CompTIA Security+ SY0-701 Notas de estudio - Udemy
327 Questions
35 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What typically motivates insider threats that engage in data theft?

  • Compliance with regulations
  • Desire for recognition
  • Personal growth
  • Financial gain (correct)
  • Which of the following methods can help mitigate insider threats?

  • Limiting user access completely
  • Increasing employee workloads
  • Encouraging a relaxed security environment
  • Implementing zero-trust architecture (correct)
  • What is an example of Shadow IT?

  • Consulting IT before any software changes
  • Employees using unauthorized applications (correct)
  • IT managing all technology projects
  • Using company-approved software
  • What is a primary motivation for individuals who commit sabotage as an insider threat?

    <p>Revenge for perceived wrongs</p> Signup and view all the answers

    Which factor contributes to the unchecked existence of Shadow IT within organizations?

    <p>Organizational lack of awareness</p> Signup and view all the answers

    Why are regular audits important in preventing insider threats?

    <p>To identify security weaknesses</p> Signup and view all the answers

    Which is a common unintentional cause of insider threats?

    <p>Carelessness or lack of awareness</p> Signup and view all the answers

    What role do robust access controls play in cybersecurity?

    <p>They secure permissions and limit data exposure.</p> Signup and view all the answers

    What is one effective method to ensure data integrity in the face of cybersecurity threats?

    <p>Conduct regular backups</p> Signup and view all the answers

    Why is paying the ransom during a ransomware attack discouraged?

    <p>It can lead to further attacks</p> Signup and view all the answers

    What should you do first if you suspect ransomware has infected your machine?

    <p>Disconnect it from the network</p> Signup and view all the answers

    Which of the following is NOT a good practice for maintaining availability in an organization?

    <p>Ignore software maintenance</p> Signup and view all the answers

    What is the primary role of Multi-Factor Authentication (MFA) in access controls?

    <p>Enhance security by requiring multiple forms of verification</p> Signup and view all the answers

    Which term describes a computer that has been compromised and is used in a botnet?

    <p>Zombie</p> Signup and view all the answers

    What should be done once data and systems have been restored from backups after a ransomware incident?

    <p>Notify authorities and analyze the attack</p> Signup and view all the answers

    Which strategy is vital for preventing data loss and ensuring business continuity?

    <p>Implement a redundant storage strategy</p> Signup and view all the answers

    What is the primary goal of adjusting sensitivity in authentication systems?

    <p>To balance the False Acceptance Rate (FAR) and FRR</p> Signup and view all the answers

    Which method increases security in electronic door locks?

    <p>Implementing multiple authentication factors</p> Signup and view all the answers

    What type of lock is commonly used in high-security areas like server rooms?

    <p>Cipher Locks</p> Signup and view all the answers

    Which technologies are primarily used in contactless authentication?

    <p>RFID and NFC</p> Signup and view all the answers

    What is the process of copying data from an RFID or NFC card to another device called?

    <p>Access Badge Cloning</p> Signup and view all the answers

    What is a primary characteristic of redundancy strategies in cybersecurity?

    <p>To eliminate single points of failure</p> Signup and view all the answers

    Which of the following best describes non-repudiation in cybersecurity?

    <p>The guarantee that a sender cannot deny sending a message</p> Signup and view all the answers

    What role do access controls play in cybersecurity?

    <p>They determine user permissions and access levels</p> Signup and view all the answers

    Which of the following is NOT a method used to mitigate impersonation attacks?

    <p>Ignore unsolicited communication</p> Signup and view all the answers

    What motivates individuals to comply with social engineering demands under the principle of authority?

    <p>Perceived expertise and trustworthiness of the requester</p> Signup and view all the answers

    Which type of phishing specifically targets high-profile individuals for potentially greater rewards?

    <p>Whaling</p> Signup and view all the answers

    Which of the following describes a key indicator of a phishing attack?

    <p>Request for immediate action with an urgent tone</p> Signup and view all the answers

    What is the key difference between identity fraud and identity theft?

    <p>Identity theft is a broader term that encompasses identity fraud as a specific type of crime.</p> Signup and view all the answers

    What is the best way to prevent baiting attacks?

    <p>Train users not to use unverified devices that are found</p> Signup and view all the answers

    Which attack method involves an adversary manipulating a distraction to steal items?

    <p>Diversion Theft</p> Signup and view all the answers

    Which of the following is a common method to combat typosquatting?

    <p>Registering common misspellings of domain names</p> Signup and view all the answers

    Which of the following methods is most effective in ensuring data integrity in card-based authentication systems?

    <p>Implementing advanced encryption</p> Signup and view all the answers

    What redundancy strategy can help prevent access control failures?

    <p>Implementing Multi-Factor Authentication (MFA)</p> Signup and view all the answers

    What is the most critical aspect of maintaining availability in information systems?

    <p>Monitoring and auditing access logs</p> Signup and view all the answers

    Which access control method is most effective against impersonation attacks?

    <p>User education and awareness</p> Signup and view all the answers

    What is a key characteristic of non-repudiation in cybersecurity?

    <p>Proof of the origin and integrity of data</p> Signup and view all the answers

    Which of the following is an example of a social engineering tactic that targets user behavior?

    <p>Creating urgency through phishing emails</p> Signup and view all the answers

    Which approach is most effective for combating business email compromise?

    <p>Educating users about phishing techniques</p> Signup and view all the answers

    In the context of social engineering, what is the purpose of creating a pretext?

    <p>To establish an identity to gain trust</p> Signup and view all the answers

    The CompTIA Security+ (SY0-701) exam consists of five domains of knowledge, with Security Operations constituting the highest percentage.

    <p>True</p> Signup and view all the answers

    Adjusting sensitivity can decrease the Crossover Error Rate (CER) in authentication systems.

    <p>False</p> Signup and view all the answers

    Cipher locks require a biometric scan for access.

    <p>False</p> Signup and view all the answers

    Access badge cloning involves copying data from an RFID or NFC card onto unauthorized devices.

    <p>True</p> Signup and view all the answers

    The utilization of multiple factors in electronic door locks hinders security.

    <p>False</p> Signup and view all the answers

    Radio Frequency Identification (RFID) technology is mainly used for wired connections in authentication.

    <p>False</p> Signup and view all the answers

    Mechanical cipher locks are commonly utilized in everyday home security systems.

    <p>False</p> Signup and view all the answers

    Hacktivists primarily seek financial gain from their activities.

    <p>False</p> Signup and view all the answers

    DDoS attacks involve the overwhelming of a victim's systems to prevent access for legitimate users.

    <p>True</p> Signup and view all the answers

    The technique known as doxing is aimed at protecting an individual's private information.

    <p>False</p> Signup and view all the answers

    Nation-state actors conduct cyber operations primarily for social change.

    <p>False</p> Signup and view all the answers

    Anonymous is a well-known group of hacktivists that targets organizations perceived as unethical.

    <p>True</p> Signup and view all the answers

    Organized cybercrime groups aim to promote social justice through their activities.

    <p>False</p> Signup and view all the answers

    Advanced persistent threats (APTs) are characterized by their inability to remain undetected for long periods.

    <p>False</p> Signup and view all the answers

    Custom malware is less sophisticated than common phishing campaigns.

    <p>False</p> Signup and view all the answers

    False flag attacks are designed to mislead investigators about the true origin of the attack.

    <p>True</p> Signup and view all the answers

    Hacktivism includes activities that are generally accepted as ethical and lawful.

    <p>False</p> Signup and view all the answers

    A security posture that is too complex can negatively impact business operations.

    <p>True</p> Signup and view all the answers

    The attack surface refers to the various points where unauthorized users can gain access to a system.

    <p>True</p> Signup and view all the answers

    Vhishing is a type of phishing specifically conducted through email communications.

    <p>False</p> Signup and view all the answers

    Honeypots are real systems set up to attract potential attackers for the purpose of defense.

    <p>False</p> Signup and view all the answers

    MAC address cloning is a method used to enhance network security by altering MAC addresses.

    <p>False</p> Signup and view all the answers

    Baiting refers to leaving a malware-infected USB drive in a location where a target might find it.

    <p>True</p> Signup and view all the answers

    Unsecure networks are significantly safer than secured networks when it comes to preventing attacks.

    <p>False</p> Signup and view all the answers

    Bluetoothe-based exploits like BlueBorne allow attackers to take over devices without any user interaction.

    <p>True</p> Signup and view all the answers

    Surveillance systems can only include video surveillance methods.

    <p>False</p> Signup and view all the answers

    Access Control Vestibules are designed to allow both doors to open simultaneously.

    <p>False</p> Signup and view all the answers

    Baiting involves leaving a malware-infected physical device in a place where it will not be found by a victim.

    <p>False</p> Signup and view all the answers

    Typosquatting is a type of cyber attack that exploits common typographical errors in web addresses.

    <p>True</p> Signup and view all the answers

    Whaling refers to phishing attacks targeting average employees within an organization.

    <p>False</p> Signup and view all the answers

    Shoulder surfing can include using high-powered cameras to gather personal information from a distance.

    <p>True</p> Signup and view all the answers

    Pretexting is a method where an attacker divulges personal information to manipulate the victim into providing more information.

    <p>True</p> Signup and view all the answers

    Fear is not a motivational trigger used by social engineers to persuade individuals to comply with their requests.

    <p>False</p> Signup and view all the answers

    Eavesdropping involves listening to private conversations without the consent of the involved parties.

    <p>True</p> Signup and view all the answers

    Diversion theft involves creating a distraction to steal information rather than physical objects.

    <p>False</p> Signup and view all the answers

    The primary difference between identity fraud and identity theft is that identity fraud solely involves the use of stolen credit card information.

    <p>False</p> Signup and view all the answers

    Cleaning desks and desktops can help prevent dumpster diving attacks.

    <p>True</p> Signup and view all the answers

    What factor relies on a user conducting a unique action to prove their identity?

    <p>Action Factor</p> Signup and view all the answers

    Which mechanism is primarily responsible for managing user permissions after authentication?

    <p>Authorization</p> Signup and view all the answers

    What is a key purpose of a robust accounting system in an organization?

    <p>To create detailed audit trails</p> Signup and view all the answers

    Which technology is utilized to ensure a comprehensive analysis of security alerts in real-time?

    <p>Security Information and Event Management (SIEM) Systems</p> Signup and view all the answers

    What does the term 'audit trail' refer to in the context of accounting?

    <p>A sequential record of activities</p> Signup and view all the answers

    What factor is particularly associated with verifying a user's physical or behavioral characteristics?

    <p>Something you are</p> Signup and view all the answers

    What is NOT a benefit of effective authorization mechanisms?

    <p>Reduction of user privileges</p> Signup and view all the answers

    In the context of network monitoring, what would a network analysis tool be primarily used for?

    <p>To capture and analyze traffic data</p> Signup and view all the answers

    What is a critical role of accounting in cybersecurity?

    <p>To track user activities during transactions</p> Signup and view all the answers

    Which of the following is least likely to be a goal of implementing Multi-Factor Authentication (MFA)?

    <p>To reduce the complexity of the login process</p> Signup and view all the answers

    What is the main purpose of operational security controls?

    <p>To manage and protect people’s access to data</p> Signup and view all the answers

    Which characteristic of the zero trust model emphasizes user validation?

    <p>No trust is given by default</p> Signup and view all the answers

    Which type of security control primarily focuses on preventing security breaches before they happen?

    <p>Preventative Controls</p> Signup and view all the answers

    What is a key factor that differentiates threats from vulnerabilities?

    <p>Vulnerabilities can exist independently of threats</p> Signup and view all the answers

    Which method is not typically used to maintain the integrity of data?

    <p>Data Masking</p> Signup and view all the answers

    Which of the following is a major purpose of implementing redundancy in systems?

    <p>To improve availability and reliability</p> Signup and view all the answers

    What does non-repudiation in digital communications aim to achieve?

    <p>To provide undeniable proof of participation</p> Signup and view all the answers

    Why is access control crucial for maintaining confidentiality?

    <p>It verifies user identities and permissions</p> Signup and view all the answers

    Which of the following is NOT typically considered an internal factor leading to vulnerabilities?

    <p>Data integrity breaches</p> Signup and view all the answers

    What is the primary benefit of conducting regular audits in an organization?

    <p>To verify compliance with regulations</p> Signup and view all the answers

    Which of the following methods contributes most to achieving data availability?

    <p>Server Redundancy</p> Signup and view all the answers

    Which information governance principle focuses on the authorized modification of data?

    <p>Integrity</p> Signup and view all the answers

    What is one of the primary goals of risk management in cybersecurity?

    <p>To minimize the likelihood of negative outcomes</p> Signup and view all the answers

    What aspect of data governance does encryption primarily support?

    <p>Confidentiality of sensitive information</p> Signup and view all the answers

    Which of the following best describes technical controls in security?

    <p>Technologies, hardware, and software mechanisms implemented to manage risks</p> Signup and view all the answers

    What is the main purpose of corrective controls?

    <p>To minimize damage and restore normalcy after an incident</p> Signup and view all the answers

    What distinguishes a business gap analysis from a technical gap analysis?

    <p>It assesses business processes and identifies capability shortfalls</p> Signup and view all the answers

    In a zero trust architecture, which plane is responsible for the execution of access policies?

    <p>Data Plane</p> Signup and view all the answers

    Which of the following best describes directive controls?

    <p>Policies that guide user actions within an organization</p> Signup and view all the answers

    Which type of security control aims to discourage potential attackers by making their efforts more challenging?

    <p>Deterrent Controls</p> Signup and view all the answers

    What is the ultimate goal of conducting a gap analysis?

    <p>To bridge the gap between current and desired performance</p> Signup and view all the answers

    What role does the Policy Engine play in a zero trust framework?

    <p>Cross-references access requests against predefined policies</p> Signup and view all the answers

    Which of the following best illustrates compensating controls?

    <p>Alternative measures when primary controls are not effective</p> Signup and view all the answers

    What is the primary difference between the intent and motivation of a threat actor?

    <p>Intent defines the specific goal, whereas motivation refers to the underlying reasons.</p> Signup and view all the answers

    Which type of threat actor is primarily driven by philosophical or political beliefs?

    <p>Hacktivists</p> Signup and view all the answers

    What is the main purpose of honeypots in cybersecurity?

    <p>To attract and deceive attackers for the purpose of observation.</p> Signup and view all the answers

    What distinguishes a script kiddie from more sophisticated threat actors?

    <p>Script kiddies rely on pre-made tools rather than developed sophistication.</p> Signup and view all the answers

    Which of the following motivations is primarily associated with organized crime cyberattacks?

    <p>Financial gain</p> Signup and view all the answers

    Which type of attack is characterized by individuals acting on behalf of their government to gather intelligence?

    <p>Nation-state attacks</p> Signup and view all the answers

    What type of unauthorized access alert does a honeytoken provide?

    <p>Alerts when fake data is accessed or used.</p> Signup and view all the answers

    Which of the following represents the lowest technical skill level among threat actors?

    <p>Script kiddies</p> Signup and view all the answers

    Which motivation could lead attackers to disrupt services as a form of protest?

    <p>Disruption or chaos</p> Signup and view all the answers

    In the context of threat actors, what does the term 'insider threats' refer to?

    <p>Threats posed by individuals within an organization.</p> Signup and view all the answers

    What is the primary motivation of unskilled attackers, also known as script kiddies, when executing cyberattacks?

    <p>To rely on tools created by others</p> Signup and view all the answers

    What distinguishes hacktivists from organized cybercrime groups?

    <p>Hacktivists are motivated by ideological beliefs</p> Signup and view all the answers

    What technique do nation-state actors utilize to mislead investigators regarding the origin of an attack?

    <p>False flag attack</p> Signup and view all the answers

    Which of the following accurately describes the nature of advanced persistent threats (APTs)?

    <p>They involve prolonged and stealthy cyberattacks</p> Signup and view all the answers

    What is the primary goal of organized cybercrime groups in their attacks?

    <p>Achieving financial gain</p> Signup and view all the answers

    In terms of technical capabilities, how do organized crime groups typically compare to unskilled attackers?

    <p>They have advanced technical capabilities</p> Signup and view all the answers

    What form of electronic malfeasance is categorically recognized as vandalism and typically involves altering a website's appearance?

    <p>Website defacement</p> Signup and view all the answers

    What differentiates hacktivists from nation-state actors in their cyber operations?

    <p>Hacktivists are driven by ideology rather than state-sponsored agendas</p> Signup and view all the answers

    Which of the following best describes the activities of a hacktivist group like Anonymous?

    <p>Targeting organizations for perceived ethical violations</p> Signup and view all the answers

    What is the main distinction between threat vectors and attack surfaces in cybersecurity?

    <p>Threat vectors refer to the methods of attack, whereas attack surfaces encompass points of unauthorized access.</p> Signup and view all the answers

    Which of the following statements accurately reflects the motivations behind insider threats?

    <p>Some insider threats act due to a sense of revenge, while others may be careless.</p> Signup and view all the answers

    What is one key risk associated with the practice of Bring Your Own Devices (BYOD)?

    <p>Personal devices may lack adequate security measures for sensitive data.</p> Signup and view all the answers

    In the context of unsecure networks, which of the following vulnerabilities is NOT typically associated with physical access to network infrastructure?

    <p>Data Sniffing through encryption</p> Signup and view all the answers

    Which of the following describes a scenario effectively using baiting as an attack method?

    <p>An attacker leaves an infected USB drive in a public space to lure victims.</p> Signup and view all the answers

    How can organizations minimize their attack surface effectively?

    <p>By removing unnecessary software and restricting access to essential services.</p> Signup and view all the answers

    Which lesser-known attack vector involves using direct voice communication to extract sensitive information?

    <p>Vhishing</p> Signup and view all the answers

    Which of the following statements is TRUE regarding the effectiveness of zero-trust architecture in cybersecurity?

    <p>Zero-trust architecture is designed to minimize insider threats by not trusting any user by default.</p> Signup and view all the answers

    What combination of motivations can drive individuals to act as insider threats?

    <p>Factors can include personal grievances, financial gain, or negligence.</p> Signup and view all the answers

    What is the primary purpose of access control vestibules in secure areas?

    <p>To ensure only one door is open at a time</p> Signup and view all the answers

    Which authentication method relies on physical characteristics for access control?

    <p>Biometrics</p> Signup and view all the answers

    What is a significant challenge associated with biometric authentication systems?

    <p>False Rejection Rate (FRR)</p> Signup and view all the answers

    What crucial step follows data extraction in the badge cloning process?

    <p>Writing the extracted data onto a new card</p> Signup and view all the answers

    Which electronic lock type is considered more secure than traditional padlocks?

    <p>Modern Electronic Door Locks</p> Signup and view all the answers

    What factor is essential in reducing the False Acceptance Rate (FAR) in biometric systems?

    <p>Increasing scanner sensitivity</p> Signup and view all the answers

    Which security measure can help prevent access badge cloning effectively?

    <p>Using advanced encryption in authentication systems</p> Signup and view all the answers

    What is the difference between piggybacking and tailgating in access control scenarios?

    <p>Tailgating involves consent while piggybacking does not</p> Signup and view all the answers

    Which type of door lock requires a correct combination to operate?

    <p>Cipher Locks</p> Signup and view all the answers

    What operational aspect do security guards provide at access control vestibules?

    <p>Identity verification and assistance</p> Signup and view all the answers

    What purpose do honeypots serve in network security?

    <p>They attract potential hackers to gather intelligence.</p> Signup and view all the answers

    Which technologies are included in deception and disruption technologies?

    <p>Honeynets and honeytokens.</p> Signup and view all the answers

    What is the main function of bogus DNS entries?

    <p>To mislead attackers and divert their efforts.</p> Signup and view all the answers

    How do port triggering techniques enhance network security?

    <p>By keeping ports closed until an outbound traffic pattern is detected.</p> Signup and view all the answers

    Which physical security measure is most effective in managing vehicle access?

    <p>Bollards.</p> Signup and view all the answers

    What type of surveillance system can enhance the detection of intrusions?

    <p>Pan-Tilt-Zoom (PTZ) systems.</p> Signup and view all the answers

    Which method is effective in identifying tampering with security devices?

    <p>Implementing redundancy in physical security measures.</p> Signup and view all the answers

    What method can attackers use to obstruct surveillance systems?

    <p>Using strategically positioned objects.</p> Signup and view all the answers

    What is the purpose of using dynamic page generation in cybersecurity?

    <p>To confuse automated scraping tools and bots.</p> Signup and view all the answers

    Which category of sensors detects infrared radiation emitted by warm bodies?

    <p>Infrared sensors.</p> Signup and view all the answers

    Which of the following is NOT a form of access control?

    <p>Brute force attacks.</p> Signup and view all the answers

    What feature of fencing enhances physical security?

    <p>Serves as a visual deterrent.</p> Signup and view all the answers

    Which of the following describes a strategy to bypass surveillance systems?

    <p>Conducting physical tampering.</p> Signup and view all the answers

    Which motivational trigger relies on the principle that individuals are more likely to comply with requests from those they perceive as trustworthy or familiar?

    <p>Familiarity and Likability</p> Signup and view all the answers

    Which social engineering technique involves creating a fabricated scenario to manipulate targets into revealing confidential information?

    <p>Pretexting</p> Signup and view all the answers

    What type of scam involves deceiving individuals into providing sensitive information over the phone?

    <p>Vishing</p> Signup and view all the answers

    Which of the following is designed to create a sense of urgency to manipulate targets into making hasty decisions?

    <p>Scarcity Tactics</p> Signup and view all the answers

    Which method of social engineering specifically targets high-profile individuals, often using personalized attacks?

    <p>Whaling</p> Signup and view all the answers

    What is true about the method known as 'pretexting' in social engineering?

    <p>It requires providing false information to extract more truthful data.</p> Signup and view all the answers

    Which of the following best defines 'typosquatting'?

    <p>Registering domains that sound similar to popular websites with typos.</p> Signup and view all the answers

    Which motivational trigger is most effectively exploited by social engineers to induce immediate action?

    <p>Urgency</p> Signup and view all the answers

    In what way does 'baiting' differ from typical malware attacks?

    <p>It involves the use of physical media left intentionally for victims to find.</p> Signup and view all the answers

    What is a primary characteristic of 'whaling' within the context of phishing?

    <p>It focuses on high-profile individuals for maximal gain.</p> Signup and view all the answers

    What action is primarily taken to combat the threats posed by 'eavesdropping'?

    <p>Encrypting data during transmission.</p> Signup and view all the answers

    Which of the following strategies is least effective in preventing 'diversion theft'?

    <p>Employing emergency response drills.</p> Signup and view all the answers

    What differentiates 'social proof' from 'likability' as a motivational trigger?

    <p>Social proof relies on group behavior while likability is rooted in personal charm.</p> Signup and view all the answers

    What is the primary objective in a 'business email compromise' attack?

    <p>Unauthorized financial transactions using a legitimate email account.</p> Signup and view all the answers

    Which of the following statements about 'dumpster diving' is correct?

    <p>It typically targets confidential documents disposed of carelessly.</p> Signup and view all the answers

    What method is most commonly used in phishing attacks to create a sense of urgency?

    <p>Presenting time-sensitive offers or threats.</p> Signup and view all the answers

    Which is a method used to reduce the risk of 'shoulder surfing'?

    <p>Use privacy screens on devices.</p> Signup and view all the answers

    What distinguishes 'fear' as a motivational trigger in social engineering?

    <p>It can cause people to act against their better judgment for self-preservation.</p> Signup and view all the answers

    What is the best way to respond if an employee falls for a simulated phishing attack during training?

    <p>Analyze the scenario and provide remedial training.</p> Signup and view all the answers

    What is the primary function of a stage one dropper or downloader?

    <p>To retrieve additional portions of malware code</p> Signup and view all the answers

    Which of the following best describes a 'Dropper' in cybersecurity?

    <p>A malware type that initiates or runs other malware</p> Signup and view all the answers

    What does 'Living off the Land' refer to in a cybersecurity context?

    <p>Exploiting standard tools for intrusion by threat actors</p> Signup and view all the answers

    Which indicator could suggest credential theft or brute force attacks on accounts?

    <p>Multiple failed login attempts leading to account lockouts</p> Signup and view all the answers

    What is an essential characteristic of ransomware?

    <p>Demanding payment to decrypt files</p> Signup and view all the answers

    Which of the following indicates a 'Resource Inaccessibility' in malware attacks?

    <p>Sudden loss of access to files with ransom messages</p> Signup and view all the answers

    Which of the following could be a sign of 'Impossible Travel' in account activity?

    <p>Login attempts from geographically distant locations in a short time</p> Signup and view all the answers

    What do indicators of 'Concurrent Session Utilization' imply?

    <p>A user's account may be compromised with multiple active sessions</p> Signup and view all the answers

    What type of malware is typically initialized after a stage one dropper?

    <p>Remote Access Trojan</p> Signup and view all the answers

    Which of the following activities is associated with the 'Actions on Objectives' phase in a malware attack?

    <p>Conducting data exfiltration and file encryption</p> Signup and view all the answers

    What primarily distinguishes a worm from a virus in terms of functionality?

    <p>A worm replicates itself without user interaction.</p> Signup and view all the answers

    Which type of virus is designed to avoid detection by changing its code each time it executes?

    <p>Polymorphic virus</p> Signup and view all the answers

    Which of the following best describes a Remote Access Trojan (RAT)?

    <p>Software that disguises itself as legitimate to allow remote control.</p> Signup and view all the answers

    What is a characteristic feature of ransomware?

    <p>It demands payment for data decryption.</p> Signup and view all the answers

    In the context of malware, what does the term 'backdoor' refer to?

    <p>A way to permit unauthorized access to a system.</p> Signup and view all the answers

    Which indication is often associated with a malware attack?

    <p>Unusual account lockouts and blocked content.</p> Signup and view all the answers

    What differentiates a Trojan from other malware types?

    <p>It disguises itself as legitimate software.</p> Signup and view all the answers

    Which type of malware utilizes obfuscation techniques during deployment?

    <p>Rootkits</p> Signup and view all the answers

    Which category of viruses can embed themselves within other documents?

    <p>Macro viruses</p> Signup and view all the answers

    Which malware type specifically targets user credentials by recording keystrokes?

    <p>Keyloggers</p> Signup and view all the answers

    What is the primary function of a Command and Control Node in a botnet?

    <p>To manage and coordinate the activities of other nodes</p> Signup and view all the answers

    Which layer of the operating system permissions is referred to as Ring 0?

    <p>Kernel mode with highest permissions</p> Signup and view all the answers

    What technique is primarily used by rootkits to gain deeper access to the operating system?

    <p>Code injection via DLL</p> Signup and view all the answers

    What is the best approach to detect rootkits installed on a system?

    <p>Booting from an external device and scanning</p> Signup and view all the answers

    In what scenario would a logic bomb execute its malicious code?

    <p>When a specific condition is met</p> Signup and view all the answers

    What defines a keylogger in terms of its operational design?

    <p>It records keystrokes on a device without user knowledge</p> Signup and view all the answers

    What is the primary role of Multi-Factor Authentication (MFA) in cybersecurity?

    <p>To require multiple forms of verification for access</p> Signup and view all the answers

    Which characteristic of fileless malware enhances its evade detection capabilities?

    <p>Creating processes directly in system memory</p> Signup and view all the answers

    Why is the concept of bloatware considered a security risk for systems?

    <p>It consumes storage space and potentially introduces vulnerabilities</p> Signup and view all the answers

    Which aspect of spyware distinguishes it from other types of malware?

    <p>It is designed to gather information without user knowledge</p> Signup and view all the answers

    What is a common method to protect against keyloggers?

    <p>Regularly perform software updates and use antivirus solutions</p> Signup and view all the answers

    What defines a backdoor in the context of cybersecurity?

    <p>A method to bypass normal security protocols created by legitimate developers</p> Signup and view all the answers

    What is the most common use of botnets in the realm of cyber attacks?

    <p>To carry out Distributed Denial-of-Service (DDoS) attacks</p> Signup and view all the answers

    Which type of data classification would be assigned to information that poses minimal impact if released, such as basic financial records?

    <p>Sensitive</p> Signup and view all the answers

    What data state refers to information that is currently being processed and accessed by users?

    <p>Data in use</p> Signup and view all the answers

    Which data ownership role is primarily responsible for determining the classification of data based on its sensitivity and value?

    <p>Data Owners</p> Signup and view all the answers

    Which method is typically used to prevent sensitive information from leaving an organization?

    <p>Data Loss Prevention (DLP)</p> Signup and view all the answers

    What is the primary goal of implementing data sovereignty in a business context?

    <p>To comply with local laws and regulations</p> Signup and view all the answers

    Which of the following is a common risk associated with over-classifying data?

    <p>Increased compliance costs</p> Signup and view all the answers

    What method involves converting sensitive data into a non-sensitive format while retaining the essential information for processing?

    <p>Tokenization</p> Signup and view all the answers

    Which classification level represents information that generally can be shared publicly without negative consequences?

    <p>Public</p> Signup and view all the answers

    Which level of data classification is assigned to highly sensitive national security information?

    <p>Top Secret</p> Signup and view all the answers

    What is the primary responsibility of a Data Owner in an organization?

    <p>Labeling information assets and ensuring proper storage</p> Signup and view all the answers

    Who is responsible for ensuring compliance with privacy regulations related to personally identifiable information (PII)?

    <p>Privacy Officer</p> Signup and view all the answers

    Which role is primarily tasked with managing systems that store data assets and enforcing access controls?

    <p>Data Custodian</p> Signup and view all the answers

    Why is it important for data owners to be from the business side rather than the IT department?

    <p>They possess knowledge of the data's content and significance.</p> Signup and view all the answers

    What distinguishes a Data Controller from a Data Processor?

    <p>The controller determines the purpose of data usage, while the processor executes tasks.</p> Signup and view all the answers

    Which factor does NOT contribute to the process of selecting Data Owners within an organization?

    <p>Experience in IT management</p> Signup and view all the answers

    What is the primary function of a Data Steward in an organization?

    <p>Ensuring data quality and appropriate classification</p> Signup and view all the answers

    Which encryption method specifically focuses on protecting individual database fields?

    <p>Record Encryption</p> Signup and view all the answers

    What is the primary purpose of Data Loss Prevention (DLP) systems?

    <p>To prevent data theft in use, transit, or at rest</p> Signup and view all the answers

    Which of the following is NOT a method of protecting data in transit?

    <p>Full Disk Encryption (FDE)</p> Signup and view all the answers

    What defines regulated data in the context of data protection?

    <p>Data controlled by laws and industry standards</p> Signup and view all the answers

    Which data state refers to data actively being created, retrieved, updated, or deleted?

    <p>Data in Use</p> Signup and view all the answers

    What is the main purpose of tokenization in data security?

    <p>To replace sensitive data with non-sensitive tokens</p> Signup and view all the answers

    In terms of data sovereignty, why is geographic location significant?

    <p>It subjects data to local laws and regulations</p> Signup and view all the answers

    Which encryption method does Full Disk Encryption (FDE) utilize?

    <p>Encrypting an entire hard drive</p> Signup and view all the answers

    Which process involves replacing some or all data with placeholders?

    <p>Masking</p> Signup and view all the answers

    What is the role of access controls in data security?

    <p>To restrict access to data and define actions by users</p> Signup and view all the answers

    Which encryption method is used for securing data stored in a database?

    <p>Record Encryption</p> Signup and view all the answers

    Which technique is effective in preventing unauthorized understanding of data?

    <p>Obfuscation</p> Signup and view all the answers

    What does SSL and TLS primarily secure?

    <p>Data in motion over networks</p> Signup and view all the answers

    What is the primary advantage of using quantum bits (qubits) in communication networks?

    <p>They allow for faster data processing through superposition.</p> Signup and view all the answers

    Which cryptography method is NOT a focus of post-quantum cryptography standards selected by NIST?

    <p>RSA</p> Signup and view all the answers

    What is a key characteristic of quantum computing that distinguishes it from classical computing?

    <p>It allows for complex problem-solving through superposition.</p> Signup and view all the answers

    What is the purpose of increasing key size in post-quantum cryptography?

    <p>To increase resistance against brute-force attacks.</p> Signup and view all the answers

    In what scenario is quantum computing considered a threat to traditional encryption methods like RSA?

    <p>When it can quickly factor large prime numbers.</p> Signup and view all the answers

    What is the primary function of Key Escrow in Public Key Infrastructure (PKI)?

    <p>To securely store cryptographic keys for retrieval</p> Signup and view all the answers

    Which type of digital certificate provides encryption but lacks third-party trust?

    <p>Self-Signed Certificate</p> Signup and view all the answers

    In PKI, which concept represents the highest level of trust in certificate validation?

    <p>Root of Trust</p> Signup and view all the answers

    What is a significant security concern associated with Key Escrow?

    <p>Potential for malicious access to escrowed keys</p> Signup and view all the answers

    Which characteristic distinguishes Dual-Sided Certificates from Single-Sided Certificates?

    <p>Requires both server and user to validate each other</p> Signup and view all the answers

    Which type of certificate is beneficial for managing multiple subdomains under a single certificate?

    <p>Wildcard Certificate</p> Signup and view all the answers

    What does the SAN field in a digital certificate specify?

    <p>Additional domains and IP addresses supported</p> Signup and view all the answers

    What is the role of digital certificates within PKI?

    <p>Bind a public key with a user's identity</p> Signup and view all the answers

    What is the primary function of symmetric encryption?

    <p>Uses a single key for both encryption and decryption.</p> Signup and view all the answers

    Which of the following describes a disadvantage of asymmetric encryption?

    <p>Slower compared to symmetric encryption in data transfer.</p> Signup and view all the answers

    Which hashing algorithm is considered more secure than MD5 and less prone to collisions?

    <p>SHA-2</p> Signup and view all the answers

    What is the purpose of key stretching in cryptographic systems?

    <p>To create longer, more secure keys.</p> Signup and view all the answers

    Which cryptographic property ensures that a sender cannot deny their transmitted message?

    <p>Non-repudiation</p> Signup and view all the answers

    What is a key characteristic of block ciphers compared to stream ciphers?

    <p>Encrypts data in fixed-size blocks.</p> Signup and view all the answers

    Which of the following algorithms is classified as an asymmetric encryption method?

    <p>RSA</p> Signup and view all the answers

    In the context of public key infrastructure (PKI), what role does a certificate authority (CA) play?

    <p>Manages and issues public key certificates.</p> Signup and view all the answers

    What is a primary advantage of using Elliptic Curve Cryptography (ECC) over RSA?

    <p>More efficient for equivalent security levels.</p> Signup and view all the answers

    Which of the following describes a collision in hashing?

    <p>Two different messages produce the same hash value.</p> Signup and view all the answers

    What distinguishes the Diffie-Hellman algorithm from RSA?

    <p>It is primarily used for key exchange and not for direct encryption.</p> Signup and view all the answers

    Which technique helps in reducing the risk of a pass-the-hash attack?

    <p>Rate limiting login attempts</p> Signup and view all the answers

    Which aspect of cryptographic security is enhanced through the use of nonces?

    <p>Provides an additional layer against replay attacks.</p> Signup and view all the answers

    What is the primary role of a Registration Authority (RA) in the digital certificate issuance process?

    <p>To collect user information and forward requests to the CA</p> Signup and view all the answers

    Which method is less secure but faster for determining the revocation status of a digital certificate?

    <p>Online Certificate Status Protocol (OCSP)</p> Signup and view all the answers

    What is the main purpose of public key pinning in digital certificates?

    <p>To prevent impersonation attacks by presenting trusted public keys</p> Signup and view all the answers

    What is a potential consequence of compromised root Certificate Authorities (CAs)?

    <p>All digital certificates issued by the CA could be compromised</p> Signup and view all the answers

    Which feature of blockchain technology enhances trust and transparency?

    <p>Immutable ledger ensuring data integrity</p> Signup and view all the answers

    What does tokenization primarily achieve in data security?

    <p>Substitutes sensitive data with tokens while storing the original data securely</p> Signup and view all the answers

    What characteristic is essential for a Trusted Platform Module (TPM) in ensuring security?

    <p>Acts as a dedicated microcontroller for hardware-level security</p> Signup and view all the answers

    Which type of cryptographic attack focuses on exploiting older cryptographic standards?

    <p>Downgrade attack</p> Signup and view all the answers

    What is a significant risk associated with self-managed Certificate Authorities (CAs)?

    <p>Greater vulnerability to compromises due to less oversight</p> Signup and view all the answers

    How does OCSP Stapling improve the performance of certificate validation?

    <p>Allows clients to cache checked OCSP records for future use</p> Signup and view all the answers

    What is the primary function of a Key Management System (KMS)?

    <p>To manage, store, distribute, and retire cryptographic keys</p> Signup and view all the answers

    What does steganography aim to achieve in data security?

    <p>Conceal the existence of a message within another message</p> Signup and view all the answers

    What is the implication of having an immutable ledger in blockchain technology?

    <p>Transactions can be securely recorded without the risk of modification</p> Signup and view all the answers

    What is the commonality between collision attacks and the Birthday Paradox?

    <p>Both are based on probabilities concerning hash functions</p> Signup and view all the answers

    What is the main outcome of the risk analysis process in risk management?

    <p>A prioritized list for guiding risk treatment</p> Signup and view all the answers

    Which risk treatment strategy aims to lessen the likelihood or impact of a risk?

    <p>Reduction</p> Signup and view all the answers

    What is a critical aspect of risk monitoring in the risk management lifecycle?

    <p>Tracking identified risks and monitoring changes over time</p> Signup and view all the answers

    Which type of risk assessment is designed to occur periodically and not as a one-off event?

    <p>Recurring assessment</p> Signup and view all the answers

    What is the primary purpose of risk reporting in risk management?

    <p>To communicate risk information and management effectiveness to stakeholders</p> Signup and view all the answers

    What is the primary goal of risk avoidance?

    <p>To eliminate a specific risk completely</p> Signup and view all the answers

    Which aspect is NOT part of the risk monitoring process?

    <p>Eliminating all identified risks</p> Signup and view all the answers

    Control risk assesses which of the following?

    <p>How security measures lose effectiveness over time</p> Signup and view all the answers

    What does residual risk refer to?

    <p>The risk left over after mitigation, transference, or acceptance measures</p> Signup and view all the answers

    Which benefit is NOT associated with effective risk monitoring and reporting?

    <p>Increased uncertainty in project timelines</p> Signup and view all the answers

    What is the primary purpose of conducting a Business Impact Analysis (BIA)?

    <p>To evaluate the effects of disruptions on all business functions</p> Signup and view all the answers

    Which of the following is a characteristic of Continuous Risk Assessments?

    <p>They utilize technology for real-time data analysis and monitoring.</p> Signup and view all the answers

    What does the term Recovery Time Objective (RTO) signify in risk management?

    <p>The target time permissible for restoring a business process before severe impact occurs.</p> Signup and view all the answers

    Which risk management strategy involves shifting risk to another party?

    <p>Risk Transfer</p> Signup and view all the answers

    What does qualitative risk analysis primarily focus on?

    <p>Assessing risks based on subjective impact and likelihood evaluations.</p> Signup and view all the answers

    Which component is crucial for developing a risk register?

    <p>Documentation of risks, their impacts, and mitigation actions</p> Signup and view all the answers

    What does the Exposure Factor (EF) indicate in quantitative risk analysis?

    <p>The proportion of the asset lost during an event relative to its total value.</p> Signup and view all the answers

    Which type of risk assessment is performed in response to specific events or changes?

    <p>Ad-Hoc Risk Assessments</p> Signup and view all the answers

    What is the primary function of Key Risk Indicators (KRIs)?

    <p>To signal increasing risk exposure and provide early warning signals.</p> Signup and view all the answers

    Which type of risk assessment is associated with continuous monitoring and real-time analysis?

    <p>Continuous Risk Assessments</p> Signup and view all the answers

    What does Mean Time Between Failures (MTBF) measure?

    <p>The expected operational time between consecutive failures of a component.</p> Signup and view all the answers

    What is a common misconception about Risk Acceptance in risk management?

    <p>It means that no measures are taken against identified risks.</p> Signup and view all the answers

    What is the effect of conducting qualitative risk analysis on organizational strategy?

    <p>It enhances the understanding of subjective risks affecting strategic decisions.</p> Signup and view all the answers

    What is one of the main impacts of third-party vendor risks on a business?

    <p>Compromises integrity and data security</p> Signup and view all the answers

    Which type of vulnerability is characterized by applications having hidden backdoors?

    <p>Software Vulnerabilities</p> Signup and view all the answers

    What should be performed as part of a vendor assessment before establishing a partnership?

    <p>Pre-partnership assessment</p> Signup and view all the answers

    What is a critical consideration when selecting managed service providers (MSPs)?

    <p>Their historical dedication to security</p> Signup and view all the answers

    What is one of the security challenges associated with Software-as-a-Service (SaaS) providers?

    <p>Concerns about data confidentiality and integrity</p> Signup and view all the answers

    Which type of risk involves acquiring counterfeit or tampered devices after initial manufacture?

    <p>Supply chain risks</p> Signup and view all the answers

    What security measure can help ensure the integrity of hardware components used in manufacturing?

    <p>Implementation of trusted foundry programs</p> Signup and view all the answers

    What is a key strategy to mitigate the risks associated with vendor selection?

    <p>Engaging in a meticulous selection process</p> Signup and view all the answers

    What is the primary aim of the federal statute designed to enhance semiconductor research and manufacturing in the U.S.?

    <p>Boost domestic semiconductor research and production</p> Signup and view all the answers

    Which method is most effective in ensuring continuous evaluation of supply chain risks?

    <p>Regular monitoring and audits</p> Signup and view all the answers

    Which of the following best describes penetration testing in the context of vendor assessments?

    <p>Simulated cyberattacks to identify system vulnerabilities</p> Signup and view all the answers

    What is the primary purpose of a Right-to-Audit clause in contracts with vendors?

    <p>To provide organizations the ability to evaluate vendor compliance</p> Signup and view all the answers

    Which type of assessment is conducted to provide a neutral perspective on vendor compliance with security standards?

    <p>Independent assessments</p> Signup and view all the answers

    In the vendor selection process, what is a critical component to ensure thorough evaluation?

    <p>Evaluating financial stability and operational history</p> Signup and view all the answers

    Which type of agreement outlines the specific responsibilities and roles in a partnership?

    <p>Business Partnership Agreement (BPA)</p> Signup and view all the answers

    What is a fundamental characteristic of a Non-Disclosure Agreement (NDA)?

    <p>It ensures confidentiality of sensitive information</p> Signup and view all the answers

    Which type of contract includes penalties for performance deviations from established standards?

    <p>Service Level Agreement (SLA)</p> Signup and view all the answers

    What is a key function of vendor questionnaires in the selection process?

    <p>To provide insights into operations and compliance</p> Signup and view all the answers

    Which of the following most accurately describes the function of rules of engagement in a vendor relationship?

    <p>To establish communication protocols and boundaries for interaction</p> Signup and view all the answers

    What is the role of managed service providers (MSPs) in the vendor assessment process?

    <p>Manage IT services on behalf of organizations</p> Signup and view all the answers

    Which contractual tool establishes the foundation for the relationship between two parties?

    <p>Basic Contract</p> Signup and view all the answers

    What is the primary focus of supply chain analysis in vendor management?

    <p>Examining the integrity of the entire vendor supply chain</p> Signup and view all the answers

    Study Notes

    Backup and Ransomware Response

    • Conduct regular backups of data to ensure recovery in case of incidents.
    • Install software updates consistently to address security vulnerabilities.
    • Provide security awareness training to users to enhance overall cybersecurity.
    • Implement Multi-Factor Authentication (MFA) to add an extra layer of security.
    • In case of a ransomware attack, never pay the ransom as it doesn’t ensure data recovery.
    • Disconnect infected machines from the network to prevent further spread.
    • Immediately notify authorities regarding the ransomware incident.
    • Restore data from verified good backups to recover from the attack.

    Zombies and Botnets

    • A botnet is a network of compromised computers or devices controlled remotely by malicious actors.
    • A "zombie" refers to an infected device that operates under the attacker's command without user consent.
    • Nation-state actors pursue long-term strategic goals rather than financial profit.

    Insider Threats

    • Insider threats arise from individuals within the organization who misuse access to sensitive information.
    • Types of insider threats include data theft, sabotage, and misuse of access privileges.
    • Motivations for insider threats vary: financial gain, revenge, or carelessness.
    • Mitigation strategies include:
      • Implementing zero-trust architecture.
      • Employing robust access controls.
      • Conducting regular audits.
      • Providing effective employee security awareness programs.

    Shadow IT

    • Shadow IT refers to the use of IT systems and services without explicit organizational approval.
    • IT-related projects conducted outside of the IT department can create security vulnerabilities.
    • Reasons for the existence of Shadow IT include employee convenience and a lack of awareness of policies.

    Social Engineering

    • Social engineering involves manipulative strategies that exploit human psychology for unauthorized system access.
    • Common motivational triggers include familiarity, authority, scarcity, and urgency.
    • Techniques used in social engineering:
      • Impersonation: Pretending to be someone else to gain access (e.g., brand impersonation).
      • Pretexting: Crafting a fake scenario to manipulate targets, often by mimicking trusted figures.

    Types of Phishing Attacks

    • Phishing: General attempts to obtain sensitive information through deceptive emails or communications.
    • Vishing: Voice phishing typically conducted over the phone.
    • Smishing: SMS phishing targeting mobile devices.
    • Spear Phishing: Targeted phishing aimed at specific individuals or organizations.
    • Whaling: Phishing attacks specifically targeting high-profile individuals (e.g., executives).
    • Business Email Compromise (BEC): Fraudulent schemes targeting companies through compromised email accounts.

    Frauds and Scams

    • Frauds and scams involve deceptive practices aimed at tricking individuals into giving up money or valuable information.
    • Training and awareness programs can help identify and reduce risks associated with frauds and scams.

    Influence Campaigns

    • Influence campaigns involve disseminating misinformation to impact public opinion, political decisions, or economic situations.### Other Social Engineering Attacks
    • Diversion Theft: Manipulating situations or creating distractions to steal items or information.
    • Hoaxes: Malicious deception spread through various communication channels; often paired with impersonation and phishing.
    • Shoulder Surfing: Gathering personal information by looking over someone's shoulder, including using cameras for distant observation.
    • Dumpster Diving: Searching through trash to find valuable information like discarded documents; mitigated by clean desk and desktop policies.
    • Eavesdropping: Secretly listening to private conversations; prevention through data encryption in transit.
    • Baiting: Leaving malware-infected devices (e.g., USB drives) for unsuspecting victims to use and inadvertently install malware.
    • Piggybacking: An authorized person unknowingly allowing an unauthorized person into a secure area.
    • Tailgating: An unauthorized individual follows an authorized person through a secure access point without detection.

    Motivational Triggers

    • Authority: People comply more with requests from those perceived as authority figures.
    • Urgency: A sense of immediacy that prompts swift action or prioritization.
    • Social Proof: Individuals look to others' behaviors to guide their own actions.
    • Scarcity: Pressure arising from perceived limited availability of a product or opportunity.
    • Likability: Attraction or common interests that encourage compliance.
    • Fear: Threat-focused tactics warning victims of possible negative outcomes if they do not comply.

    Impersonation

    • General Impersonation: Adversaries assume another's identity to access unauthorized resources; relies on gathered personal information to establish trust.
    • Brand Impersonation: Attackers impersonate legitimate brands using recognizable logos and language; mitigated by educating users and monitoring online presence.

    Typosquatting

    • Registration of domain names with common typographical errors to mislead users; countered by registering misspelled domains and user education.

    Watering Hole Attacks

    • Targeted attacks compromising websites frequented by specific targets; mitigated by regular updates, threat intelligence services, and advanced malware prevention.

    Pretexting

    • Providing seemingly credible information to extract more details from victims; mitigated through employee training on information sharing.

    Phishing Attacks

    • Phishing: Fraudulent emails impersonating reputable sources to steal sensitive information.
    • Spear Phishing: Targeted phishing campaigns focused on specific individuals or organizations.
    • Whaling: Spear phishing targeting high-profile individuals for greater potential rewards.
    • Business Email Compromise (BEC): Using internal email accounts to deceive employees into malicious actions.
    • Vishing: Voice phishing to extract personal information over the phone.
    • Smishing: SMS phishing using text messages for deception.

    Preventing Phishing Attacks

    • Implementing training and awareness strategies to recognize phishing signs, including urgency, unusual requests, mismatched URLs, and strange email addresses.
    • Key indicators include poor grammar, spelling errors, and the need for investigation if phishing emails are opened.

    Fraud and Scams

    • Fraud: Deceptive actions for financial gain, including identity fraud (using personal info without permission) and identity theft (assuming someone else's identity).
    • Scams: Deceptive acts like invoice scams, where individuals are tricked into paying fake invoices.

    Influence Campaigns

    • Coordinated efforts to sway public perception or behavior; can spread misinformation (false information without harmful intent) and disinformation (deliberate deception).
    • Both can undermine trust in institutions and influence social and political outcomes.### Authentication and Security Measures
    • Adjusting sensitivity settings can enhance the False Rejection Rate (FRR).
    • The Crossover Error Rate (CER) indicates an optimal balance between False Acceptance Rate (FAR) and FRR for effective authentication.

    Electronic Lock Systems

    • Some electronic door locks combine multiple factors, such as an identification number and fingerprint, to bolster security.
    • Cipher locks are mechanical locking systems with numbered push buttons, requiring a specific sequence to unlock.
    • Typically utilized in high-security environments, such as server rooms, to prevent unauthorized access.

    Office Building Security

    • Secure entry areas in office buildings frequently implement electronic access systems that employ badges and Personal Identification Numbers (PINs) for authentication.

    Access Badge Cloning

    • RFID (Radio Frequency Identification) and NFC (Near Field Communication) are widely used technologies for contactless authentication in various services.
    • Access badge cloning involves copying data from an RFID or NFC card to another card or device.
    • Attackers typically clone access badges by intercepting communication signals or using specialized equipment to extract data from the original badge.

    CompTIA Security+ (SY0-701) Overview

    • Intermediate-level IT certification focused on assessing enterprise security posture.
    • Designed for IT professionals and those in cybersecurity, typically with A+ and Network+ certifications recommended.
    • Course suitable for individuals with 1-2 years of hardware, software, and network experience.
    • The certification exam covers five domains:
      • General Security Concepts (12%)
      • Threats, Vulnerabilities, and Mitigations (22%)
      • Security Architecture (18%)
      • Security Operations (28%)
      • Security Program Management and Oversight (20%)
    • Exam format includes up to 90 questions to be answered in 90 minutes, applicable to multiple-choice and performance-based questions.
    • Requires a passing score of 750 out of 900, with an exam fee covered by purchasing an exam voucher.

    Cyber Threat Actors

    Hacktivists

    • Use technical skills to promote social causes instead of personal gain.
    • Engaged in hacktivism, which involves hacking to advance political or social agendas.
    • Utilize various techniques such as:
      • Website Defacement: An act of vandalism through electronic graffiti.
      • DDoS Attacks: Overwhelming networks to disrupt service for legitimate users.
      • Doxing: Publicly releasing personal information to harm individuals or organizations.
      • Data Leaks: Publishing sensitive information online.
    • Motivated primarily by ideological beliefs; not financially driven.
    • Prominent group: Anonymous, known for high-profile attacks against perceived unethical organizations.

    Organized Crime

    • Composed of syndicates conducting criminal activities in the digital landscape.
    • Characterized by sophisticated structures and technical capabilities.
    • Employ advanced techniques such as:
      • Custom Malware
      • Ransomware
      • Advanced Phishing Campaigns
    • Engage in activities like data breaches, identity theft, online fraud, and ransomware attacks.
    • Unlike hacktivists, motivation is profit-driven, potentially conducting operations for governments.

    Nation-State Actors

    • Sponsored by governments to execute cyber operations against other nations or entities.
    • May conduct false flag attacks to mislead investigators and obscure true attribution.
    • Possess advanced skills and resources for coordinated efforts, employing:
      • Custom malware
      • Zero-day exploits
      • Advanced persistent threats (APTs)
    • APTs involve long-term stealthy operations to gain unauthorized access for data theft or monitoring without immediate damage.
    • Motivation stems from national interests, potentially utilizing tactics similar to organized cybercrime for geopolitical objectives.### Security Posture and BYOD
    • High or overly complex security postures can hinder business operations.
    • Bring Your Own Devices (BYOD) allows employees to use personal devices for work tasks.

    Threat Vectors and Attack Surfaces

    • Threat Vector: The method used by attackers to access computers or networks.
    • Attack Surface: All points where unauthorized users can enter or extract data.
      • Minimize through restricted access, removing unnecessary software, disabling unused protocols.
    • Distinction: Threat vector is the "how" of an attack; attack surface is the "where."

    Types of Threat Vectors

    • Messages: Includes threats via email, SMS, or instant messaging, often through phishing to trick victims.
    • Images: Malware can be hidden in image files.
    • Files: Malicious documents disguised as legitimate files shared through email or file-sharing platforms.
    • Voice Calls: Vishing uses voice calls to manipulate victims into revealing sensitive information.

    Removable Devices

    • Baiting: Leaving malware-infected USB drives in public places for targets to find.

    Unsecure Networks

    • Unsecured networks include vulnerable wireless, wired, and Bluetooth systems.
    • Wireless networks can allow unauthorized access if not properly secured.
    • Wired networks, while generally more secure, are still susceptible to physical attacks.
      • Notable vulnerabilities: MAC address cloning and VLAN hopping.
    • Bluetooth Vulnerabilities:
      • BlueBorne: Exploits allowing malware spread without user interaction.
      • BlueSmack: Denial of Service attack targeting Bluetooth-enabled devices.

    Deception and Disruption Technologies

    • Employ technologies to mislead and divert attackers from valuable assets.
    • Tactics, Techniques, and Procedures (TTPs): Patterns and behaviors associated with threat actors.
    • Various methods include:
      • Honeypots: Decoys to attract hackers.
      • Honeynets: Networks of honeypots simulating entire systems.
      • Honeyfiles and Honeytokens: Decoy materials to lure or monitor attackers.

    Security Strategies

    • Disruption techniques:
      • Bogus DNS entries and decoy directories fool attackers.
      • Dynamic page generation counters scraping tools.
      • Port triggering hides network services until specific outbound traffic occurs.
      • Countering network scans with fake telemetry responses.

    Physical Security

    • Focuses on protecting physical assets - buildings, equipment, and personnel.
    • Security Controls:
      • Fencing and Bollards: Physical barriers to control access and provide visual deterrence.
      • Bollards guard against vehicular access.
    • Brute Force Attacks: Gaining access through forceful methods like ramming barriers and tampering.

    Surveillance Systems

    • Comprehensive strategy for monitoring and reporting incidents.
      • Components include video surveillance (motion detection, night vision), security guards, and environmental sensors.
    • Categories of Sensors:
      • Infrared, pressure, microwave, and ultrasonic sensors detect environmental changes.

    Bypassing Surveillance Systems

    • Attackers may obstruct camera views or jam sensors.
    • Techniques include visual obstruction (spraying cameras), blinding sensors with light, and exploiting environmental weaknesses.

    Access Control Vestibules

    • Double-door systems prevent tailgating and piggybacking.
    • Differences:
      • Piggybacking involves consent; tailgating does not.### Sensitivity Adjustments and Error Rates
    • Adjusting sensitivity settings in authentication systems can lead to an increase in False Rejection Rate (FRR).
    • Crossover Error Rate (CER) represents the point where the False Acceptance Rate (FAR) equals the FRR, crucial for optimizing authentication effectiveness.

    Security Measures in Electronic Locks

    • Some electronic door locks enhance security by employing multiple factors, such as a combination of identification numbers and fingerprints.
    • Cipher locks are mechanical locks utilizing numbered push buttons and a required combination to unlock, commonly found in secure areas like server rooms.
    • Secure entry systems in office buildings often utilize electronic access with badges and Personal Identification Numbers (PINs) for verification.

    Access Badge Cloning Techniques

    • RFID (Radio Frequency Identification) and NFC (Near Field Communication) are leading technologies for contactless authentication used in a variety of applications.
    • Access badge cloning involves duplicating the data from an RFID or NFC card onto another device or card.
    • An attacker can clone an access badge by capturing the data stored on the original card, potentially compromising security.

    Security Control Categories

    • Technical Controls are implemented using technology, such as firewalls, intrusion detection systems, and antivirus software.
    • Managerial Controls are policies, procedures, and guidelines for security, such as security awareness training and data classification policies.
    • Operational Controls address the day-to-day security practices, like access control procedures, incident response plans, and data backup routines.
    • Physical Controls involve tangible security measures like locks, security guards, and physical barriers to prevent unauthorized access.

    Security Control Types

    • Preventative Controls aim to stop security incidents before they occur, like strong passwords, access control lists, and data encryption.
    • Deterrent Controls discourage attackers. Examples are warning signs, security cameras, and security audits.
    • Detective Controls identify security incidents after they happen. Examples are intrusion detection systems, security logs, and vulnerability scanners.
    • Corrective Controls fix security incidents after detection. These can be automatic or manual. Examples include system restoration, security patches, and incident response plans.
    • Compensating Controls provide an alternative security measure when a primary control isn't available or effective.
    • Directive Controls are policies and procedures that direct behavior. Examples are security policies, acceptable use policies, and data classification policies.

    Zero Trust Model

    • Zero Trust assumes no user or device can be trusted by default.
    • It emphasizes continuous verification and strict access control.
    • Control Plane includes features like adaptive identity, threat scope reduction, policy-driven access control, and secured zones.
    • Data Plane includes elements like the subject/system, policy engine, policy administrator, and policy enforcement points.

    Threats and Vulnerabilities

    • Threats are potential sources of harm to information technology systems.
    • Vulnerabilities are weaknesses in system design or implementation.
    • The intersection of threats and vulnerabilities creates risk.
    • Risk Management involves minimizing threats and vulnerabilities.

    Data Confidentiality

    • Confidentiality protects information from unauthorized access and disclosure.
    • Methods to ensure confidentiality:
      • Encryption: Transforms data into an unreadable format.
      • Access Controls: Restrict who can access specific data.
      • Data Masking: Hides sensitive data while preserving its authenticity and use.
      • Physical Security Measures: Secure physical data and digital information.
      • Training and Awareness: Educate users about security best practices.

    Data Integrity

    • Integrity ensures that information remains accurate and unchanged.
    • Methods to maintain data integrity:
      • Hashing: Creates a unique digital fingerprint of data to detect changes.
      • Digital Signatures: Guarantees both integrity and authenticity.
      • Checksums: Verifies data integrity during transmission.
      • Access Controls: Limit who can modify data, preventing unauthorized changes.
      • Regular Audits: Review operations to identify unauthorized or accidental alterations.

    Data Availability

    • Availability ensures that systems and resources are accessible when needed.
    • Importance of Availability:
      • Business Continuity: Continue operations even with disruptions.
      • Customer Trust: Maintain reliable service for users.
      • Organizational Reputation: Project stability and competence.
    • Strategies to maintain Availability:
      • Redundancy: Duplicate critical components for backup.

    Non-Repudiation

    • Non-repudiation provides evidence of participation and actions in digital transactions.
    • Digital Signatures are unique to each user, ensuring authenticity.
    • Importance of Non-Repudiation:
      • Confirm authenticity: Verify the source of digital communications.
      • Ensure integrity: Guarantee the unaltered nature of communications.
      • Accountability: Track actions and identify responsible parties.

    Authentication

    • Authentication verifies a user's identity.
    • Authentication Methods:
      • Something you know: (Knowledge factor) Like a password.
      • Something you have: (Possession factor) Like a security token.
      • Something you are: (Inherence factor) Like a fingerprint scan.
      • Something you do: (Action factor) Like a dynamic password.
      • Somewhere you are: (Location factor) Using GPS tracking.
    • Multi-Factor Authentication (MFA): Uses multiple factors to authenticate users.

    Importance of Authentication

    • Prevent unauthorized access: Only allow legitimate users to access resources.
    • Protect user data and privacy: Secure personal and confidential information.
    • Ensure resource access by valid users: Control access to specific systems or data.

    Authorization

    • Authorization grants permissions and privileges based on a user's authentication.
    • Importance of Authorization:
      • Protect sensitive data: Control access to specific data based on user roles.
      • Maintain system integrity: Ensure that data is modified only by authorized actions.
      • Streamlined user experience: Present relevant and accessible information to users based on their roles and needs.

    Accounting

    • Accounting tracks and records user activities in a communication or transaction.
    • Importance of Accounting:
      • Audit trail: Traceable record of changes for investigations.
      • Regulatory compliance: Meet legal or industry standards.
      • Forensic analysis: Investigate security incidents for cause and prevention.
      • Resource optimization: Analyze usage for efficiency and cost reduction.
      • User accountability: Monitor actions and discourage misuse.
    • Accounting Technologies:
      • Syslog Servers: Collect logs from various devices for analysis.
      • Network Analysis Tools: Capture and analyze network traffic.
      • Security Information and Event Management (SIEM) Systems: Analyze security alerts in real-time.

    Security Control Categories

    • Security controls are mechanisms to manage and reduce security risks.
    • There are four categories: Technical, Managerial, Operational, and Physical
    • Technical controls are technologies used to manage risks.
    • Managerial controls are strategic planning and governance.
    • Operational controls are procedures and measures to protect data daily.
    • Physical controls are real-world measures to protect assets.

    Types of Security Controls

    • Preventive controls are proactive measures to prevent attacks.
    • Deterrent controls discourage attackers by increasing the effort required.
    • Detective controls monitor and alert for malicious activity.
    • Corrective controls mitigate damage and restore systems.
    • Compensating controls are alternative measures when primary controls fail.
    • Directive controls guide and mandate actions through policies and documentation.

    Gap Analysis

    • Gap analysis compares current performance to desired performance.
    • It helps organizations improve operations, processes, and security.
    • The steps are: define scope, gather data, analyze data, develop a plan.
    • There are two types of Gap Analysis: Technical and Business.
    • Technical Gap Analysis compares current infrastructure to required capabilities for security solutions.
    • Business Gap Analysis assesses current business processes to see if they meet the requirements for cloud-based solutions.

    Plan of Action and Milestones (POA&M)

    • A POA&M outlines steps to address vulnerabilities.
    • It allocates resources and sets timelines for remediation tasks.

    Zero Trust

    • Zero Trust verifies all devices, users, and transactions, regardless of origin.
    • Zero Trust architecture uses two planes: Control Plane and Data Plane.
    • Control Plane defines, manages, and enforces policies for access.
    • Control Plane encompasses: Adaptive Identity, Threat Scope Reduction, Policy-Driven Access Control, and Secured Zones
    • Data Plane executes the policies.
    • Data Plane consists of: Subject/System, Policy Engine, Policy Administrator, and Policy Enforcement Point.

    Threat Actors

    • Threat actor motivations drive their attacks.
    • Threat actor intent is the specific goal they want to achieve.
    • Data Exfiltration transfers data without authorization.
    • Financial Gain can be achieved through ransomware, banking trojans, and other means.
    • Blackmail involves threatening to release sensitive information.
    • Service Disruption aims to disrupt an organization's services for chaos, political statements, or ransom.
    • Philosophical or Political Beliefs motivate hacktivists.
    • Ethical Reasons motivate authorized hackers to improve security.
    • Revenge targets an entity that the attacker believes has wronged them.
    • Disruption or Chaos can include malware spreading or attacks on critical infrastructure.
    • Espionage aims to gather sensitive or classified information.
    • War uses cyberattacks to disrupt infrastructure, compromise national security, and cause economic damage.

    Threat Actor Attributes

    • Threat actors are classified as Internal or External.
    • Internal threat actors are individuals inside the organization.
    • External threat actors are individuals or groups outside the organization.
    • Resources and funding impact the threat actor's capabilities.
    • Level of sophistication reflects the threat actor’s technical skills, tools, and ability to evade detection.
    • Script Kiddies are less skilled threat actors who use pre-made software or scripts.

    Shadow IT

    • Shadow IT refers to IT systems managed without organizational approval.

    Threat Vectors and Attack Surfaces

    • Threat vectors are the paths taken by cyberattacks.
    • Common threat vectors: Message-based, Image-based, File-based, Voice Calls, Removable Devices, Unsecured Networks

    Deception and Disruption Technologies

    • Honeypots are decoy systems that attract attackers.
    • Honeynets are networks of decoy systems for observing attacks.
    • Honeyfiles are decoy files to detect unauthorized access or data breaches.
    • Honeytokens are fake data to alert administrators when accessed.

    Unskilled Attackers

    • Unskilled attackers are individuals who lack the technical knowledge to develop their own hacking tools or exploits
    • They rely on pre-made scripts and programs created by others
    • One way unskilled attackers cause damage is by launching DDoS attacks
      • They can easily target systems by entering IP addresses and clicking a button to launch the attack

    Hacktivists

    • Hacktivists are individuals or groups who use their technical skills to promote a cause or drive social change without seeking personal gain
    • They use various techniques to achieve their goals, such as website defacement, DDoS attacks, doxing, and leaking sensitive data
    • Hacktivists are motivated by their ideological beliefs rather than financial gain
    • The most well-known hacktivist group is Anonymous, a loosely affiliated collective known for high-profile attacks against organizations they perceive as unethical

    Organized Crime

    • Organized cybercrime groups are highly structured and sophisticated groups conducting criminal activities in the digital world
    • They possess advanced technical capabilities and use their skills for illicit gain
    • They employ a range of techniques like custom malware, ransomware, and sophisticated phishing campaigns
    • These groups engage in various activities to generate revenue, including data breaches, identity theft, online fraud, and ransomware attacks
    • Unlike hacktivists or nation-state actors, organized cybercrime groups are not typically driven by ideology or politics
    • Their primary goal is to make money, even if attacks occur in the political sphere

    Nation-State Actors

    • Nation-state actors are groups or individuals sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
    • They sometimes employ false flag attacks to mislead investigators and attribute the attack to another source
    • Nation-state actors have advanced technical skills and resources, enabling them to conduct complex, coordinated cyber operations using techniques such as:
      • Creating custom malware
      • Using zero-day exploits
      • Becoming advanced persistent threats (APTs)
    • APTs are long-term, targeted cyberattacks where intruders gain unauthorized access to a network and remain undetected while stealing data or monitoring activities
    • Nation-state actors are motivated by strategic goals rather than financial gain

    Insider Threats

    • Insider threats are cybersecurity risks originating from within an organization
    • They can involve various forms of malicious activity, including data theft, sabotage, and misuse of access privileges
    • Insider threats are driven by various motivations, such as financial gain, revenge, or carelessness
    • To mitigate insider threats, organizations should implement measures like:
      • Zero-trust architecture
      • Robust access controls
      • Regular audits
      • Effective employee security awareness programs

    Shadow IT

    • Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit organizational approval
    • It often arises when an organization's security posture is too restrictive for efficient business operations

    Bring Your Own Devices (BYOD)

    • BYOD is the use of personal devices for work purposes

    Threat Vectors and Attack Surfaces

    • A threat vector is the means by which an attacker gains unauthorized access to a computer or network
    • An attack surface encompasses all points where an unauthorized user can try to enter or extract data
    • Attack surfaces can be minimized by restricting access, removing unnecessary software, and disabling unused protocols
    • Threat vectors can include:
      • Messages (email, SMS, instant messaging, phishing)
      • Images (malicious code embedded in images)
      • Files (malware disguised as legitimate documents or software)
      • Voice Calls (vhishing - using voice calls to trick victims)
      • Removable Devices (baiting - leaving infected USB drives)
      • Unsecure Networks (wireless, wired, Bluetooth networks lacking proper security)
      • Physical access to network infrastructure (MAC Address Cloning, VLAN hopping)
      • Bluetooth (exploitation of Bluetooth vulnerabilities like BlueBorne and BlueSmack)
        • BlueBorne allows attackers to take over devices, spread malware, or intercept communications
        • BlueSmack is a type of Denial of Service attack that targets Bluetooth devices

    Deception Technology

    • Honeypots: Decoy systems designed to attract and capture attackers, providing insight on their techniques and activities.
    • Honeynets: Networks comprised of multiple honeypots, simulating a larger, more complex network to draw in hackers.
    • Honeyfiles: Deceptive files placed within a system to trigger attacker interest and uncover their objectives.
    • Honeytokens: Pieces of data or resources with no real value, but monitored for access, revealing potential malicious activity.
    • Bogus DNS Entries: False DNS records introduced into a system's DNS server to mislead attackers and identify their targets.
    • Decoy Directories: Fake folders and files placed within a system's storage to misdirect attackers and track their behavior.
    • Dynamic Page Generation: Dynamically generated website content that changes every time it is requested, preventing automated scraping tools from accessing information efficiently.
    • Port Triggering: A security mechanism that keeps specific services or ports closed until a specific outgoing traffic pattern is detected, concealing those services from attackers.
    • Fake Telemetry Data: When a system detects a network scan, it sends false telemetry data to attackers, misleading them and potentially revealing their tactics.

    Disruption Technologies

    • Bogus DNS Entries: False records introduced into a system's DNS server mislead attackers and identify their targets.
    • Decoy Directories: Fake folders and files placed within a system's storage misdirect attackers and track their behavior.
    • Dynamic Page Generation: Dynamic content on websites prevents efficient automated scraping.
    • Port Triggering: A security mechanism that keeps specific services or ports closed until a specific outgoing traffic pattern is detected, concealing those services from attackers.
    • Fake Telemetry Data: Instead of providing actual information about the network, a system sends false telemetry data to attackers, misleading them and potentially revealing their tactics.

    Physical Security

    • Security Controls: Measures taken to safeguard physical assets from harm or unauthorized access.
    • Fencing and Bollards: Physical barriers used to define perimeters and restrict access, acting as visual deterrents and physical obstacles.
    • Surveillance Systems: Systems designed to observe and report activities within a given area, commonly utilizing video, security guards, lighting, and sensors.
    • Access Control Vestibules: Double-door systems that restrict access to secure areas, helping prevent piggybacking and tailgating.
    • Door Locks: Devices employed to regulate access to specific spaces, ensuring only authorized individuals can enter. They come in various types, including traditional, electronic, biometric, and cipher locks.
    • Access Badges: Identification cards containing RFID or NFC chips that authenticate individuals for entry, subject to vulnerabilities such as cloning.

    Brute Force Attacks

    • Forcible Entry: Gaining unauthorized access by physically breaking or bypassing security barriers, such as doors, windows, or fences.
    • Tampering with Security Devices: Manipulating security devices to create new vulnerabilities that can be exploited.
    • Confronting Security Personnel: Directly confronting or attacking security personnel to gain access.
    • Ramming Barriers with Vehicles: Using vehicles to forcibly breach physical security barriers, such as fences, gates, or building structures.

    Surveillance System Bypassing

    • Visual Obstruction: Blocking the camera's line of sight, using methods like spraying paint, placing objects in front of the camera, or covering the lens.
    • Blinding Sensors and Cameras: Overwhelming sensors or cameras with a sudden burst of light to temporarily disable their functionality.
    • Interfering with Acoustics: Disrupting microphone functionality by jamming or playing loud music.
    • Interfering with Electromagnetic Systems: Jamming signals used by surveillance systems to monitor the environment, disrupting their effectiveness.
    • Attacking the Physical Environment: Physically tampering with, or disabling surveillance equipment to bypass their monitoring capabilities.

    Access Control Vestibules

    • Piggybacking: Two individuals working together, one with legitimate access allowing an unauthorized person entry.
    • Tailgating: An unauthorized person gaining access by closely following an authorized individual through an access control vestibule without their knowledge.

    Door Locks

    • Traditional Padlocks: Basic locks easily defeated, offering minimal protection.
    • Basic Door Locks: Vulnerable to simple techniques like lock picking.
    • Modern Electronic Door Locks: Use authentication methods such as PINs, biometrics, and wireless signals to enhance security.
    • Biometric Challenges: Biometric systems can experience False Acceptance Rate (FAR) and False Rejection Rate (FRR), requiring adjustments to sensitivity for optimal system effectiveness.
    • Cipher Locks: Mechanical locks with push buttons requiring a combination to open.
    • Access Badge Cloning: Copying data from an RFID or NFC card to gain unauthorized access. Cloning involves scanning the card, extracting data, writing to a new card, and then utilizing the cloned badge for access.

    Methods Used by Attackers to Clone Access Badges

    • Scanning: Reading the data from the targeted access badge.
    • Data Extraction: Retrieving the relevant authentication credentials from the scanned card.
    • Writing to a New Card or Device: Transferring the retrieved data onto a blank RFID or NFC card or compatible device.
    • Using the Cloned Access Badge: Gaining unauthorized access by using the cloned card.

    Why Access Badge Cloning is a Threat

    • Ease of execution
    • Vulnerability to stealthy attacks
    • Widespread use in compromising physical security systems

    How Can You Stop Access Badge Cloning

    • Implement advanced encryption in your card-based authentication systems.
    • Require Multi-Factor Authentication (MFA) for access.
    • Update security protocols regularly.
    • Educate users about access badge security.
    • Utilize shielded wallets or sleeves for RFID access badges.
    • Monitor and audit access logs for suspicious activity.

    Social Engineering

    • Definition: A manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces.
    • Motivational Triggers:
      • Familiarity and Likability: Attackers leverage pre-existing relationships or create the illusion of familiarity to gain trust.
      • Consensus and Social Proof: People tend to follow the crowd or look to others for guidance - attackers exploit this by creating a sense of widespread acceptance.
      • Authority and Intimidation: Attackers use a position of authority or create fear to manipulate victims into compliance.
      • Scarcity and Urgency: The perception of limited resources or time pressure can drive people to make rash decisions, which attackers capitalize on.
    • Social Engineering Techniques:
      • Impersonation: Attackers assume the identity of someone else to gain trust, often using brand impersonation, typo-squatting, or watering hole attacks.
      • Pretexting: Attackers fabricate a scenario to manipulate their victims, often impersonating trusted figures.
      • Phishing: Attackers use electronic communication (email, SMS, etc.) to deceive victims into revealing sensitive data or clicking malicious links.
      • Vishing (Voice Phishing): Attackers use voice calls to trick victims into disclosing personal or financial information.
      • Smishing (SMS Phishing): Attackers use text messages to trick victims into providing personal information.
      • Spear Phishing: Highly targeted phishing attacks focused on specific individuals or organizations.
      • Whaling: Spear phishing attacks specifically targeting high-profile individuals like CEOs or CFOs.
      • Business Email Compromise (BEC): Sophisticated attacks that target businesses by using internal email accounts to manipulate employees into performing malicious actions.
      • Frauds and Scams: Deceptive practices used to trick people into parting with money or valuable information.
      • Influence Campaigns: Efforts to spread misinformation and disinformation to manipulate public perception or behavior.
      • Other Social Engineering Attacks:
        • Diversion Theft: Attackers create distractions to steal valuables.
        • Hoaxes: Deceptions spread online to mislead people, often paired with phishing or impersonation attacks.
        • Shoulder Surfing: Attackers observe people entering sensitive information.
        • Dumpster Diving: Attackers search garbage for discarded documents containing personal or corporate information.
        • Eavesdropping: Attackers listen in on private conversations.
        • Baiting: Leaving malware-infected devices (like USB drives) in public places to trick victims into installing malware.
        • Piggybacking: Attackers follow an authorized person into a secure area without proper authorization.
        • Tailgating: Attackers try to follow an employee through secure entry points without identification.

    Motivational Triggers

    • Six primary triggers:
      • Authority: Trust in authority figures can lead people to comply with requests.
      • Urgency: Creating a sense of immediacy pressures people to act quickly and potentially without proper consideration.
      • Social Proof: People tend to follow the behavior of others, making them susceptible to attacks that create an illusion of widespread acceptance.
      • Scarcity: The perceived limited availability of a resource or opportunity can lead to impulsive actions.
      • Likability: People are more prone to trust those they perceive as likeable.
      • Fear: The threat of negative consequences can pressure individuals into compliance.

    Impersonation

    • Four Main Forms:
      • Impersonation: Assumption of someone else's identity to gain access to resources or steal data.
      • Brand Impersonation: Attackers deceive people into believing they represent a legitimate company or brand.
      • Typosquatting: Attackers register domain names similar to legitimate websites that exploit typos.
      • Watering Hole Attacks: Attackers compromise websites frequented by their targets to deliver malware.

    Phishing Attacks

    • Types:
      • Phishing: Attackers use fraudulent emails to trick victims into providing sensitive information or clicking malicious links.
      • Spear Phishing: Targeted phishing attacks focused on specific individuals or organizations.
      • Whaling: Spear phishing attacks targeting high-profile individuals.
      • Business Email Compromise (BEC): Attackers compromise internal email accounts to manipulate employees into performing malicious actions.
      • Vishing (Voice Phishing): Attackers use phone calls to trick victims into disclosing personal or financial information.
      • Smishing (SMS Phishing): Attackers use text messages (SMS) to trick victims into providing personal information.
    • Preventing Phishing Attacks:
      • Regular User Training: Provide employees with training on recognizing and reporting phishing attempts.
      • Anti-Phishing Campaigns: Utilize educational resources and simulations to increase user awareness and help identify phishing attacks.
      • Security Measures: Implement security gateways, email filters, and monitoring tools to detect and prevent phishing attempts.

    Frauds and Scams

    • Fraud: Intentional deception to benefit from a crime or to misrepresent facts for personal gain.
      • Identity Fraud/Identity Theft: Attackers use another person's information without their consent to commit crimes or defraud others.
    • Scams: Deceptive schemes designed to trick people into parting with money or valuable information.
      • Invoice Scam: Tricking people into paying for fake invoices for products or services they didn't order.

    Influence Campaigns

    • Definition: Coordinated efforts to manipulate public perception or behavior towards a particular cause, individual, or group.
      • Misinformation: False information spread without malicious intent.
      • Disinformation: Deliberate creation and spread of false information with the intent to deceive or mislead.

    Other Social Engineering Attacks

    • Diversion Theft: Using distractions to steal valuables.
    • Hoaxes: Malicious deceptions often spread through social media, email, or other communication channels, usually combined with phishing or impersonation attacks.
    • Shoulder Surfing: Observing people entering sensitive information.
    • Dumpster Diving: Searching through trash for discarded documents containing personal or corporate information.
    • Eavesdropping: Secretly listening to private conversations.
    • Baiting: Leaving malware-infected devices in public places to trick victims into installing malware.
    • Piggybacking: Following an authorized person into a secure area without authorization.
    • Tailgating: Trying to follow an employee through secure entry points without identification.

    Malware

    • Malicious software designed to infiltrate computer systems, potentially causing damage without user consent.
    • Several categories: Viruses, Worms, Trojans, Ransomware, Spyware, Rootkits, Spam.

    Threat Vector vs. Attack Vector

    • Threat Vector: Method used to infiltrate a victim's machine, such as unpatched software, USB drive installation, phishing campaigns.
    • Attack Vector: Means by which the attacker gains access and infects the system, combining both infiltration method and infection process.

    Malware Attacks

    • Viruses: Attach to clean files, spread, and corrupt host files.
    • Worms: Standalone programs replicating and spreading to other computers.
    • Trojans: Disguise as legitimate software, grant unauthorized access.
    • Ransomware: Encrypts user data, demands ransom for decryption.
    • Zombies and Botnets: Compromised computers remotely controlled in a network for malicious purposes.
    • Rootkits: Hide presence and activities on a computer, operating at the OS level.
    • Backdoors and Logic Bombs: Backdoors allow unauthorized access, logic bombs execute malicious actions.
    • Keyloggers: Record keystrokes, capturing passwords or sensitive information.
    • Spyware and Bloatware: Spyware monitors and gathers user/system information, bloatware consumes resources without value.

    Malware Techniques and Infection Vectors

    • Malware is evolving from file-based tactics to modern fileless techniques.
    • Multi-stage deployment, leveraging system tools, and obfuscation techniques are employed.

    Indications of Malware Attack

    • Account Lockouts
    • Concurrent Session Utilization
    • Blocked Content
    • Impossible Travel
    • Resource Consumption
    • Inaccessibility
    • Out-of-Cycle Logging
    • Missing Logs
    • Documented Attacks

    Viruses

    • Malicious code that runs on a machine without user knowledge, infecting the computer when executed.
    • Types of Viruses:
      • Boot Sector: Stored in the first sector of a hard drive, loaded into memory during boot.
      • Macro: Embedded inside documents, executed when the document is opened.
      • Program: Infects executable or application files.
      • Multipartite: Combination of a boot sector and a program virus, infecting both.
      • Encrypted: Designed to evade detection by encrypting malicious code or payloads.
      • Polymorphic: Advanced encrypted virus altering its code during execution to evade detection.
      • Metamorphic: Rewrites itself entirely before infecting a file.
      • Stealth: Prevents the virus from being detected by antivirus software.
      • Armored: Has a layer of protection to confuse analysis attempts.
      • Hoax: Attempts to scare users into taking undesirable actions on their system.

    Worms

    • Malicious software replicating without user interaction, spreading throughout a network.
    • Threaten both workstations and network traffic.
    • Spread rapidly over the internet in a short period.

    Trojans

    • Disguised as harmless or desirable software, potentially performing needed or desired functions for the user.
    • Remote Access Trojan (RAT): Provides remote control of a victim machine.
    • Exploited vulnerabilities in workstations for data exfiltration, backdoor creation, and malicious activities.

    Ransomware

    • Blocks access to a computer system or its data through encryption until a ransom is paid.
    • Protection: Regular backups, software updates, security awareness training, Multi-Factor Authentication (MFA).
    • Response: Do not pay the ransom, disconnect the infected machine from the network, notify authorities, restore data from backups.

    Zombies and Botnets

    • Botnet: Network of compromised computers or devices controlled remotely by malicious actors.
    • Zombie: Compromised computer or device part of a botnet.
    • Command and Control Node: Computer managing botnet activities.
    • Used for pivoting, disguising the attacker, hosting illegal activities, sending spam and malware.
    • DDoS (Distributed Denial-of-Service) Attack: Botnets target a victim with a simultaneous attack from multiple machines.
    • Used to break encryption schemes.

    Rootkits

    • Gain administrative control over a computer system without being detected.
    • Operate at the OS level, aiming for Ring 0 (kernel mode) access for maximum permissions.
    • Techniques: DLL injection, shims.
    • Difficult to detect, best detected by booting from an external device and scanning the hard drive.

    Backdoors and Logic Bombs

    • Backdoor: Bypasses security and authentication functions, often created by programmers.
    • RAT (Remote Access Trojan) acts like a backdoor, providing persistent access.
    • Easter Eggs: Hidden features or jokes inserted by developers, sometimes containing vulnerabilities.
    • Logic Bombs: Malicious code that triggers when certain conditions are met.

    Keylogger

    • Records every keystroke made on a computer or mobile device.
    • Software-Based: Program installed on the victim's computer.
    • Hardware-Based: Physical device plugged into the computer or embedded within a keyboard cable.
    • Protection: Regular updates, antivirus and antimalware software, phishing awareness training, Multi-Factor Authentication, encryption, physical checks.

    Spyware and Bloatware

    • Spyware: Gathers and sends user information without knowledge.
    • Bloatware: Pre-installed software not requested or needed by the user, causing storage waste, performance slowdown, and potential vulnerabilities.
    • Bloatware Removal: Manual uninstall, bloatware removal tools, clean OS installation.

    Malware Attack Techniques

    • Malware Exploitation Technique: Specific method for malware to penetrate and infect a system.
    • Fileless Techniques: Focus on infecting system memory to avoid detection by signature-based security software.
    • Stage 1 Dropper or Downloader: Lightweight shellcode executing on a system, retrieving additional malware code and tricking the user into activating it.
    • Stage 2: Downloader: Downloads and installs a remote access Trojan for command and control.
    • "Actions on Objectives" Phase: Execution of core objectives like data exfiltration, file encryption.
    • Concealment: Hiding tracks and erasing log files to prolong unauthorized access.
    • "Living off the Land": Exploiting standard system tools for intrusions.

    Indications of Malware Attacks (Common)

    • Account Lockouts: Triggered by multiple failed login attempts.
    • Concurrent Session Utilization: Multiple simultaneous sessions from diverse locations.
    • Blocked Content: Increase in blocked content alerts from security tools.
    • Impossible Travel: Access from geographically separated locations in a short time.
    • Resource Consumption: Unusual spikes in CPU, memory, or network utilization.
    • Resource Inaccessibility: Files or systems become inaccessible, possibly due to ransomware.
    • Out-of-Cycle Logging: Log generation at odd hours or during inactive periods.
    • Missing Logs: Gaps in logs without authorized reasons.
    • Published or Documented Attacks: Reports indicating your organization’s network infection.

    Data Protection

    • Safeguarding information from corruption, compromise, or loss.
    • Various data classification types exist:
      • Sensitive: Information that, if accessed by unauthorized persons, can result in the loss of security or competitive advantage for a company.
      • Confidential: Holds trade secrets, intellectual property, source code, etc.
      • Critical: Extremely valuable and restricted information.
    • Data Ownership Roles:
      • Data Owners: Senior executives responsible for data protection.
      • Data Controllers: Entities responsible for data storage, collection, and usage purposes.
      • Data Processors: Groups or individuals hired by data controllers for data collection and processing tasks.
      • Data Stewards: Focus on data quality and metadata, ensuring data is appropriately labeled and classified.
      • Data Custodians: Responsible for managing the systems on which data assets are stored.
    • Data States:
      • Data at Rest: Data stored in databases, file systems, or storage systems.
      • Data in Transit: Data actively moving from one location to another.
      • Data in Use: Data actively being created, retrieved, updated, or deleted.
    • Data Types:
      • Regulated data: Includes information like PII (Personal Identification Information), PHI (Protected Health Information), trade secrets, intellectual property, legal information, and financial information.
      • Human vs non-human readable data: Human-readable data is easily understandable by humans, while non-human-readable data requires machine or software to interpret.
    • Data Sovereignty: Digital information subject to laws of the country where it's located.
      • Various laws like GDPR (General Data Protection Regulation) and China and Russia's data sovereignty laws exist, which pose challenges for multinational companies and cloud services.
    • Securing Data Methods:
      • Geographic Restrictions (Geofencing): Virtual boundaries to restrict data access based on location.
      • Encryption: Transforms plaintext into ciphertext using algorithms and keys.
      • Hashing: Converts data into fixed-size hash values, irreversible one-way function.
      • Masking: Replaces some or all data with placeholders.
      • Tokenization: Replaces sensitive data with non-sensitive tokens.
      • Obfuscation: Makes data unclear or unintelligible.
      • Segmentation: Divides network into separate segments with unique security controls.
      • Permission Restrictions: Define data access and actions through ACLs or RBAC.
    • Data Loss Prevention (DLP): Strategy to prevent sensitive information from leaving an organization.
      • DLP systems can be software or hardware solutions.
      • Types of DLP Systems: Endpoint DLP System, Network DLP System, Storage DLP System, Cloud-Based DLP System.

    Data Classification

    • Based on the value to the organization and the sensitivity of the information, determined by the data owner.
    • Sensitive Data: Information that, if accessed by unauthorized persons, can result in the loss of security or competitive advantage for a company.
    • Importance of Data Classification:
      • Helps allocate appropriate protection resources.
      • Prevents over-classification to avoid excessive costs.
      • Requires proper policies to identify and classify data accurately.
    • Commercial Business Classification Levels:
      • Public: No impact if released; often publicly accessible data.
      • Sensitive: Minimal impact if released.
      • Private: Contains internal personnel or salary information.
      • Confidential: Holds trade secrets, intellectual property, source code, etc.
      • Critical: Extremely valuable and restricted information.
    • Government Classification Levels:
      • Unclassified: Generally releasable to the public.
      • Sensitive but Unclassified: Includes medical records, personnel files, etc.
      • Confidential: Contains information that could affect the government.
      • Secret: Holds data like military deployment plans, defensive postures.
      • Top Secret: Highest level, includes highly sensitive national security information.
    • Legal Requirements: Depending on the organization's type, there may be legal obligations to maintain specific data for defined periods.
    • Documentation: Organizational policies should clearly outline data classification, retention, and disposal requirements.

    Data Ownership

    • Data Ownership: Identifying the individual responsible for maintaining the confidentiality, integrity, availability, and privacy of information assets.
    • Data Owner: Responsible for labeling information assets and ensuring they are protected with appropriate controls.
    • Data Ownership Responsibility: The IT department should not be the data owner; data owners should be individuals from the business side who understand the data's content.
    • Selection of Data Owners: Data owners should be designated within their respective departments based on their knowledge of the data and its significance.

    Data States

    • Data at Rest: Data stored in databases, file systems, or storage systems, not actively moving.
      • Encryption Methods:
        • Full Disk Encryption (FDE): Encrypts the entire hard drive.
        • Partition Encryption: Encrypts specific partitions, leaving others unencrypted.
        • File Encryption: Encrypts individual files.
        • Volume Encryption: Encrypts selected files or directories.
        • Database Encryption: Encrypts data stored in a database at column, row, or table levels.
        • Record Encryption: Encrypts specific fields within a database record.
    • Data in Transit (Data in Motion): Data actively moving from one location to another.
      • Transport Encryption Methods:
        • SSL (Secure Sockets Layer) and TLS (Transport Layer Security): Secures communication over networks.
        • VPN (Virtual Private Network): Creates secure connections over less secure networks.
        • IPSec (Internet Protocol Security): Secures IP communications by authenticating and encrypting IP packets.
    • Data in Use: Data actively being created, retrieved, updated, or deleted.
      • Protection Measures:
        • Encryption at the Application Level: Encrypts data during processing.
        • Access Controls: Restricts access to data during processing.
        • Secure Enclaves: Isolated environments for processing sensitive data.

    Cryptography

    • The practice and study of writing and solving codes to hide information's true meaning.
    • Uses encryption to convert plaintext into ciphertext.
    • Provides data protection at rest, in transit, and in use.

    Data States

    • Data at Rest: Inactive data stored on devices.
    • Data in Transit: Data moving across networks.
    • Data in Use: Data actively being accessed or processed.

    Algorithm and Key

    • Algorithm (Cipher): Performs encryption or decryption.
    • Key: Essential for determining cipher output.

    Key Strength and Rotation

    • Key Length: Proportional to security, a good way to measure security.
    • Key Rotation: A best practice for security longevity, regular key changes are recommended.

    Symmetric and Asymmetric Encryption

    • Symmetric: Uses the same key for encryption and decryption.
    • Asymmetric: Uses a separate pair of keys for encryption and decryption, one for encryption and the other for decryption.

    Symmetric Algorithms

    • DES (Data Encryption Standard): Utilizes a 64-bit key, with 56 effective bits due to parity, and encrypts 64-bit blocks in 16 rounds.
    • Triple DES (3DES): Uses three 56-bit keys for increased security.
    • IDEA (International Data Encryption Algorithm): A block cipher with a 64-bit block size and a 128-bit key, known for its speed and security.
    • AES (Advanced Encryption Standard): Replaces DES and 3DES as the US government encryption standard, supporting various key lengths and block sizes.
    • Blowfish: A block cipher allowing flexible key sizes and good performance.
    • Twofish: A block cipher, offering 128-bit block size, and variable key sizes.
    • RC Cipher Suite (RC4, RC5, RC6): Created by Ron Rivest, offers various key sizes and security levels.

    Asymmetric Algorithms

    • Diffie-Hellman: Primarily used for key exchange and secure key distribution.
    • RSA: Used for key exchange, encryption, and digital signatures.
    • Elliptic Curve Cryptography (ECC): Efficient and secure method relying on elliptical curves.

    Hashing

    • A one-way cryptographic function that produces a unique message digest from an input.
    • Hash Digest: This digest acts like a digital fingerprint for the original data, providing security and integrity.
    • Common Hashing Algorithms: MD5 (Message Digest Algorithm 5), SHA (Secure Hash Algorithm) family, RIPEMD (RACE Integrity Primitive Evaluation Message Digest), and HMAC (Hash-based Message Authentication Code).

    Public Key Infrastructure (PKI)

    • A framework managing digital keys and certificates, facilitating secure data transfer.
    • Utilizes asymmetric encryption for secure communication and identity verification.

    Digital Certificates

    • Electronically signed credentials verifying entity identity for secure communications.
    • Use the X.509 Standard for digital certificates within PKI.

    Blockchain

    • A decentralized, immutable ledger ensuring data integrity and transparency.

    Encryption Tools

    • TPM (Trusted Platform Module): A hardware chip on a computer that provides cryptographic services.
    • HSM (Hardware Security Module): A physical device dedicated to handling cryptographic operations.
    • Key Management Systems (KMS): Software for securely storing and managing cryptographic keys.
    • Secure Enclave: A protected area within the CPU that handles encryption and decryption operations.

    Obfuscation

    • Methods used to make data less understandable or accessible, including:
    • Steganography: Hiding data within other data.
    • Tokenization: Replacing sensitive information with random values (tokens).
    • Data Masking: Replacing sensitive data with random characters.

    Cryptographic Attacks

    • Downgrade Attacks: Forcing a connection to use weaker cryptographic methods.
    • Collision Attacks: Finding two different inputs that result in the same hash digest.
    • Quantum Computing Threats: Quantum computers could potentially break some current cryptographic algorithms.

    Symmetric vs Asymmetric Encryption

    • Symmetric Encryption:

      • Same key for encryption/decryption.
      • Often referred to as private key encryption.
      • Requires shared secret keys.
      • Provides confidentiality.
      • Challenges with key distribution in large-scale usage.
    • Asymmetric Encryption:

      • Uses two separate keys (public and private).
      • Also known as “Public Key Cryptography.”
      • No need for shared secret keys.
      • Provides confidentiality, integrity, authentication, and non-repudiation.
      • Slower than symmetric but addresses key distribution challenges.

    Hybrid Approach

    • Combines symmetric and asymmetric encryption for optimal benefits.
    • Asymmetric encryption used for initial key exchange.
    • Symmetric encryption used for bulk data transfer.
    • Offers both security and efficiency.

    Stream Cipher

    • Encrypts data in a continuous stream, bit-by-bit or byte-by-byte.
    • Uses a keystream generator and exclusive XOR function for encryption.
    • Suitable for real-time communication data streams like audio and video.

    Block Cipher

    • Divides data into fixed-size blocks for encryption.
    • Commonly uses block sizes like 64, 128, or 256 bits.
    • Advantages include ease of implementation and security.

    Increasing Hash Security

    • Key Stretching: Lengthens and strengthens keys to resist attacks.
    • Salting: Adds random data to password hashes, making them unique.
    • Nonces (Number Used Once): Adds unique random numbers to authentication processes.

    Public Key Infrastructure (PKI)

    • A framework for managing digital keys and certificates supporting secure data transfer.

    Digital Certificates

    • Electronically signed documents binding a public key with a user's identity.
    • Use the X.509 Standard for digital certificates.

    Key Escrow

    • Storage of cryptographic keys in a secure location for retrieval in cases of key loss or for legal investigations.
    • Used to ensure that encrypted data is not permanently inaccessible in PKI.

    Certificate Authority (CA)

    • Trusted third party issuing digital certificates
    • Contains CA's information and digital signature
    • Validates and manages certificates

    Registration Authority (RA)

    • Collects user information for certificates
    • Forwards certificate requests to the CA for creation

    Certificate Signing Request (CSR)

    • Encoded text with information about the certificate requester
    • Includes the public key
    • Submitted to CA for certificate issuance
    • Private key remains secure with the requester

    Certificate Revocation List (CRL)

    • Maintained by CAs
    • List of revoked digital certificates
    • Checked before validating a certificate

    Online Certificate Status Protocol (OCSP)

    • Determines certificate revocation status using the serial number
    • Faster than CRL but less secure

    OCSP Stapling

    • Allows the certificate holder to get the OCSP record from the server
    • Includes OCSP record in the SSL/TLS handshake
    • Speeds up secure tunnel creation

    Public Key Pinning

    • Counters impersonation attacks by presenting trusted public keys
    • Alerts users if a fraudulent certificate is detected

    Key Escrow Agents

    • Securely store copies of private keys
    • Ensures key recovery in case of loss

    Key Recovery Agents

    • Specialized software for restoring lost or corrupted keys
    • Acts as a backup for certificate authority keys

    Trust in Digital Certificates

    • Compromised root CAs affect all issued certificates
    • Commercially trusted CAs are more secure
    • Self-managed CAs require vigilance against compromises

    Blockchain

    • Shared immutable ledger for transactions and asset tracking
    • Builds trust and transparency
    • Widely associated with cryptocurrencies like Bitcoin

    Block Structure

    • Chain of blocks linked chronologically
    • Each block contains:
      • Previous block's hash
      • Timestamp
      • Root transactions (hashes of individual transactions)

    Public Ledger

    • Secure and anonymous record-keeping system
    • Maintains participants' identities
    • Tracks cryptocurrency balances
    • Records all genuine transactions in a network

    Blockchain Applications

    Smart Contracts

    • Self-executing contracts with code-defined terms
    • Automated actions when conditions are met
    • Transparent, tamper-proof, and trust-enhancing

    Commercial Uses

    • Companies like IBM promote blockchain for commercial purposes
    • Permissioned blockchain used for business transactions
    • Enhances trust and transparency with immutable ledger

    Supply Chain Management

    • Transparency and traceability in the supply chain
    • Immutable records of product origin, handling, and distribution
    • Ensures compliance and quality control

    Broad Implications of Blockchain

    • Versatility: Applications across various industries
    • Decentralization: Eliminates need for central authorities
    • Immutable Ledger: Ensures data integrity, records cannot be altered
    • Digital Evolution: Reshapes traditional systems, offers transparency and trust in the digital era

    Encryption Tools

    TPM (Trusted Platform Module)

    • Dedicated microcontroller for hardware-level security
    • Protects digital secrets through integrated cryptographic keys
    • Used in BitLocker drive encryption for Windows devices
    • Adds security against software attacks

    HSM (Hardware Security Module)

    • Physical device for safeguarding and managing digital keys
    • Ideal for mission-critical scenarios like financial transactions
    • Performs encryption operations in a tamper-proof environment

    Key Management System

    • Manages, stores, distributes, and retires cryptographic keys
    • Centralized mechanism for key lifecycle management
    • Automates key management tasks in complex environments

    Secure Enclaves

    • Coprocessor integrated into the main processor
    • Isolated for secure data processing and storage
    • Safeguards sensitive data
    • Enhances device security by preventing unauthorized access

    Obfuscation Techniques in Data Security

    Steganography

    • Conceals messages within another to hide its existence
    • Involves altering image or data elements
    • Detection is challenging

    Tokenization

    • Substitutes sensitive data with non-sensitive tokens
    • Original data securely stored elsewhere
    • Tokens have no intrinsic value
    • Commonly used for payment systems

    Data Masking (Data Obfuscation)

    • Disguises original data to protect sensitive information
    • Maintains data authenticity and usability
    • Used in testing environments
    • Reduces risk of data breaches

    Cryptographic Attacks

    Downgrade Attacks

    • Force systems to use weaker cryptographic standards
    • Exploit vulnerabilities in outdated versions
    • Countermeasures include phasing out support for insecure protocols

    Collision Attacks

    • Find two different inputs producing the same hash output
    • Undermine data integrity verification relying on hash functions
    • Vulnerabilities in hashing algorithms can lead to collisions

    Quantum Computing Threat

    • Quantum computing uses quantum bits (qubits) for enormous processing power
    • Quantum communication relies on qubits for tamper-resistant and fast communications
    • Qubit represents multiple combinations of ones and zeros
    • Enables simultaneous processing of multiple combinations
    • Threat to traditional encryption algorithms by rapid factorization of prime numbers

    Post-quantum cryptography

    • New cryptographic algorithms resistant to quantum attacks
    • Methods include increasing key size and lattice-based cryptography
    • NIST selected four post-quantum cryptography standards:
      • CRYSTALS-Kyber: General encryption needs, digital signatures
      • CRYSTALS-Dilithium: Digital signatures
      • FLACON: General encryption needs, digital signatures
      • SPHINCS+: Digital signatures

    Risk Management Lifecycle

    • Risk Management is a fundamental process for identifying, analyzing, treating, monitoring, and reporting risks.
    • Risk Identification is a proactive process for recognizing potential risks that could hinder objectives. This process aims to create a comprehensive list by considering events that might prevent achieving goals.
    • Risk Analysis involves assessing the likelihood and potential impact of identified risks. This can be either qualitative or quantitative. The outcome is a prioritized list to guide risk treatment.
    • Risk Treatment involves developing strategies to manage risks. The main options are avoidance, reduction, sharing, or acceptance. The choice depends on the potential impact and risk tolerance.
    • Risk Monitoring is an ongoing process that tracks identified risks, monitors residual risks, identifies new risks, and reviews the effectiveness of risk management. This ensures dynamic responsiveness to organizational changes.
    • Risk Reporting communicates risk information and the effectiveness of risk management to stakeholders. It can be done through various forms such as dashboards, heat maps, and detailed reports. This is crucial for accountability and informed decision-making.

    Risk Assessment Frequency

    • Ad-hoc Risk Assessments are conducted on an as-needed basis, often in response to specific events or situations. These are used to address potential new risks or changes in existing risks.
    • Recurring Risk Assessments happen at regular intervals (e.g., annually, quarterly, monthly), as part of standard operating procedures for continual risk identification and management.
    • One-Time Risk Assessments are conducted for specific projects or initiatives. They are not repeated and are associated with a particular purpose.
    • Continuous Risk Assessments involve ongoing monitoring and evaluation of risks. This is enabled by technology, including real-time data collection and analysis, and used for proactive threat and vulnerability monitoring, facilitating quick responses.

    Risk Identification

    • Risk Identification is the crucial first step in risk management. It involves recognizing potential risks that could impact an organization. These risks can range from financial and operational to strategic and reputational.
    • Techniques used for risk identification include brainstorming, checklists, interviews, and scenario analysis.
    • Business Impact Analysis (BIA) evaluates the effects of disruptions on business functions. This identifies and prioritizes critical functions, assesses the impact of risks on these functions, and determines the required recovery time for each function.
    • Key Metrics in BIA:
      • Recovery Time Objective (RTO): Maximum acceptable time before severe impact; target time for restoring a business process.
      • Recovery Point Objective (RPO): Maximum acceptable data loss measured in time; point in time data must be restored to.
      • Mean Time to Repair (MTTR): Average time to repair a failed component or system; indicator of repair speed and downtime minimization.
      • Mean Time Between Failures (MTBF): Average time between system or component failures; measure of reliability.

    Risk Register

    • Risk Register records identified risks, descriptions, impacts, likelihoods, and mitigation actions. It is a key tool in risk management, often resembling a heat map risk matrix.
    • Components of Risk Register:
      • Risk Description: Identifies and describes the risk; clearly and concisely.
      • Risk Impact: Potential consequences of risk occurrence; rated on a scale (e.g., low, medium, high).
      • Risk Likelihood: Probability of risk occurrence; rated on a scale (e.g., numerical or descriptive).
      • Risk Outcome: Result of the risk if it occurs; linked to impact and likelihood.
      • Risk Level/Threshold: Determined by combining impact and likelihood, prioritizing risks (e.g., high, medium, low).
      • Cost: Financial impact on the project; includes potential expenses if it occurs, or the cost of risk mitigation.

    Risk Tolerance and Risk Appetite

    • Risk Tolerance/Risk Acceptance: An organization or individual's willingness to deal with uncertainty in pursuit of their goals. It's the maximum amount of risk they are willing to accept without countermeasures.
    • Risk Appetite: Willingness to pursue or retain risk. Types include:
      • Expansionary: Willing to take on more risk.
      • Conservative: Preference for less risk.
      • Neutral: Moderate approach to risk-taking.
    • Key Risk Indicators (KRIs): Predictive metrics that signal increasing risk exposure. These provide early warnings of potential risks, are tied to the organization's objectives, and used to monitor risk changes and take proactive steps.

    Risk Owner

    • Risk Owner: The person responsible for managing the risk. They monitor, implement mitigation actions, and update the Risk Register. They are accountable for risk management.

    Qualitative Risk Analysis

    • Qualitative Risk Analysis: Assesses risks based on potential impact and likelihood. It categorizes risks as high, medium, or low, using subjective evaluation based on experience and expertise.
    • Key Components:
      • Likelihood/Probability: Chance of risk occurrence; expressed qualitatively as low, medium, or high, based on past experience, statistical analysis, or expert judgment.
      • Impact: Potential consequences if the risk occurs; rated qualitatively as low, medium, or high. This assesses damage to project or business objectives.
      • Impact Levels:
        • Low Impact: Minor damage; essential functions remain operational.
        • Medium Impact: Significant damage; loss of assets.
        • High Impact: Major damage; essential functions are impaired.

    Quantitative Risk Analysis

    • Quantitative Risk Analysis: Provides an objective and numerical evaluation of risks, used for financial, safety, and scheduling decisions.
    • Key Components:
      • Exposure Factor (EF): Proportion of an asset lost in an event (0% to 100%). Indicates asset loss severity.
      • Single Loss Expectancy (SLE): Monetary value expected to be lost in a single event. Calculated as Asset Value x Exposure Factor (EF).
      • Annualized Rate of Occurrence (ARO): Estimated frequency of threat occurrence within a year; providing a yearly probability.
      • Annualized Loss Expectancy (ALE): Expected annual loss from a risk. Calculated as SLE x ARO.

    Risk Management Strategies

    • Risk Transference: Shifts risk to another party. This is common using methods like:
      • Insurance: Transfers financial responsibility for potential losses.
      • Contract Indemnity Clauses: Contractual agreement where one party agrees to cover the other’s harm, liability, or loss resulting from the contract.
    • Risk Acceptance: Acknowledge and deal with the risk if it occurs. This is chosen when the cost of managing the risk outweighs potential loss, or the risk is unlikely to have a significant impact. No actions are taken to mitigate the risk. Methods include:
      • Exemption: Excludes a party from a rule, assuming the risk of not complying with the rule or benefiting from its safeguards.
      • Exception: Allows a party to avoid a rule under specific conditions, assuming the risk of operating without safeguards or mitigations offered by the rule.
    • Risk Avoidance: Changing plans or strategies to eliminate a specific risk. This is chosen when the risk is too great to accept or transfer.
    • Risk Mitigation: Taking steps to reduce the likelihood or impact of the risk. This is common, and involves various actions.

    Risk Monitoring and Reporting

    • Risk Monitoring: Involves ongoing tracking of risks and their response actions. This helps in determining:
      • Residual Risk: Likelihood and impact of the risk after mitigation, transference, or acceptance actions have been taken on the initial risk.
      • Control Risk: Assessment of how a security measure has lost effectiveness over time.
    • Risk Reporting: Communicating information about risk management activities to stakeholders. This includes results of risk identification, assessment, response, and monitoring, often presented in a risk report.
    • Risk Monitoring and Reporting are essential for:
      • Informed Decision Making: Offers insights for informed decisions on resource allocation, project timelines, and strategic planning.
      • Risk Mitigation: Recognizes when a risk is escalating so it can be mitigated before it becomes an issue.
      • Stakeholder Communication: Helps set expectations and demonstrate effective risk management.
      • Regulatory Compliance: Demonstrate compliance with relevant regulations.

    Third-Party Vendor Risks

    • Vendors, suppliers, or service providers can pose security and operational challenges
    • Impacts integrity, data security, and business continuity

    Common Threat Vectors and Attack Surfaces

    • Attackers use various paths to gain access (threat vectors).
    • Attack surfaces are points where unauthorized users attempt entry.

    Types of Vulnerabilities

    • Hardware vulnerabilities can exist within components.
    • Applications might have hidden backdoors (software vulnerabilities).
    • Insufficient cybersecurity protocols lead to operational vulnerabilities.

    Vendor Assessments

    • Pre-partnership assessments are important for evaluating a vendor's security.
    • Penetration testing evaluates a vendor's security against simulated attacks.
    • Audits provide the right to examine a vendor's practices for compliance.
    • Audit evidence can come from both internal and external sources.

    Vendor Selection and Monitoring

    • Meticulous vendor selection is essential for minimizing risks.
    • Continuous monitoring of a vendor’s performance is crucial for ongoing risk management

    Contracts and Agreements

    • Basic contracts establish relationships, defining roles, responsibilities, and consequences.
    • Nuanced agreements like SLAs, MOUs, and NDAs provide specific safeguards.

    Supply Chain Risks

    • Hardware manufacturers, software developers, and service providers contribute to the supply chain.
    • Tampered or counterfeit devices can introduce vulnerabilities, and rigorous supply chain assessments are necessary.
    • Trusted foundry programs ensure secure manufacturing.
    • Secondary or aftermarket sources can increase risk, including potential malware or vulnerabilities.
    • Proper licensing, authenticity, known vulnerabilities, and malware scans are crucial for software.
    • Managed service providers offer technology services and support, while Software-as-a-Service (SaaS) providers face unique security challenges.
    • Evaluating data security measures, confidentiality, integrity, and cybersecurity protocols is essential.

    Supply Chain Attacks

    • Supply chain attacks target weak links to gain access to primary targets.
    • The CHIPS Act of 2022 aims to reduce reliance on foreign semiconductor supply chains and enhance national security.
    • Semiconductors are essential components in many products and can be vulnerable to attacks.

    Safeguarding Against Supply Chain Attacks

    • Vendor due diligence involves rigorous evaluation of vendor cybersecurity and supply chain practices.
    • Regular monitoring and audits help to detect suspicious activities.
    • Education, collaboration, and sharing threat information with industry peers are important.
    • Contracts should include cybersecurity clauses and legal consequences for non-compliance.

    Vendor Assessment

    • Vendor assessments evaluate the security, reliability, and performance of external entities.
    • Vendors, suppliers, and managed service providers are all subject to these assessments.
    • Penetration testing simulates cyberattacks to identify vulnerabilities in supplier systems.
    • Right-to-audit clauses enable organizations to evaluate vendor processes for compliance.
    • Internal audits are self-assessments by the vendor against industry or organizational requirements.
    • Independent assessments provide a neutral perspective on adherence to security or performance standards.
    • Supply chain analysis examines the entire vendor supply chain for security and reliability, ensuring integrity of all components.

    Vendor Selection and Monitoring

    • Vendor selection process mirrors hiring a team member, requiring due diligence and evaluation of financial stability, operational history, client testimonials, field practices and cultural alignment.
    • Vendor questionnaires provide insights into operations, capabilities, and compliance, while standardized criteria ensure fairness.
    • Rules of engagement define communication protocols, data sharing, and negotiation boundaries.
    • Vendor monitoring ensures ongoing alignment with organizational needs and standards through performance reviews.
    • Feedback loops facilitate two-way communication between the organization and the vendor.

    Contracts and Agreements

    • Basic contracts form a foundational framework for relationships
    • SLAs define expected service standards and include performance benchmarks and penalties.
    • MOAs outline specific responsibilities and roles, while MOUs express mutual intent without detailed specifics.
    • MSAs cover general terms for recurring client relationships, supplemented by Statements of Work.
    • SOWs detail project specifics, deliverables, timelines, and milestones.
    • NDAs ensure confidentiality of sensitive information and protect proprietary data.
    • Business Partnership Agreements (BPAs) or Joint Venture Agreements (JVAs) govern collaborations, including profit-sharing, decision-making, exit strategies, and intellectual property ownership.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz focuses on the concepts of sensitivity adjustment in relation to false rejection rate (FRR) and crossover error rate (CER) within the CompTIA Security+ framework. Evaluate your understanding of how these metrics affect authentication effectiveness.

    More Like This

    Use Quizgecko on...
    Browser
    Browser