MIS - Cybersecurity

Q1: What are cybersecurity threats?

Events or conditions that have the potential to cause asset loss and undesirable consequences for organizations. They can arise from various sources and manifest as disruptions, hazards, or malicious activities that compromise information, software, and hardware assets.

Define cybersecurity vulnerabilities

Weaknesses or flaws in a system's security procedures, design, implementation, or controls that can be exploited by malicious actors. These may be present in operating systems, applications, or security policies and can be accidental or intentional.

What is an exploit in cybersecurity?

A specific method or code used by hackers to leverage a vulnerability and execute malicious activities. Exploits can be code snippets, command sequences, or exploit kits designed to take advantage of known flaws.

List and define four common types of cybersecurity breaches.

• Viruses: Self-replicating malicious software that infects files and programs, potentially destroying or corrupting data

• Spyware: Software that secretly collects information about a user's internet activity

• Social Engineering: Manipulative tactics that exploit human trust to obtain confidential information

• Distributed Denial Of Service (DDoS) Attacks: Overwhelm a service with excessive requests, rendering it unavailable to legitimate users

What are the three main components of cybersecurity threat mitigation?

• Threat Prevention: Implementing safeguards like two-factor authentication, encryption, and access controls

• Threat Identification: Using security tools and monitoring systems to detect active threats

• Threat Cure: Applying strategies and tools to minimize the impact of active threats

Name three common social engineering techniques

• Phishing: Sending deceptive emails that appear legitimate to lure victims into clicking malicious links

• Baiting: Offering enticing downloads that lead to malware installation

• Impersonation: Pretending to be a trusted figure to gain access to systems or information

What are the three primary objectives of cybersecurity?

• Protect data, information, and systems from theft, damage, or unauthorized access

• Preserve the integrity of data and systems, ensuring accuracy and consistency

• Authenticate users and systems to ensure only authorized personnel can access sensitive resources

What is integrity in cybersecurity and how is it maintained?

Integrity involves maintaining the accuracy and trustworthiness of data and systems. It's maintained through user-access controls, file permissions, version control, and monitoring systems to detect unauthorized alterations.

List four common authentication methods

• Passwords and PINs

• Biometric verification (fingerprints, facial recognition)

• Two-factor authentication

• Digital certificates and token-based systems

Distinguish between internal and external cybersecurity threats with examples

• External threats: Malware, phishing, social engineering, DDoS attacks, zero-day exploits

• Internal threats: Accidental errors (like deleting critical data) and intentional malicious acts by insiders (sabotage, data theft)

Define spyware and keyloggers.

• Spyware: Secretly monitors user activity, collecting keystrokes, passwords, and browsing habits

• Keyloggers: Record all keystrokes to capture passwords and confidential data; can be hardware or software-based

What is ransomware and how does it typically operate?

Ransomware encrypts data and demands payment (often via untraceable methods like Bitcoin) for decryption keys, effectively holding the victim's data hostage.

Explain rootkits and their primary danger

Rootkits hide within the operating system to maintain undetected control, allowing remote access and manipulation while remaining hidden from detection.

What is adware?

Malware that displays unwanted advertisements and tracks browsing history to generate targeted ads.

What is a Man-in-the-Middle (MITM) attack and what are three common methods?

An attack where an attacker intercepts communication between a user and an application to steal sensitive information. Common methods include:

1. Lookalike domain attacks via phishing

2. Packet sniffing on unsecured networks

3. Session hijacking

What protective measures can prevent MITM attacks?

Encryption, secure protocols (like HTTPS), and vigilant monitoring of network traffic.

What is Probable Maximum Loss (PML) and why is it important?

PML is the worst-case financial impact of a threat calculated through risk analysis. It's important because organizations cannot eliminate all risks due to resource constraints, so PML helps prioritize security investments and resource allocation.

What three factors are involved in calculating PML?

• Assessing assets and their value

• Estimating potential losses from threats like malware, fines, or downtime

• Calculating likelihoods of various breaches

Describe the Plan-Protect-Respond cycle for cybersecurity.

• Plan: Develop comprehensive security plans, policies, procedures, and risk assessments

• Protect: Implement safeguards like employee training, access controls, and security tools

• Respond: Prepare incident response plans for swift action during security events, including communication strategies and post-incident review

Why is the Plan-Protect-Respond cycle important for organizations?

It ensures ongoing resilience and continuous improvement in cybersecurity defenses through a structured, cyclical approach to security management.