comprehensive record listing all identified risks, their impacts, owners, and status; used to track and monitor risks over time.

What is Qualitative Risk Assessment?

A risk assessment method that ranks risks by likelihood and impact without assigning specific financial values.

What is the role of an Audit Committee in cybersecurity?

A governance body that oversees cybersecurity risks and ensures regulatory compliance, rather than managing daily IT operations.

What is Agentless Posture Assessment (NAC)?

A method in Network Access Control that does not install agents on devices, but provides less detailed information about client devices.

What does RTO stand for, and what does it define?

Recovery Time Objective; the maximum acceptable time to restore a system or process after a disruption.

Define Neutral Risk Appetite.

A balanced approach to risk, neither overly cautious nor aggressive.

Why is integration with security protocols critical for secure deployment?

Ensuring new systems work with existing security measures is critical for secure deployment.

What is a Password Spraying Attack?

An attack where common passwords are tried across many accounts, rather than brute-forcing one account.

What is Package Monitoring?

Tracking software versions and patches to identify and address vulnerabilities.

What is a Tabletop Exercise?

A discussion-based scenario where teams talk through responses to incidents, without hands-on action.

What is Informed Consent (GDPR)?

A principle requiring clear communication and permission before collecting or processing personal data.

What is Tokenization?

Replacing sensitive data with unique tokens stored in a database, so attackers see only meaningless symbols.

What is the function of OSI Layer 4 (Transport Layer) in security?

Handles filtering based on IP addresses and port numbers (e.g., TCP/UDP).

What is Internal Audit Evidence?

Documentation of a vendor’s own internal security evaluations.

What security practices are best for securing data at rest?

Encryption and ACLs (Access Control Lists).

Why does Microservices Security require granular access controls?

Each microservice may need unique permissions.

Give an example of a Managerial Security Control.

Risk assessments, which are periodic evaluations of threats and vulnerabilities.

Why is Employee Retention important for security automation?

Keeps institutional knowledge and expertise, especially for managing security automation.

What are Recovery and Restoration Processes?

Disaster recovery actions to bring up backup systems and restore data after a disruption.

How does a Proxy Server aid in security?

A device that relays requests for servers, reducing the public-facing attack surface.

What is a security concern regarding RTOS (Real-Time Operating System)?

May lack adequate buffer overflow protections due to performance focus.

Define EF (Exposure Factor).

The percentage of an asset’s value lost if a risk event occurs.

What is Risk Appetite?

The amount of risk an organization is willing to accept to achieve its objectives.

Define Regulated Data.

Data subject to strict compliance standards and legal requirements.

What is ARO (Annualized Rate of Occurrence)?

The expected number of times a risk event will occur in a year.

Why is WPA3 the most secure wifi protocol?

Latest and most secure Wi-Fi protocol; uses individualized encryption, Diffie-Hellman key agreement, and protects management frames.

What is Active Reconnaissance?

Direct interaction with systems to gather info, which can alert the target.

What capabilities does a NGFW (Next Generation Firewall) provide?

Provides application awareness, deep packet inspection, and integration with other security products.

What is CVE (Common Vulnerabilities and Exposures)?

A standardized system for naming and referencing publicly known security vulnerabilities in software and systems. Each CVE entry provides a unique identifier for a specific vulnerability.

What is Identity Proofing?

The process of verifying that a person is who they claim to be, often using knowledge-based questions, ID checks, and employment validation.

What is Application Recovery?

Restoring an application or its components (like databases) from a backup after corruption or failure, ensuring minimal data loss and restored functionality.

Define MOU (Memorandum of Understanding).

A formal agreement between organizations outlining collaboration terms and intentions, often preceding a legally binding contract.

What is SNMP (Simple Network Management Protocol) used for?

Used for monitoring and managing network devices. It does not secure communication between software applications.

What security concern exist for HMI (Human-Machine Interface)?

The ICS component allowing direct operator interaction. Main security concern: preventing unauthorized access.

What is Audit Trail?

A chronological record of system activities, crucial for detecting and investigating security breaches.

What are Guard Rails (in Automation)?

Policy boundaries in automated workflows to prevent errors and keep processes within safe, defined parameters. Not physical security for server rooms.

What does Archiving refer to?

Long-term, secure storage of data for compliance and historical analysis. Archiving does not inherently speed up searches for old data.

What is NetFlow?

A network protocol for collecting and monitoring IP traffic flow information. It helps visualize traffic patterns but does not directly identify attack types—it provides data for analysts to interpret.

What are Ephemeral Credentials?

Temporary access credentials that expire after a short period, ideal for tasks like cloud maintenance.

What potential vulnerabilty exist for Port 1433?

Default port for Microsoft SQL Server. If left open, it can allow unauthorized database queries from external sources.

What does AES (Advanced Encryption Standard) provide?

The most secure and widely recommended encryption protocol for wireless networks and symmetric encryption of data at rest and in transit.

What can be stated about Serverless architecture?

A cloud computing model where you run code without managing the underlying infrastructure.

What function does MDM (Mobile Device Management) – Remote Wipe offer?

The ability to erase all data from a lost or stolen mobile device remotely, protecting organizational data.

What does Threat Actor Capability refer to?

Refers to the ability of an attacker to develop unique exploit techniques and tools.

What is the value of Application Logs – Failed Logins?

When investigating breaches, details of failed logins (timestamps, usernames, IPs) are most valuable for identifying unauthorized access attempts.

What does Rule-Based Access Control refer to?

Access is determined by predefined rules and conditions, not by user or admin discretion

What is Due Diligence/Care?

Taking proactive steps to meet legal and compliance requirements, such as implementing policies and controls.

What is an Agent-Based Web Filter?

A web filtering solution installed on user devices, ensuring consistent policy enforcement regardless of location.

What risk Client-Based Software present?

Software installed and running on a user's device, which can be an attack vector if updates are compromised.

What vulnerability is Time-of-Check (TOC) Race Condition?

A vulnerability where a resource is checked, but its state changes before it is used, leading to potential exploitation.

What is a Vulnerability Exception?

A formal process to delay or avoid remediation of a known vulnerability due to business needs, with risk acceptance.

What security does S/MIME (Secure/Multipurpose Internet Mail Extensions) provide?

An email security standard that uses certificates to sign and encrypt email content.

What is Enumeration?

Assigning unique identifiers and access controls to assets for inventory and security management.

What function do Physical Security Keys fill?

Hardware tokens (e.g., USB keys) used for multi-factor authentication.

What does a Longer Password Policy intend to do?

Increasing password length to enhance resistance to brute force attacks.

When might Ephemeral Credentials be best used?

Temporary, automatically expiring credentials for short-term privileged access.

Define Likelihood (Risk).

The probability of a risk event occurring, often described as "high," "medium," or "low".

Describe Amplified DDoS Attack.

A DDoS technique where small requests trigger large responses from servers, overwhelming the target.

Why is it imprtant to perform Integrated Penetration Test?

A test that assesses vulnerabilities across physical, software, and network layers.

What is the function of Key Risk Indicators (KRIs)?

Metrics that provide early warnings of increasing risk exposure.

What is Risk Analysis?

Quantifying the financial impact of specific risks, often using both probability and loss estimates.

What is the function of Database Encryption?

Encrypting an entire database for efficient bulk protection of records.

What is Parallel Processing?

A computational approach that allows simultaneous assessment of multiple recovery strategies.

What can be exploited in a Buffer Overflow?

An attack where input exceeds a buffer’s capacity, potentially allowing code execution.

Define Business Email Compromise (BEC).

A targeted email attack impersonating executives to fraudulently redirect funds or steal sensitive data.

What is an Ad Hoc Risk Assessment?

A risk assessment performed as needed in response to new threats or changes.

What is Data Masking?

Obscuring sensitive data while preserving its structure for analysis.

Describe Cross-Site Request Forgery (CSRF).

An attack tricking authenticated users into submitting unwanted actions on a web application.

What is Attestation (IAM)?

A process where data owners periodically review and confirm user access rights.

What characteristize Quantitative Risk Analysis?

Calculating risk impact using numerical values for likelihood and potential loss.

Why do Microservices Security introduce complexity?

Microservices architectures introduce complexity and potential vulnerabilities in inter-service communication.

What function Regulatory Agencies provide?

Entities that establish and enforce security standards across sectors.

Describe Hybrid Warfare.

A strategy combining espionage, disinformation, hacking, and diplomacy, often by state actors.

What functions does SWG (Secure Web Gateway) perform?

A solution that filters user web traffic, blocks malicious URLs, and provides threat analysis.

What does Snapshots allow a adminstrator to do?

Quick, storage-efficient system state captures for rapid rollback.

Why can Embedded System poses security risks?

Devices with hardcoded software, often unpatchable, posing security risks.

What does Salting do?

Adding random data to input before hashing to strengthen security.

What characterize a One-Time Risk Assessment?

A comprehensive evaluation at a specific point, often for new systems.

What is Clustering?

Grouping servers for fault tolerance, with each handling different tasks.

What does MTTR (Mean Time to Repair) define?

Average time to repair a system after a failure.

What is Due Diligence (Vendor Selection)?

Ensuring a vendor’s practices align with organizational requirements.

Why is proper staffing of Skilled Personnel crucial for security automation?

Crucial for supporting and maintaining security automation tools.

What characterize Operational Security Control?

Day-to-day controls like log monitoring, as opposed to technical or managerial controls