Cyber Security Overview Quiz

Questions and Answers

What is the primary focus of cybersecurity?

Ensuring the safety of all types of information

Safeguarding digital information from cyber threats (correct)

Managing organizational data in paper form

Protecting physical documents from fire hazards

Which of the following threats does cybersecurity exclusively focus on?

Natural disasters like floods

Malware attacks (correct)

Unauthorized access to physical records

Theft of physical documents

What is the primary concern of information privacy?

The proper handling of personal information (correct)

The promotion of technology use

The development of cybersecurity policies

The encryption of network data

How does the scope of information security compare to that of cybersecurity?

Information security encompasses both physical and electronic forms of data.

Which of the following is NOT a goal of information security?

Data optimization

Which aspect is NOT considered a part of cybersecurity?

Physical theft of documents

How can confidentiality of digital information be maintained?

Using access controls and encryption

What can be classified as part of the threat landscape for information security?

Physical disasters affecting paper records

What is a significant consequence of a loss of integrity in digital assets?

Potential success of further attacks

Which statement correctly highlights a key difference between information security and cybersecurity?

Cybersecurity is a subset of information security.

Which concept ensures reliable access to information and systems?

Availability

What does the risk management aspect of cybersecurity primarily deal with?

Identifying and mitigating digital threats

What defines a computer vulnerability?

A defect that can be exploited

What is one of the main areas covered in the course on Cyber Security?

Incident Response and Recovery

Which of the following is a method to control the integrity of digital assets?

Logging and digital signatures

What is considered a threat in the context of computer security?

Anything that can cause serious harm to systems

What is the primary focus of cybersecurity?

Securing network and system infrastructures

Which statement accurately describes information security?

It encompasses policies for handling both digital and physical information.

What type of data does cybersecurity primarily concern itself with?

Digital data and communications

Which of the following is NOT a focus of information security?

Intrusion detection and prevention

Which of the following tools is primarily used in cybersecurity?

Antivirus software

What is the role of disaster recovery planning in information security?

Ensuring recovery of data and operations after disruptions

In contrast to information security, cybersecurity primarily addresses which of the following?

Technical measures against digital threats

Which of the following best describes the relationship between information security and cybersecurity?

Information security is broader and includes cybersecurity measures.

What is a vulnerability in the context of computer security?

Weaknesses or gaps in a security program.

Which of the following is NOT considered a type of vulnerability?

Hardware enhancements.

How is security risk defined mathematically?

Security Risk = Asset + Threat + Vulnerability

What does the Information Security Policy aim to protect?

Confidentiality, integrity, and availability of institutional data.

Which role is considered the weakest link in cybersecurity?

User

What must users do with regard to information security policies?

Report suspected vulnerabilities and misuse.

What type of data does the Information Security Policy seek to protect?

Any data owned or licensed by the institution.

Which of the following statements about securing information systems is accurate?

Security should be considered reasonable based on data sensitivity.

What should you do when discussing Restricted data?

Only discuss it with individuals who have a need to know.

Which method is appropriate for securely deleting files that contain Restricted data?

Use Identity Finder.

When handling electronic communications, what should you avoid?

Opening attachments from unknown sources.

What action should you take if you suspect a security breach?

Disconnect the computer from the network.

What does confidentiality in cyber security refer to?

Preventing unauthorized data disclosure.

What is a recommended practice for managing electronic communications?

Organize communications by project or work type.

Which of the following is a risky online behavior?

Clicking on shortened URLs without verification.

What should you use to dispose of paper-based media containing confidential information?

Cross shredder.

What should users do to safeguard institutional data from being stored on mobile devices?

Avoid storing restricted data on mobile computing devices

Which of the following is a recommended practice for password security?

Change your password periodically

What should users do if their computer is unattended?

Lock the computer to prevent unauthorized access

How should users handle public wireless networks?

Avoid connecting unless necessary

Which of the following actions is NOT recommended when transmitting restricted data?

Transmitting data via email

What is one of the best practices for protecting physical data in an office?

Lock file cabinets that store institutional data

What is an important action to take regarding operating system security?

Enable automatic software updates where available

Which type of data should be handled with the highest security measures?

Restricted data that requires strict controls

Study Notes

Cyber Security Overview

• Presented by Dr. Shrouk Hossam Eldien
• Course covers Cybersecurity & Information Security, focusing on different chapter topics.

Course Content

• Chapter 1: Cybersecurity & Information Security
• Chapter 2: Cyber Security Threats
• Chapter 3: Access Controls
• Chapter 4: Security Operations
• Chapter 5: Risk Identification, Monitoring, and Analysis
• Chapter 6: Incident Response and Recovery
• Chapter 7: Networks and Communications Security
• Chapter 8: Systems and Application Security
• Chapter 9: Operational Security
• Chapter 10: Security Best Practice
• Chapter 11: Cryptography

Information Security vs. Cybersecurity

• Information security (InfoSec) is broader, encompassing all aspects of protecting data, both physical and digital.
• Cybersecurity focuses specifically on digital assets, systems, and threats, a subset of information security. It primarily addresses electronic data storage, networks, and handling devices.

Threat Landscape

• Information Security: Considers a wider range, including physical threats (theft, unauthorized access, disasters).
• Cybersecurity: Exclusively concerned with digital threats (malware, hacking, data breaches, denial-of-service attacks, phishing).

Components

• Information Security: Includes access control policies.
• physical security (locks/alarms), disaster recovery, and policies for handling sensitive information in both digital and physical formats.
• Cybersecurity: Centers on technical controls like firewalls, intrusion detection/prevention, antivirus software, encryption, secure coding practices, and incident response to specific digital threats.

Emphasis on Network and Systems

• Information Security: Covers more than just networks and systems. It also includes policies related to document handling and storage
• Cybersecurity: Great emphasis on network and system security as these are primary attack vectors for digital threats. Protecting servers, endpoints, and infrastructure is important for cybersecurity.

Data Protection

• Information Security: Involves protecting data in all forms, including paper documents, hard drives, and physical records.
• Cybersecurity: Specifically focuses on protecting digital data (databases, files, communications) from access, theft, or alteration.

Goals of Information Security and Cyber Security

• Confidentiality: Protecting data from unauthorized disclosure, according to sensitivity and legal requirements, using access controls, file permissions, and encryption.
• Integrity: Ensuring information accuracy and completeness. This is crucial in preventing breaches and malicious activities, which can damage system availability and confidentiality. Use logging, digital signatures, hashes, encryption, and access controls to guarantee integrity.
• Availability: Ensuring timely and reliable access to systems and data by authorized users, crucial for functionality and productivity, via measures like backups, firewalls, and backup power supplies.

General Security Concepts

• Threat: Anything that could harm a computer system.
• Vulnerability: A defect in a system that allows an attack.
• Risk: Combination of vulnerabilities, assets, and threats.

Network, Operating System and Human Vulnerabilities

• Network Vulnerabilities: Insecure Wi-Fi, poorly configured firewalls.
• Operating System vulnerabilities: Default administrator accounts.
• Human vulnerabilities: The weakness of personnel in cybersecurity structures.

Information Security Policy

• Covers confidentiality, integrity, and availability, applicable to institutional data and systems.
• Defines institutional data as owned or licensed data.
• Defines information system as any electronic system storing, processing, or transmitting data.

Information Security Policy Policies

• Institutional data is protected throughout its lifecycle, considering sensitivity, value, and criticality.
• Information systems are secured appropriately based on the same criteria.
• Individuals accessing institutional data have associated roles and responsibilities.

Information Security Roles

• Users: Employees, contractors who have access to data and systems. Responsible for following policies, guidelines, procedures, reporting security breaches, and safeguarding institutional data.
• Data Agent
• Data Protector

Safeguarding Institutional Data (Specific User Responsbilities)

• Know your Data: Be mindful of the type of data. (Public, Private, Restricted)

• Protecting Electronic Data: Don't store Restricted data on personal devices.

• Avoid storing Restricted data on mobile computing devices.

• Avoid storing institutional data on personally owned computing devices.

• Don't store Restricted data on CDs, DVDs, USB thumb drives, etc.

• Don't transmit Restricted data via email and other insecure messaging solutions.

• Safeguarding your password: use strong passwords, avoid using the same passwords, change passwords regularly, and don't write them down or store them on insecure sites.

• Secure your computer: update operating systems, enable automatic software updates, install and maintain antivirus and firewall software.

• Protecting Physical Data. Close and lock when leaving your office. Lock file cabinets properly. Keep data out of plain view and don't leave data in visible locations.

• Protecting verbal data: Be mindful of surroundings Discussing Restricted Data.

• Disposing of Data: Place Data when not needed, Use Identity Finder for secure data deletion, and properly dispose of electronic and physical data media.

• Electronic Communications: Avoid opening attachments from untrusted sources and clicking suspicious links.

• Avoid clicking links in electronic communications from untrusted sources: Be wary of phishing scams.

• Additional Considerations: Use official email accounts for business, avoid personal accounts, organize data, and save copies of important outgoing email.

• Avoiding Risky Behaviors Online

• Be cautious when using file sharing applications

• Be cautious when browsing the web

• Be cautious when clicking on shortened URLs

• Avoid any responses to messages or links in pop-up windows

• Reporting any suspected security breach

• Disconnect the computer from the network, contact IT staff, notify users if there is a temporary service outage, preserve any log information, and wait for further instructions.

Description

Test your knowledge on Cybersecurity and Information Security with this comprehensive quiz. Covering essential topics like security operations, risk management, and cryptography, this quiz will help you understand critical concepts in protecting digital assets and systems.