Cyber Security Fundamentals: Introduction to Security

Questions and Answers

Which of the following is the BEST definition of cybersecurity?

• The process of identifying and exploiting vulnerabilities in a system.
• The act of bypassing security controls to gain unauthorized access.
• The technologies, processes, and practices designed to protect digital systems from attack, damage, or unauthorized access. (correct)
• The use of physical barriers to protect computer hardware.

Configuration management is considered a managerial control in cybersecurity.

False (B)

Which of the following is a PRIMARY goal of cybersecurity?

• To protect networks, computers, programs, and data from attack, damage, or unauthorized access. (correct)
• To ensure systems are aesthetically pleasing and easy to use.
• To guarantee that all data is publicly accessible for transparency.
• To maximize system performance, even at the expense of security.

In the context of cybersecurity, what does 'vulnerability' refer to?

A weakness in a system that can be exploited by a threat. (B)

What is the goal of 'risk mitigation' in cybersecurity?

reducing the chances that a threat will exploit a vulnerability

Which of the following is an example of a 'technical control'?

Encryption (B)

A ______ control operates during the progress of an attack.

detective

Match the following security control types with their descriptions:

Preventative = Stops the threat from occurring Detective = Identifies the threat while it is occurring Corrective = Remedies the effects of a threat after it has occurred Deterrent = Discourages potential attackers

Which of the following BEST describes the purpose of preventative security controls?

To stop a threat from occurring in the first place. (A)

The 'ARP' command is used to test basic network connectivity.

False (B)

What type of security goal focuses on ensuring that data is accessible to authorized users when they need it?

Availability (B)

Hashing algorithms are primarily used to achieve which of the following cybersecurity objectives?

Integrity (A)

Firewalls, Access Control Lists, and Encryption are confidentiality controls that prevent unauthorized access to information.

True (A)

In the context of Access Controls, what does Authorization primarily grant to users?

Specific privileges within a system or application. (B)

The 'CIA Triad' stands for Confidentiality, Integrity, and ______.

availability

Which of the following is NOT an example of a physical security control?

Intrusion detection system (B)

What is the primary purpose of a 'compensating control' in cybersecurity?

To provide an alternative control when a primary control is not feasible or effective. (B)

Corrective controls are implemented before an attack takes place to prevent it from occurring.

False (B)

What type of security control is an Intrusion Detection System (IDS) primarily designed to be?

Detective (A)

What is the purpose of using 'Netstat'?

show network status and protocol statistics

Which of the following is an example of risk?

Likelihood that a threat will exploit a vulnerability (A)

Which of the following BEST describes the function of a firewall?

To monitor incoming and outgoing network traffic. (C)

Availability means that certain information should only be known to certain people.

False (B)

What is the purpose of hardening as a Preventative Security Control?

To stop the threat from occurring (C)

Which type of control is intended to discourage potential attackers?

Deterrent (A)

A ______ control is used after an attack.

corrective

What is the purpose Security Information and Event Management (SIEM)?

security information and event management

Physical and environmental security protection is considered a Managerial Control.

False (B)

What is least privilege principle?

Technical control (C)

Match the each Windows command to its description

Ipconfig = used to display network interfaces configuration information Ping = Test connectivity in network Netstat = displays that show network status ARP = displays translation tables used by the Address in Networks and communication management

Flashcards

Cybersecurity

Protecting networks, computers, programs, and data from attack, damage, or unauthorized access.

Confidentiality

Ensuring information is accessible only to authorized individuals.

Integrity

Maintaining the accuracy and completeness of information.

Availability

Ensuring timely and reliable access to information and resources.

Threats

Harmful events that can exploit vulnerabilities.

Vulnerabilities

Weaknesses in a system that can be exploited.

Risk

The likelihood of a threat exploiting a vulnerability.

Risk Mitigation

Actions to reduce the likelihood of a threat exploiting a vulnerability.

Managerial Controls

Controls that are primarily administrative in function.

Operational Controls

Controls that ensure the day-to-day operations of an organization comply with security policy.

Technical Controls

Encryption, antivirus software, and firewalls.

Preventative Controls

Security measures implemented before an attack occurs.

Detective Controls

Security measures that identify and record security events.

Corrective Controls

Security measures used to restore conditions to normal after a security event.

Physical Controls

Physical measures, such as locks and cameras, used to protect assets.

Deterrent Controls

Controls designed to discourage potential attackers.

Compensating Controls

Alternative controls implemented when a primary control is not feasible.

Encryption

A process that translates plaintext to ciphertext using algorithms.

Firewall

A network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Access Controls

A data security process that enables authorized access to corporate data and resources.

Authentication

Verifying a user's identity.

Authorization

Granting users specific levels of access based on their identity.

Hashing

Functions or algorithms to map object data to a representative integer value.

Integrity Monitoring Solutions

A tool designed to detect and alert on changes to key files, folders, and registry settings.

Availability

Information is accessible to those authorized to view or modify it.

Fault Tolerance

The ability of a system to continue operating without interruption, even if several components fail.

Scalability

Simply refers to the ability of an application or a system to handle a huge volume of workload or expand.

Patching

A set of changes to a computer program or its supporting data designed to update, fix, or improve it.

Hardening

A preventative control that operates before an attack can take place

Study Notes

• Cyber Security Fundamentals is course number 1506140 at Zarqa University
• Introduction to Security is the first topic

Overview of Core Security

• Understanding core security goals
• Introducing vulnerability, threat, and risk basic concepts
• Understanding security controls

Managerial Security Controls

• Risk assessments are a type of managerial control
• Vulnerability assessments are managerial controls

Operational Security Controls

• Awareness and training
• Configuration management
• Media protection
• Physical and environmental protection

Technical Security Controls

• Encryption
• Anti-virus software
• Intrusion Detection Systems (IDSs)
• Intrusion Prevention Systems (IPSs)
• Firewalls
• Least Privilege

Security Control Functional Types

• Preventative Controls
• Detective Controls
• Corrective and Recovery Controls
• Physical Controls
• Deterrent Controls
• Compensating Controls

Cybersecurity Definition

• Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage or unauthorized access in a computing context

Cybersecurity Objectives

• Confidentiality is a cybersecurity objective
• Integrity is a cybersecurity objective
• Availability is a cybersecurity objective

CIA Controls

• Firewalls relate to Confidentiality
• Access Control Lists relate to Confidentiality
• Encryption relates to Confidentiality
• Hashing relates to Integrity
• Integrity Monitoring Solutions relate to Integrity
• Fault Tolerance relates to Availability
• Scalability relates to Availability
• Patching relates to Availability
• Redundancy or Backups relates to Availability

CIA Triad: Confidentiality

• Confidentiality means that certain information should only be known to certain people
• This ensures that unauthorized individuals are not able to gain access to sensitive information.
• Confidentiality controls include: firewalls, access control lists, and encryption
• Confidentiality controls prevent unauthorized access to information.
• Attackers try to undermine confidentiality controls to achieve unauthorized disclosure of sensitive information.

Confidentiality

• Achieved by encryption, translates plaintext to ciphertext by using algorithms
• Firewalls are network security devices that monitor traffic and decides whether to allow or block traffic based on defined rules
• Access controls are a data security process that enables organizations to control who is authorized to access corporate data and resources.
• Identification: Users prove their identity.
• Authentication: Users prove they are who they claim to be.
• Authorization: Grants users privileges.

CIA Triad: Integrity

• Integrity means data is stored and transferred as intended
• Any modification needs to be authorized
• Designed to make sure there are no unauthorized modifications to information or systems, either intentionally or unintentionally
• Integrity controls, such as hashing and integrity monitoring solutions, seek to enforce this requirement
• Integrity threats may come from attackers seeking alteration of information, without authorization, or from non-malicious sources like power spikes causing data corruption

Integrity Measures

• Hashing uses functions or algorithms to map object data to a representative integer value
• Integrity monitoring solutions are tools designed to detect and alert changes to key files, folders, and registry settings

CIA Triad: Availability

• Availability means that information is accessible to those authorized to view or modify it
• Designed to ensure information and systems are ready to meet legitimate user needs when requested
• Availability controls include fault tolerance and backups
• These controls seek to ensure, legitimate users can gain access when needed
• Availability threats may originate from attackers seeking disruption or non-malicious sources(fire in the datacenter)

Availability Measures

• Fault tolerance ensures a system continues operating without interruption, even if several components fail
• Redundancy or backups ensure that data gets replicated in case of errors
• Scalability refers to the ability of an application or system to handle a large workload or expand
• Patching involves a set of changes to a computer program or its supporting data designed

Basic Risk Concepts

• Threats are harmful events, such as attacks
• Vulnerabilities are any weakness
• Risk is the likelihood that a threat will exploit a vulnerability
• Risk mitigation reduces the chances that a threat will exploit a vulnerability by implementing controls

Security Controls Defined

• Managerial controls are primarily administrative
• Operational controls help ensure day-to-day operations comply with security policy
• Technical Security Controls has no definition

Security Control Examples

• Managerial Controls include Risk assessments & Vulnerability assessments
• Operational Controls include Awareness and training, Configuration management, Media protection, & Physical and environmental protection
• Technical Controls include Encryption, Antivirus software, Intrusion detection systems (IDS), Intrusion prevention system (IPS) & Firewalls

Security Control Functional Types

• Preventative Controls operate before an attack can take place
  • Examples are hardening and training
• Detective Controls operate during the progress of an attack
  • Examples are logging and system audits
• Corrective Controls are used after an attack
  • Examples are Backups & incident handling processes
• Physical Controls include alarms, locks, lighting, security cameras, and guards that deter and detect access to premises and hardware

Compensating and Deterrent Controls

• Compensating Controls serve as a substitute for a principal control, and affords the same (or better) level of protection
• Compensating controls use a different methodology or technology
• Deterrent controls may not physically or logically prevent access but discourage an attacker from attempting an intrusion
• Deterrent controls include signs and warnings of legal penalties against trespass or intrusion
• Deterrent controls attempt to discourage individuals from causing an incident
• Deterrent controls are like cable locks, or even locks on hardware devices

Prevention vs Deterrent

• Deterrent encourages people to decide not to take an undesirable action
• Prevention stops them from taking an undesirable action
• Security guards can be both

Command Line Tips

• Ipconfig is used to display information about your network configuration
• Ping is a basic command to test connectivity
• Netstat generates displays that show network status and protocol statistics.
• ARP (Address Resolution Protocol) displays and modifies the Internet-to-adapter address translation tables.