Cyber Security Strategy and Ransomware Overview
39 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of a Cyber Security Strategy?

  • To identify potential risks only once a year
  • To implement physical security measures
  • To create a detailed manual for users
  • To outline how to secure assets over the next three to five years (correct)
  • What are security controls primarily used for?

  • To create encryption algorithms
  • To replace the need for cybersecurity training
  • To reduce the chances of threats exploiting vulnerabilities (correct)
  • To exploit vulnerabilities effectively
  • Which of the following describes Crypto Ransomware?

  • Malware that restricts access and demands a ransom for removal (correct)
  • An application that enhances system access for administrators
  • Malware that deletes files without user interaction
  • Software that protects against phishing attempts
  • What is the recommended lifespan for updating a Cyber Security Strategy?

    <p>Every three to five years, or sooner if needed</p> Signup and view all the answers

    What is NOT a typical feature of Cyber Security Controls?

    <p>Safeguards that enhance system performance</p> Signup and view all the answers

    What is the main purpose of a cybersecurity framework?

    <p>To manage risks in the digital world</p> Signup and view all the answers

    Which of the following statements about security and safety is true?

    <p>Safety focuses on human life, while security focuses on material protection</p> Signup and view all the answers

    What is the first requirement in physical security?

    <p>Ensuring life safety</p> Signup and view all the answers

    According to Bruce Schneier, what is the misconception about technology in security?

    <p>Technology alone can solve all security issues</p> Signup and view all the answers

    What aspect of cybersecurity strategies is highlighted as essential?

    <p>To match objectives with proper security controls</p> Signup and view all the answers

    What does the term 'event' refer to in the context of safety systems?

    <p>Any scenario that can affect safety and security</p> Signup and view all the answers

    What is NOT a focus of security systems?

    <p>Facilitating customer service</p> Signup and view all the answers

    Which of the following is a goal of physical security?

    <p>To ensure the continuity of business operations</p> Signup and view all the answers

    What are the three primary elements of the SAPMA framework?

    <p>Delay, Deter, Detect</p> Signup and view all the answers

    Which of the following is NOT a purpose of building entry point locks?

    <p>To prevent honest people from entry</p> Signup and view all the answers

    What type of physical control allows for biometric identification?

    <p>Card access controls</p> Signup and view all the answers

    Which of the following is a disadvantage of conventional locks?

    <p>They can be easily picked or duplicated</p> Signup and view all the answers

    Why should the number of gates in security areas be minimized?

    <p>To simplify security management</p> Signup and view all the answers

    What is the main purpose of using bollards in security?

    <p>To block vehicle access to buildings</p> Signup and view all the answers

    What characteristic should guard stations in high threat environments possess?

    <p>Bulletproof walls, doors, or windows</p> Signup and view all the answers

    What measures should be included in data center access control policies?

    <p>Posted control lists indicating allowed personnel</p> Signup and view all the answers

    What is a common characteristic of a botnet?

    <p>A network of infected computers controlled by a single entity.</p> Signup and view all the answers

    Which of the following is NOT a type of ransomware mentioned?

    <p>CryptoProbe</p> Signup and view all the answers

    Which method is commonly used by cybercriminals to hide their command and control servers?

    <p>Using encryption techniques.</p> Signup and view all the answers

    What is the primary purpose of phishing emails?

    <p>To trick recipients into providing sensitive information.</p> Signup and view all the answers

    Which of these ransomware variants has the distinguished characteristic of being Ransomware as a Service (RaaS)?

    <p>Encryptor RaaS</p> Signup and view all the answers

    What distinguishes drive-by downloads from other forms of malware delivery?

    <p>They automatically install malware through web browsing without user consent.</p> Signup and view all the answers

    Which of the following is an example of a legitimate website that could host malicious code?

    <p>Any reputable online store.</p> Signup and view all the answers

    What is a common way ransomware demands payment from victims?

    <p>By directing victims to cryptocurrency payment methods.</p> Signup and view all the answers

    How are malicious apps typically spread to users?

    <p>By users willingly downloading them without caution.</p> Signup and view all the answers

    What does the existence of numerous crypto-ransomware families indicate about the threat landscape?

    <p>There is a significant increase in cybercriminal activity and innovation.</p> Signup and view all the answers

    Which of the following is considered a human-made threat to physical security?

    <p>Terrorist attacks</p> Signup and view all the answers

    What is the primary purpose of the CPNI?

    <p>To provide advice on reducing vulnerability to threats</p> Signup and view all the answers

    Which of the following is NOT a component of a layered defense model?

    <p>Security personnel training</p> Signup and view all the answers

    Which of the following factors should be considered in a detailed site selection process?

    <p>Neighborhood crime rates</p> Signup and view all the answers

    Which of the following primarily deals with chemical, biological, and radiological threats?

    <p>CBR</p> Signup and view all the answers

    What is a major concern when planning for natural disaster threats to physical security?

    <p>Historical weather patterns</p> Signup and view all the answers

    In the context of physical security, what does having a plan primarily involve?

    <p>Emergency preparedness and protocol</p> Signup and view all the answers

    Which of the following is an example of a utility system threat?

    <p>Power outage</p> Signup and view all the answers

    Study Notes

    Cyber Security Strategy

    • A cyber security strategy is a high-level plan to secure assets over three to five years.
    • The plan should be updated sooner than three years as technology and cyber threats evolve quickly.

    Cyber Security Controls

    • Security controls are countermeasures that reduce the risk of threats exploiting vulnerabilities.
    • Controls help with developing and implementing a cyber security strategy.

    Top Security Threats

    • Crypto ransomware is malware that restricts access to infected systems and demands payment for removal.
    • Examples of ransomware tactics include encrypting personal files, locking system access, and overloading system resources.

    Crypto Ransomware Families

    • Many ransomware families have emerged over time, including notable ones like WannaCry, BadRabbit, LockDroid, KeRanger, and CryptoApp.
    • The number of crypto-ransomware families has increased from 2005 to 2017.

    Addressing Ransomware

    • The decision to pay a ransom is complex and debated.
    • Security controls can help prevent ransomware attacks, such as:
      • Regularly backing up critical data
      • Maintaining updated software and patches
      • Implementing strong passwords
      • Training users to identify and avoid phishing scams

    Cyber Security Framework

    • A cyber security framework is a system of standards, guidelines, and best practices for managing digital risks.
    • Implementing security controls aligns with cyber security strategy objectives, like preventing unauthorized access.

    Physical Security

    • Physical security refers to the measures taken to protect physical assets and people from threats.
    • It prioritizes life safety over facility safety in emergency situations.

    Threats to Physical Security

    • Physical security threats include:
      • Natural disasters (earthquakes, floods, storms, fires)
      • Utility system failures (communication and power outages)
      • Human-made events (explosions, vandalism, theft, terrorist attacks, riots)

    CPNI (Centre for the Protection of National Infrastructure)

    • CPNI is a UK government authority that provides security advice to national infrastructure organizations.
    • Their mission is to reduce vulnerability to terrorism and other threats.
    • CPNI offers free advice to industry, including:
      • General security advice
      • Physical security guidelines
      • Personnel security
      • Cyber security

    CBR (Chemical, Biological and Radiological Defence)

    • CBR focuses on defense against chemical, biological, and radiological threats.
    • It involves implementing measures like:
      • Filter air conditioning systems
      • Planning for quick shutdown of systems that spread airborne hazards
      • Ensuring doors and windows can be closed quickly
      • Having a well-defined plan for response

    A Layered Defense Model

    • A layered defense model involves multiple layers of physical security controls to protect assets:
      • Perimeter security
      • Building grounds security
      • Building entrance security
      • Building floors/office suites security
      • Offices/data centers
      • Equipment, supplies, and media security

    Site Selection and SAPMA

    • A detailed site selection process is crucial for physical security.
    • SAPMA (Security Assessment for Protectively Marked Assets) evaluates security based on three key elements:
      • Delay: Measures that slow down attackers (e.g., secure storage)
      • Deter: Measures that discourage attackers (e.g., entry control)
      • Detect: Measures that identify attacks (e.g., video surveillance)

    Delaying Attacks

    • Secure storage involves using containers and locks.
    • Perimeter security includes fences and other barriers.

    Deterrent Measures

    • Entry control includes measures like visitor control and access oversight.
    • Compliance checks, such as searches, can be a deterrent.

    Controlled Access Points

    • Gates and bollards provide controlled access points and deter vehicle intrusion.

    Guards and Guard Stations

    • Guards serve as deterrents but require motivation and attentiveness.
    • Guard stations must offer visibility and access control.

    Data Center Security

    • Data center security includes:
      • Constructing rooms with solid, fire-proof walls
      • Implementing multi-factor access controls
      • Posting access control lists
      • Using CCTV for surveillance

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers essential aspects of cyber security strategy, focusing on security controls, major threats like crypto ransomware, and trends in ransomware families. It emphasizes the importance of developing a long-term plan to counter evolving cyber threats and outlines effective measures for addressing ransomware incidents.

    More Like This

    Test Your Knowledge
    5 questions

    Test Your Knowledge

    ClearNovaculite8387 avatar
    ClearNovaculite8387
    Cybersecurity Risk Management Framework
    5 questions
    Use Quizgecko on...
    Browser
    Browser