Section 1: Cyber Incident Response Plan

Questions and Answers

What is the first step in developing a Cyber Incident Response Plan (IRP)?

Outlining Communication Procedures

Establishing Roles and Responsibilities (correct)

Creating Backup Communication Methods

Compiling Incident Information

Which component is NOT part of the IR team during an incident?

Technical Personnel

Marketing Manager (correct)

Chief Information Security Officer

Legal Counsel

What should be established to ensure communication during an incident?

Backup communication methods (correct)

Use of personal devices for communication

Strict protocols to avoid communication

Regular team meetings before an incident

In the context of a cyber IRP, which action is critical in addressing public relations?

Handling reporting of the incident to the media

Which of the following is a crucial step when compiling incident information?

Informing stakeholders who may be affected

What is the primary purpose of conducting a cyber risk assessment?

To provide executives with needed information for risk response

Which of the following is NOT a benefit of conducting regular risk assessments?

Modification of business missions to increase profitability

Which method of risk measurement is characterized by subjective evaluations of probability and impact?

Qualitative Assessment

What is a key outcome of identifying risks during a cyber risk assessment?

Insight into improving organizational processes and infrastructure

Which of the following statements correctly describes a quantitative assessment?

It utilizes numerical data to assess risk levels and costs

What is one of the main phases of the risk assessment process?

Gathering information about potential threats

How can organizations use the findings from risk assessments?

To make informed decisions about risk management strategies

Why is the human factor considered a weak link in organizational cybersecurity?

Humans tend to make errors, increasing the risk of cyber threats.

What approach should organizations take when implementing cybersecurity training for employees?

A tailored approach relevant to each employee's role.

Which of the following is a crucial element of effective employee training in cybersecurity?

Continuous updates and relevant training sessions.

What type of training sessions are suggested for keeping employees aware of cybersecurity threats?

Both classroom learning and practical phishing drills.

What specific knowledge should employees acquire during cybersecurity training?

The role and responsibility in a cyber-smart environment.

Which of the following best describes the consequence of inadequate cybersecurity training for employees?

The organization may face increased vulnerability to attacks.

What is an essential consideration for organizations when organizing cybersecurity training?

Ensuring the training is relevant and ongoing.

What should employees be particularly vigilant about through cybersecurity training?

The different types of cyber-attacks they may encounter.

Why is it important for organizations to communicate effectively about cyber incidents?

To ensure collective responsibility and awareness.

What is a potential consequence of not having up-to-date patches on a web server?

Vulnerability to control by attackers

Which remediation step is suggested for inadequate input validation vulnerabilities?

Updating the application to include input validation

What critical aspect should an incident response team examine during the lessons learned stage?

Areas for improving response effectiveness

Why might personnel fail to recognize a cyber incident promptly?

Lack of sufficient training and expertise

What should an incident response team do to protect evidence during a cyber incident?

Isolate and secure the evidence effectively

In the context of incident response planning, what is the primary goal of developing an incident response plan (IRP)?

To prepare the organization for potential cyber-attacks

What possible recommendation might follow an incident review that indicates prolonged containment efforts?

Advance training programs for response personnel

What might signify that a database is poorly secured during an attack?

The database is located on the web server itself

What should be included in the report prepared by the incident response team after an incident review?

Findings, recommendations, and changes to procedures

What is a common reason for the corruption of evidence during an incident response?

Inadequate recognition of the need to protect evidence

What is the maximum fine for non-compliance with the Personal Data Protection Act?

SGD 1 million

Which of the following is NOT one of the key obligations regarding personal data protection?

Providing data to third parties without consent

What could be a consequence of a data breach besides financial penalties?

Loss of reputation

Which of the following organizations is recommended to familiarize themselves with personal data protection laws?

Organizations that collect personal data

Which of these measures can organizations take to remain compliant with personal data laws?

Regularly refer to important legal websites

What type of personal data is covered under the Personal Data Protection Act?

Any information that can identify an individual when combined

What did the SingHealth hacking incident demonstrate about data protection?

Data breaches can lead to severe financial repercussions

What type of actions can regulators impose for violation of personal data regulations?

Financial fines and penalties

Which is a recommended best practice for organizations to maintain compliance?

Conduct regular security assessments

Which statement best reflects the impact of non-compliance with personal data obligations?

It can lead to a combination of legal, reputational, and financial consequences

Study Notes

Best Practices in Cyber Security

• Cybersecurity landscape in Singapore is covered in a report published by the Cyber Security Agency.
• Key cyber threats in 2020 included website defacements (495), ransomware (89), phishing (47,000), malware (botnet drones 6,600), and cybercrime (16,117).
• COVID-19 pandemic sparked a global surge in cybercrime in 2020.
• More than 1,500 SingPass accounts were cracked, possibly exposing user information.

Cybersecurity Landscape in Singapore

• Cyber Security Agency has published the Singapore Cyber Landscape 2018 report which outlines key cyber threats.
• Phishing attempts reached 47,000 with a Singapore link.
• Ransomware cases increased by 154% in 2020 compared to 2019.
• Cybercrime accounted for 43% of overall crime in 2020.
• Website defacements decreased by 43% from 2019.
• 6,600 botnet drones were detected daily on average.

Vaccine-related Cyber-attacks

• The entire vaccine value chain was targeted, including research, production, regulation and distribution.
• Several state-sponsored APT groups targeted companies involved in COVID-19 vaccine development.
• The European Medicines Agency (EMA) was breached.

SolarWinds Supply-Chain Attack

• Hackers targeted victims through the trusted vendor SolarWinds.
• 18,000 organizations downloaded a tainted update of SolarWinds.
• Malware was injected named Sunburst.

Cyber Hygiene Habits

• Cybersecurity is everyone's responsibility.
• Employees should protect information assets from unauthorized access and modifications.
• Cyber hygiene habits help in deterring potential threats.

Risk Assessment

• A cyber risk assessment is the first step in the risk management process.
• This involves identifying potential risks and threats to an organization.
• Risk management helps organizations deploy controls in a cost-effective manner.

Security Processes and Technologies

• Identification, authentication, authorization, auditing, and accounting are crucial security controls.
• Mechanisms like passwords, biometrics, and tokens are used for authentication.
• Firewalls filter network traffic, preventing malicious activity.
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are crucial for detecting and mitigating potential threats.

Regulatory Developments on Cybersecurity

• Singapore has several legislative measures for cybersecurity: Computer Misuse Act, Cybersecurity Act, and Personal Data Protection Act.
• Hacking and unauthorized access are offences under the Computer Misuse Act.
• Singapore authorities like SingCERT provide alerts, advisories and patches for vulnerable software.
• Fines up to SGD100,000 or jail time can result for non-compliance of regulations.

Incident Preparedness and Response

• Cyber security incidents can cause confidentiality, integrity, and availability issues.
• Incident response management plans must contain phases including detection, response, mitigation and reporting.
• Incident response is crucial to minimize the impact of cyber security incidents.
• IT environments need methods for identifying threats like firewalls, antivirus systems and user reports.
• Response steps include investigating the incident, assessing the damage, and collecting evidence.
• Post incident, measures are critical to prevent similar events, like patching security flaws and updating security protocols.

Description

Test your knowledge on developing a Cyber Incident Response Plan (IRP) and understanding the key components involved in cyber risk assessments. This quiz covers critical steps, communication strategies, and the evaluation methods used in risk management. Perfect for cybersecurity professionals looking to enhance their expertise.