Untitled

Questions and Answers

Which of the following scenarios best illustrates a compromise of integrity within the CIA triad?

• Confidential business emails are intercepted by a competitor.
• A student changes their grades by directly altering records stored on the university server. (correct)
• A hospital's patient database is encrypted, making it inaccessible to doctors and nurses.
• A company's website is overwhelmed by bot traffic, causing it to become unavailable to legitimate customers.

A financial institution implements multi-factor authentication and encrypts all customer data. Which aspect(s) of the CIA triad are they primarily addressing?

• Only Availability.
• Confidentiality and Integrity. (correct)
• Confidentiality and Availability.
• Confidentiality, Integrity, and Availability.

A company wants to ensure that its critical services remain operational even during a cyberattack. Which of the following strategies would best support the 'Availability' principle of the CIA triad?

• Installing intrusion detection systems to monitor network traffic.
• Using complex passwords and multi-factor authentication.
• Implementing strong firewalls to prevent unauthorized access.
• Regularly backing up data to an offsite location. (correct)

Consider a scenario where a malicious actor gains unauthorized access to a company's network and subtly alters financial records to divert funds. Which two principles of the CIA triad are most directly compromised?

Confidentiality and Integrity. (A)

An e-commerce website uses SSL/TLS encryption to protect customer data during transmission. This measure primarily addresses which aspect of the CIA triad?

Confidentiality (C)

An organization is implementing a new authentication service. What level of impact should be assigned if a breach is expected to cause noticeable disruptions and financial losses but not threaten the organization's long-term viability?

Moderate (C)

Which of the following is a critical consideration when developing a security mechanism, beyond just selecting an appropriate algorithm?

Determining physical and logical placement of security mechanisms. (A)

Why are 'zero-day' vulnerabilities particularly challenging to defend against?

No patches or updates are available at the time of exploitation. (A)

In the context of cybersecurity, what is a key challenge posed by the increasing complexity of modern IT environments?

Ensuring consistent security policies across diverse and interconnected systems. (B)

How does the asymmetry between attackers and defenders affect cybersecurity strategies?

Attackers need to find only one weakness, while defenders must eliminate all. (B)

Which of the following scenarios primarily represents a threat to the integrity of data assets in a computer system?

A disgruntled employee modifies sensitive financial records to embezzle funds. (D)

Which action exemplifies an active attack initiated by an outsider?

Gaining unauthorized access to a database and deleting critical data records. (C)

An organization implements a new firewall to control network access. However, a misconfiguration in the firewall rules allows unauthorized access to a critical server. This scenario primarily illustrates which concept?

The introduction of new vulnerabilities by countermeasures. (C)

A company encrypts all its sensitive data at rest and in transit. Which security goal is MOST directly addressed by this countermeasure?

Confidentiality (A)

An organization suffers a data breach despite having implemented various security measures. After the incident, a security audit reveals several unpatched vulnerabilities. What is this an example of?

The presence of residual vulnerabilities after countermeasures. (A)

Which approach to security implementation is most effective in mitigating cyber threats?

Integrating security as a fundamental component of the system design process from the outset. (D)

What is the primary goal of a countermeasure in the context of cybersecurity?

To impair adversarial activities and prevent unauthorized access to sensitive information. (D)

Which of the following factors is crucial when evaluating risk associated with a potential cyber security event?

The likelihood of the event occurring and the potential adverse impacts. (D)

A company's database containing customer financial information is breached due to a known software flaw that was not patched. Which security element failed, leading to this incident?

Vulnerability (C)

An organization experiences a series of unauthorized login attempts on its web server, disrupting services for legitimate users. What type of cyber security element is primarily in play in this scenario?

Adversary (threat agent) (D)

Flashcards

Cybersecurity

Protecting systems, networks, and data from digital attacks, unauthorized access, damage, or theft.

CIA Triad

A model for security policies: Confidentiality, Integrity, and Availability.

Confidentiality

Ensuring information is accessible only to authorized users.

Integrity

Protecting information from being altered or tampered with by unauthorized parties.

Availability

Ensuring authorized users have access to information and resources when needed.

Level of Impact

The degree of adverse effect on operations, assets, or individuals if a loss occurs.

Social Engineering Attacks

Attacks that exploit human psychology to gain unauthorized access.

Zero-Day Vulnerabilities

Previously unknown vulnerabilities exploited before a vendor is aware.

Complexity of Systems

Modern IT environments have interconnected systems, cloud services and IoT devices.

Security Asymmetry

Attackers need one weakness, defenders need perfect security.

Adversary (Threat Agent)

An individual, group, organization, or government intending to conduct detrimental activities.

Attack

Malicious activity that attempts to harm information systems or the data they contain.

Countermeasure

A device or technique that reduces or eliminates the operational effectiveness of undesirable activity.

Vulnerability

A weakness in a system that a threat source can exploit.

Security Policy

A set of rules defining how to maintain security for systems and data.

Hardware Asset

Physical components (e.g., servers, workstations) of a computer system.

Software Asset

Programs, operating systems, and data that instruct the hardware.

Data Asset

Facts and figures with meaning and context within a computer system.

Security Attack

An action that violates security, potentially harming assets.

Study Notes

• Cybersecurity protects systems, networks, and data from digital attacks, unauthorized access, damage, or theft.
• It uses technologies, processes, and practices to safeguard information and ensure confidentiality, integrity, and availability of data.
• Cybersecurity aims to protect critical infrastructure, personal and corporate information while enabling safe and reliable operation of digital systems.
• NIST defines cybersecurity as measures and controls that ensure confidentiality, integrity, and availability of hardware, software, firmware, and information assets.

CIA Triad

• Confidentiality: Ensures information is accessible only to authorized users
• Integrity: Protects information from being altered or tampered with
• Availability: Ensures authorized users have access to information and resources when needed
• Encryption of sensitive data like credit card numbers in e-commerce transactions is an example of Confidentiality.
• Student grades are another example of Confidentiality.
• Checksums or hash functions verify that a file has not been tampered with during transfer, as an example of Integrity.
• Patient information also requires Integrity
• Implementing redundant systems and regular backups to keep websites online even during hardware failures, or DDoS attacks, ensures Availability
• Authentication service also ensures Availability

Level of Impact

• Low: Limited adverse effect on organizational operations, assets, or people
• Moderate: Serious adverse effect on organizational operations, assets, or people
• High: Severe or catastrophic adverse effect on organizational operations, assets, or people

Cybersecurity Challenges

• Cybersecurity involves complexities that may not be obvious to novices
• Developing security mechanisms requires considering potential attacks on security features
• Determining physical and logical placement of security measures is necessary
• Security requires participants to possess and protect secret information
• Humans are often the weakest link and subject to social engineering attacks (e.g. phishing)
• Zero-day vulnerabilities are previously unknown exploits for which no patches are available
• Complexity of IT systems with interconnected systems, cloud services, IoT devices, and mobile platforms poses a major challenge
• Rapid technological change requires adapting security practices quickly

Cyber Security Terminology

• Adversary (threat agent): An individual, group, organization, or government that conducts or intends to conduct detrimental activities
• Attack: Any malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources
• Countermeasure: A device or technique aimed at impairing the effectiveness of undesirable activity or preventing espionage, sabotage, theft, or unauthorized access.
• Risk: A measure of the extent to which an entity is threatened by a potential event, based on the likelihood of occurrence and the impacts
• Security Policy: A set of rules for providing security services to maintain secure systems and data
• System Resource (Asset): A major application, support system, program, facility, system, or resource
• Threat: Any circumstance or event with the potential to adversely impact organizational operations, assets, or individuals.
• Vulnerability: Weakness in a system that could be exploited by a threat source

Assets Of A Computer System

• Hardware
• Software
• Data
• Communication facilities and networks

Vulnerabilities, Threats, and Attacks

• Vulnerabilities as Corrupted that leads to loss of integrity
• Vulnerabilities are Leaky that means loss of confidentiality
• Vulnerabilities as Unavailable or very slow resulting to loss of availability
• Threats are capable of exploiting vulnerabilities and represent potential security harm to assets
• Attacks represent threats carried out
• Passive Attacks attempt to learn information without affecting system resources
• Active Attacks attempt to alter system resources or affect their operation
• Insider Attacks are initiated by an entity inside the security perimeter
• Outsider Attacks are initiated from outside the security perimeter

Countermeasures

• Means used to deal with security attacks
• Prevent, Detect, and Recover
• May itself introduce new vulnerabilities
• Residual vulnerabilities may remain
• Goal is to minimize residual level of risk to the assets

Computer & Network Asset Integrity

• Hardware: Stolen or disabled equipment denies service
• Software: Deleted programs deny access to users
• Data: Deleted files deny access to users
• Communication: Destroyed or unavailable communication lines and networks

Computer & Network Asset Confidentiality

• Hardware: Stolen unencrypted CD-ROM or DVD
• Software: Unauthorized software copies made
• Data: Unauthorized data read, statistical analysis reveals data
• Communication: Read messages, observed traffic patterns

Computer & Network Asset Integrity Examples

• Hardware: Modifications to make fail during the execution of the intended task
• Software: A working program is modified to make it fail or cause an unintended task.
• Data: Existing files are modified or new files are fabricated.
• Communication: Messages are modified, delayed, reordered, or duplicated; false fabricated
• Passive attacks intercept or monitor communications or data without changing them
• Gathers information (e.g., eavesdropping or capturing network traffic)
• Difficult to detect
• Examples: -Eavesdropping, or listening to private communications or capturing data packets Traffic Analysis to observe communication patterns to deduce information such as frequency

Active Attack Details

• Active attacks attempt to alter, disrupt, or damage a system, network, or data
• Unlike passive attacks, involve direct interaction, altering/injecting/deleting data disruptive
• Easier to detect than passive attacks
• Examples:
• Man-in-the-Middle (MitM): Intercepting and altering communications
• Denial of Service (DoS): Overwhelms w/ traffic to cause unavailability to others
• Spoofing: Uses false identity to gain unauthorized access or disrupt users

Passive and Active Attack Comparison

• Passive attacks attempt to learn or make use of system information, without affecting system resources
• Involves only eavesdropping on, or passive monitoring of transmissions. Attacker only has to obtain transmitted information Two types: Release of message contents and Traffic analysis
• Active attacks attempt to alter system resources or to affect their operation.
• Involves some modification of the data stream or the creation of a false statement.
• Four categories:
• Replay
• Masquerade
• Modification of messages
• Denial of service

Offensive and Defensive Security

• Offensive security: Breaking into systems, exploiting bugs, and finding loopholes to gain unauthorized access
• Defensive security: Protecting an organization's network and systems by finding potential digital threats, analyzing them, and securing them.

Careers in Cyber Security

• Security Analyst: Monitors networks for breaches and implements security measures
• Security Engineer: Designs, implements, and maintains security systems
• Penetration Tester (Ethical Hacker): Tests systems for vulnerabilities by simulating cyberattacks
• Incident Responder: Responds to and mitigates security incidents and breaches
• Cybersecurity Consultant: Advises organizations on how to protect networks and data
• Security Operations Center (SOC) Analyst: Monitors, detects, and responds to security incidents in real-time.