Cybersecurity Final version 2

Risk

Likelihood that something bad will happen to an asset

Threat

Any action that could damage an asset

Vulnerability

A weakness that allows a threat to be realized or to have an effect on an asset

Cryptography

Practice of hiding data and keeping it away from unauthorized users

Encryption

The process of transforming data from cleartext into ciphertext

Ciphertext

The scrambled data that is the result of encrypting cleartext

Cleartext

Regular

Integrity

Maintain valid

Availabioolity

The amount of time users can use a system

Uptime

Measure of how long a computer system has been operating without restarting.

Downtime

Refers to a period of time when a system is unavailable

Availability formula

A \= (Total Uptime)/(Total Uptime + Total Downtime)

Mean time to failure (MTTF)

The expected time until the first failure of a piece of equipment

Mean Time to Repair (MTTR)

The average time required to repair a system or piece of equipment

Mean Time Between Failures (MTBF)

the average length of time between failures of a product or component

Recovery Time Objective (RTO)

The overall length of time an information system's components can be in the recovery phase before negatively impacting the organization's mission or processes

Recovery Point Objective (RPO)

Maximum amount of data that can be lost without substantial impact

What is the weakest link in the security of an IT Infrastructure

The user

Policy

A short written statement that defines a course of action that applies to entire organization

Standard

A detailed written definition of how software and hardware are to be used

Procedures

Written instructions for how to use policies and standards

Guidelines

Suggested course of action for using policy

Private data

Classification standard: Data about people that must be kept private

Confidential

Classification standard: Information or data owned by the organization

Internal use only

Classification standard: Information or data shared internally by an organization

Public domain data

Classification standard: Information or data shared with the public

Minimum level of classification levels

Three

Real-time

Occurs instantaneously

Store-and-forward

Acceptable delay in transmitting communication

E-commerce

Sale of goods and services on the internet

Business-to-consumer (B2C)

Customers purchase goods and services directly from their website

Business-to-business (B2B)

Businesses conduct sales with other businesses

Payment Card Industry Data Security Standard (PCI DSS)

Protects private customer data

Black-hat

A hacker who attacks systems and exposes vulnerabilities with malicious intent most often for monetary gain

White-hat

A hacker who exposes security flaws in
applications and operating systems so
manufacturers can fix them before they
become widespread problems.

Gray-hat

A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical

Crackers

A type of hacker who specializes in breaching copy protection on software allowing it to be pirated

What is a Security Breach?

Any event that results in a violation of any of the CIA security tenets

Denial of Service Attack

A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks

Unacceptable Web Browsing

Defined in an acceptable use policy (AUP)

Backdoors

Hidden access included by developers

Disclosure threats

Sabotage

Alteration threats

Unauthorized changes

Denial or destruction threats

DoS attack

Virus

-Attaches itself to or copies itself into another program on a computer
-Tricks the computer into following instructions not intended by the original program developer
-Infects a host program any may cause that host program to replicate itself to other computers
-User who runs infected program authenticates the virus

Worm

-A self-contained program that replicates and sends copies of itself to other computers without user input or action
-Does not need a host program to infect
-Is a standalone program

Trojan Horse

-Malware that masquerades as a useful program
-Trojans can:
-Hide programs that collect sensitive information
-Open backdoors into computers
-Actively upload and download files

Logic Bomb

Malware which wats for a particular condition to exist (e.g. no input for a certain time period

a certain time and date

etc.) and then does something malicious.

Rootkit

-Modifies or replaces one or more existing programs to hide traces of attacks
-Many different types of rootkits
-Conceals its existence one installed
-Is difficult to detect and remove

Spyware

A type of malware that specifically threatens the confidentiality of information

Firewall

-Program or dedicated hardware device
-Inspects network traffic passing through it
-Denies or permits traffic based on a set of rules

Business Impact Analysis (BIA)

An analysis of an organization's functions and activities that classifies them as critical or noncritical

Business Continuity Plan (BCP)

A written plan for a structured response to any events that result in an interruption to critical business activities or functions

Disaster

An event that affects multiple business processes for an extended period

Disaster Recovery Plan (DRP)

A written plan including specific steps and procedures to recover from a disaster

Hot site

Has environmental utilities

Warm site

Has environmental utilities and basic computer hardware

Cold site

Has basic environmental utilities but no infrastructure components

Mobile site

Trailer with necessary environmental utilities

Security gap

Difference between the security controls in place and controls you need to address vulnerabilities

Gap analysis

Comparison of the security controls in place and the controls you need to address all identified threats

Sarbanes-Oxley Act (SOX)

requires all financial reports to include an internal controls report

Health Insurance Portability and Accountability Act (HIPAA)

a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed with the patient's consent or knowledge

Gramm-Leach-Bliley Act (GLBA)

Requires organizations to explain their information-sharing practices to their customers and to safeguard sensitive data

Federal Information Security Modernization Act (FISMA)

Requires stricter guidelines for how data is handled in order to reduce risk of a cyberattack

Government Information Security Reform Act (Security Reform Act) of 2000

a federal law requiring offices of the U.S. government to develop a security program to assess its risk to security threats and ways to protect from them

Authentication

verifying the identity of the person or device attempting to access the system

Authorization

Controlling what the user is allowed to do on a system

Physical Access Control

Controls entry into buildings

Logical Access Controls

Controls access to a computer system or network

Intrusion Detection System (IDS)

A program responsible for identifying attacks

Network-Based Intrusion Detection System (NIDS)

A system for examining network traffic to identify suspicious

host-based intrusion detection system (HIDS)

Software processes or services designed to run on server computers

Demilitarized zone (DMZ)

A physical or logical subnetwork which contains and exposes an organization's external-facing services to an untrusted

MAC (Media Access Control) address

Unique 48-bit address assigned to each network card. IEEE assigns blocks of possible addresses to various NIC manufacturers to help ensure that the address is always unique. The Data Link layer of the OSI model uses MAC addresses to locate machines.

Black-box testing

Uses test methods that aren't based directly on knowledge of a program's architecture or design

White-box testing

Is based on knowledge of the application's design and source code

Gray-box testing

Lies somewhere in between black-box and white-box testing

Event

A measurable occurrence that has an impact on the business

Incident

Any event that violates or threatens to violate your security policy

Control

Includes both safeguards and countermeasures

Countermeasure

Counters or addresses a specific threat

Single Loss Expectancy (SLE)

The expected monetary loss every time a risk occurs.

Annualized Rate of Occurrence (ARO)

The number of incidents per year

Annualized Loss Expectancy (ALE)

How much monetary loss is expected every year

Critical Business Functions (CBF)

Activities that are vital to your organization's survival and to the resumption of business operations.

Maximum Tolerable Downtime (MTD)

The maximum period of time that a business process can be down before the survival of the organization is at risk.

Emergency Operations Center (EOC)

Physical location identified for coordination of information and resources to support incident management activities.

Decryption

The process of unscrambling ciphertext into plaintext

Alogorithm

A repeatable process that produces the same result when it receives the same input

Cipher

An algorithm to encrypt or decrypt information

Symmetric Encryption

the same key is used to encode and decode

Assymetric Encryption

used in public key encryption

Keyspace

The number of possible keys to a cipher

Open ciphers

Make it possible for experts around the world to examine the ciphers for weaknesses

Data Encryption Standard (DES)

The most scrutinized cipher in history

Cryptanalysis

the study and practice of finding weaknesses in ciphers

Nonrepudiation

Enables you to prevent a party from denying a previous statement or action.

Transposition ciphers

Rearranges characters or bits of data