CYBERSECURITY PRELIM PT.1

(T/F) Information is a critical asset that organizations must secure. If sensitive information falls into the wrong hands, organizations may suffer significant losses in terms of finances, brand reputation, and customer loyalty.

True

the state of the well-being of information and infrastructure in which the possibility of theft, tampering, or disruption of information and services is kept low or tolerable.

Information Security

(T/F) Information security is the protection or safeguarding of information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction.

True

This is a specification of how objects in a security domain are allowed to interact.

Security Policy

‘Need for Security’ indicates the following factors:

• A greater focus on ease of use with the evolution of technology

• Routine tasks rely on the use of computers for accessing, providing, or storing information

• Increased network environment and network-based applications

• The increased complexity of computer infrastructure administration and management creates a direct impact of security breach on the corporate asset base and goodwill

Information security relies on five (5) major elements

• Confidentiality

• Integrity

• Availability

• Authenticity

• Non-repudiation

The assurance that the information is accessible only to authorized people. Breaches of it may occur due to improper data handling or a hacking attempt.

Confidentiality

Confidentiality controls the following:

• Data Classification

• Data Encryption

• Proper disposal of equipment such as DVDs and USB drives.

The trustworthiness of data or resources in the prevention of improper and unauthorized changes – the assurance that information is sufficiently accurate for its purpose.

Integrity

Measures to maintain data integrity may include a ________, which is a number produced by a mathematical function to verify that a given block of data is not changed.

Checksum

Another measure to maintain data integrity may include __________, which ensures that only authorized people can update, add to, or delete data.

Access Control

The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users.

Availability

Measures to maintain data availability can include the following:

• Disk arrays for redundant systems and clustered machines

• Antivirus software to combat malware

• Distributed Denial-of-Service (DDoS) prevention systems.

The characteristic of communication, documents, or any data that ensures the quality of being genuine or uncorrupted.

Authenticity

(T/F) The major role of authentication is to confirm that a user is authentic. Controls such as biometrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, and documents.

True

A guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Individuals and organizations use digital signatures to ensure this.

Non-repudiation

The level of security in any system can be defined by the strength of three (3) components:

• Functionality

• Usability

• Security

The set of features provided by the system.

Functionality

The GUI components were used to design the system for ease of use.

Usability

The restrictions imposed on accessing the components of the system.

Security

The relationship between these three (3) components (Functionality, Usability, Security) is demonstrated using a triangle, as an increase or decrease in any of the components automatically affects the other components. Moving the “ball” towards any of the components means?

decreasing the intensity of the other components

if the ball moves toward security, it means?

increased security and decreased functionality and usability

If the ball is in the center, then it means?

all three (3) components are balanced.

(T/F) For any implementation of security controls, all the components have to be considered carefully and balanced to get acceptable functionality and usability with acceptable security.

True

The accelerating digitization benefited the IT industry but also paved the way for sophisticated cyberattacks and cybersecurity challenges. The following are some of the security challenges faced by security professionals and organizations:

• Compliance with government laws and regulations

• Lack of qualified and skilled cybersecurity professionals

• Difficulty in centralizing security in a distributed computing environment

• Difficulty in overseeing end-to-end processes due to complex IT infrastructure

• Fragmented and complex privacy and data protection regulations

• Use of serverless architecture and applications that rely on third-party cloud providers

• Compliance issues and issues with data removal and retrieval due to the implementation of Bring Your Own Device (BYOD) policies in companies

• Relocation of sensitive data from legacy data centers to the cloud without proper configuration

• Weak links in supply-chain management

• Increase in cybersecurity risks, such as data loss, unpatched vulnerabilities, and errors due to the usage of shadow IT

• Shortage of research visibility and training for IT employees

This originates from the notion that a target system stores or processes something valuable, which leads to the threat of an attack on the system.

Motive

The _______ of the attack may be to disrupt the target’s organization’s business operations, to steal valuable information for the sake of curiosity, or even to enact revenge.

Goal

The motives and goals depend on the attacker’s state of mind, their reason for carrying out such an activity, and their resources and capabilities. Once they determine their goal, they can?

use tools, attack machines, and methods to exploit vulnerabilities in a computer system or security policy and controls.

Attack Formula

Attacks = Motive (Goal) + Method + Vulnerability

Motives behind information security attacks consists of the following:

• Disrupt business continuity

• Perform information theft

• Manipulating data

• Create fear and chaos by disrupting critical infrastructures

• Bring financial loss to the target

• Propagate religious or political beliefs

• Achieve a state’s military objectives

• Damage the reputation of the target

• Take revenge

• Demand ransom

According to the Information Assurance Technical Framework (IATF), security attacks are classified into five (5) categories which are:

• Passive Attacks

• Active Attacks

• Close-in Attacks

• Insider Attacks

• Distribution Attacks

The intercepting and monitoring of network traffic and data flow on the target network and not tampering with the data.

Passive Attacks

In Passive Attacks, attackers perform _____, or the initial phase where attackers gather information about a target system, network, or organization, on network activities using (tools to intercept and analyze data network traffic

Reconnaissance

In performing reconnaissance, the tools to intercept and analyze data network traffic are called?

Sniffers

(T/F) Passive attacks are difficult to detect as the attacker has no active interaction with the target system or network. Passive attacks also capture the data or files being transmitted in the network without the consent of the user. For instance, an attacker can obtain information such as unencrypted data in transit, clear-text credentials, or other sensitive information that is useful in performing active attacks.

True

Passive Attacks examples include the following:

• Footprinting (a reconnaissance technique used to gather information about a target computer system or network before attempting an attack)

• Sniffing and eavesdropping
• Network traffic analysis
• Decryption of weakly encrypted traffic

The tampering of the data in transit or disrupting communication or services between the systems to bypass or break into secured systems.

Active Attacks

(T/F) Active Attacks launch attacks on the target system or network by sending traffic actively that can be detected. These attacks are performed on the target network to exploit the information in transit. They penetrate or infect the target’s internal network and gain access to a remote system to compromise the internal network.

True

Active Attacks examples include the following:

• Denial-of-Service (DoS) attack

• Bypassing protection mechanisms

• Malware attacks (viruses, worms, ransomware)

• Modification of information

• Spoofing attacks

• Replay attacks

• Password-based attacks

• Man-in-the-Middle Attack

• Backdoor access

These are performed when the attacker is in close physical proximity to the target system or network. The main goal of performing this type of attack is to gather or modify information or disrupt its access.

Close-in Attacks

An attacker might shoulder surf user credentials. Attackers gain proximity through sneaky entry, open access, or both. This is an example of?

Close-in Attacks

What is another example of close-in attacks?

Social engineering (eavesdropping, shoulder surfing, dumpster diving, and other methods)

These are performed by trusted persons who have physical access to the critical assets of the target. It uses privileged access to violate rules or intentionally causes a threat to the organization’s information or information systems.

Insider Attacks

(T/F) In insider attacks, insiders can easily bypass security policies, corrupt valuable resources, and access sensitive information. They misuse the organization’s assets to directly affect the confidentiality, integrity, and availability (CIA triad) of information systems. These attacks impact the organization’s business operations, reputation, and profit. It can be difficult to figure out an insider attack.

True

Insider Attacks examples consists of the following:

• Eavesdropping and wiretapping

• Theft of physical devices

• Social engineering

• Data theft and spoliation (destruction or alteration of evidence resulting from a party's failure to preserve relevant evidence)

• Pod slurping (data theft using a portable storage device like a USB stick or a digital music player)

• Planting keyloggers, backdoors, or malware

These occur when attackers tamper with hardware or software before installation. They tamper with the hardware or software at its source or when it is in transit.

Distribution Attacks

Examples of distribution attacks include what?

Backdoors created by software or hardware vendors at the time of manufacture. Attackers leverage backdoors to gain unauthorized access to the target information, systems, or network

The following lists information security vectors through which an attacker can gain access to a computer or network server to deliver a payload or seek a malicious outcome.

• Cloud computing threats

• Advanced Persistent Threats (APT)

• Viruses and Worms

• Ransomware

• Mobile Threats

• Botnet

• Phishing

• Web Application Threats

• Internet of Things (IoT) Threats

refers to the on-demand delivery of IT capabilities in which IT infrastructure and applications are provided to subscribers as a metered service over a network.

Cloud Computing

Clients can store sensitive information in the cloud. A flaw in one client’s application cloud could potentially allow attackers to access another client’s data.

Cloud Computing Threats

An attack that focuses on stealing information from the victim machine without its user being aware of it. These attacks are generally targeted at large companies and government networks.

Advanced Persistent Threats (APT)

(T/F) As APT attacks are slow, their effect on computer performance and Internet connections is negligible. APTs exploit vulnerabilities in the applications running on computers, operating systems, and embedded systems.

True

These are the most prevalent networking threats and are capable of infecting a network within seconds.

Viruses and Worms

This is a self-replicating program that produces a copy of itself by attaching to another computer program, boot sector, or document. They make their way into the computer when the attacker shares a malicious file containing it with the victim through the Internet or any removable media.

Virus

This is a malicious program that replicates, executes, and spreads across network connections. These enter a network when the victim downloads a malicious file, opens a spam email, or browses a malicious website.

Worm

A malware that restricts access to the computer system’s files and folders and demands an online ransom payment to the malware creator(s) in order to remove the restrictions. It is generally spread via malicious attachments to email messages, infected software applications, infected disks, or compromised websites.

Ransomware

Attackers are increasingly focusing on mobile devices due to the increased adoption of smartphones for business and personal use and their comparatively fewer security controls.

Mobile Threats

(T/F) In mobile threats, users may download malware-infested applications (APKs) onto their smartphones, which can damage other applications and data or reveal sensitive information to attackers. Attackers can remotely access a smartphone’s camera and recording app to view user activities and track voice communications, which can aid them in an attack.

True

A huge network of compromised systems used by attackers to perform Denial-of-Service attacks.

Botnet

In a botnet, these perform tasks such as uploading viruses, sending emails with botnets attached to them, stealing data, and so on. Antivirus programs might fail to find—or even scan for—spyware or botnets. Hence, it is essential to deploy programs specifically designed to find and eliminate such threats.

Bots

The practice of sending an illegitimate email falsely claiming to be from a legitimate site in an attempt to acquire a user’s personal or account information. This is done by distributing malicious links via some communication channel or email to obtain private information such as account numbers, credit card numbers, and mobile numbers from the victim.

Phishing

(T/F) In Phishing, attackers design emails to lure victims in such a way that they appear to be from some legitimate source, or at times, they send malicious links that resemble a legitimate website.

True

Attacks such as SQL injection and cross-site scripting have made web applications a favorable target for attackers to steal credentials, set up phishing sites, or acquire private information.

Web Application Threats

(T/F) Most of these web app attacks are the result of flawed coding and improper sanitization of input and output data from the web application. Web application attacks can threaten the performance of the website and hamper its security.

True

IoT devices connected to the Internet have little or no security, which makes them vulnerable to various types of attacks. These devices include software applications used to access the device remotely.

Internet of Things (IoT) Threats

(T/F) Due to hardware constraints such as memory and battery, these IoT applications do not include complex security mechanisms to protect the devices from attacks. These drawbacks make IoT devices more vulnerable and allow attackers to access the device remotely and perform various attacks.

True

These are a system of rules and guidelines that are enforced by a particular country or community to govern behavior.

Laws

This is a document established by consensus and approved by a recognized body that provides, for common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.

Standard

This is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.

Payment Card Industry Data Security Standard (PCI DSS)

The following describes Payment Card Industry Data Security Standard (PCI DSS):

• This standard offers robust and comprehensive standards and supporting materials to enhance payment card data security.

• These materials include a framework of specifications, tools, measurements, and support resources to help organizations ensure the safe handling of cardholder information.

• Applies to all entities involved in payment card processing, including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data.

• Comprises a minimum set of requirements for protecting cardholder data.

• Failure to meet the PCI DSS requirements may result in fines or termination of payment-card processing privileges.

This specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization. It includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

ISO/IEC 27001:2013

ISO/IEC 27001:2013 are from?

International Organization for Standardization and International Electrotechnical Commission

The ISO/IEC 27001:2013 regulation is intended to be suitable for several different uses, including:

• Use within organizations to formulate security requirements and objectives

• Use within organizations as a way to ensure that security risks are cost-effectively managed

• Use within organizations to ensure compliance with laws and regulations

• Defining new information security management processes

• Identifying and clarifying existing information security management processes

• Use by the management of organizations to determine the status of information security management activities

• Implementing business-enabling information security

• Use by organizations to provide relevant information about information security to customers

wippp —> Health Insurance Portability and Accountability Act (HIPAA)