Podcast
Questions and Answers
What is the primary purpose of a Cyber Security Strategy?
What is the primary purpose of a Cyber Security Strategy?
What are security controls primarily used for?
What are security controls primarily used for?
Which of the following describes Crypto Ransomware?
Which of the following describes Crypto Ransomware?
What is the recommended lifespan for updating a Cyber Security Strategy?
What is the recommended lifespan for updating a Cyber Security Strategy?
Signup and view all the answers
What is NOT a typical feature of Cyber Security Controls?
What is NOT a typical feature of Cyber Security Controls?
Signup and view all the answers
What is the main purpose of a cybersecurity framework?
What is the main purpose of a cybersecurity framework?
Signup and view all the answers
Which of the following statements about security and safety is true?
Which of the following statements about security and safety is true?
Signup and view all the answers
What is the first requirement in physical security?
What is the first requirement in physical security?
Signup and view all the answers
According to Bruce Schneier, what is the misconception about technology in security?
According to Bruce Schneier, what is the misconception about technology in security?
Signup and view all the answers
What aspect of cybersecurity strategies is highlighted as essential?
What aspect of cybersecurity strategies is highlighted as essential?
Signup and view all the answers
What does the term 'event' refer to in the context of safety systems?
What does the term 'event' refer to in the context of safety systems?
Signup and view all the answers
What is NOT a focus of security systems?
What is NOT a focus of security systems?
Signup and view all the answers
Which of the following is a goal of physical security?
Which of the following is a goal of physical security?
Signup and view all the answers
What are the three primary elements of the SAPMA framework?
What are the three primary elements of the SAPMA framework?
Signup and view all the answers
Which of the following is NOT a purpose of building entry point locks?
Which of the following is NOT a purpose of building entry point locks?
Signup and view all the answers
What type of physical control allows for biometric identification?
What type of physical control allows for biometric identification?
Signup and view all the answers
Which of the following is a disadvantage of conventional locks?
Which of the following is a disadvantage of conventional locks?
Signup and view all the answers
Why should the number of gates in security areas be minimized?
Why should the number of gates in security areas be minimized?
Signup and view all the answers
What is the main purpose of using bollards in security?
What is the main purpose of using bollards in security?
Signup and view all the answers
What characteristic should guard stations in high threat environments possess?
What characteristic should guard stations in high threat environments possess?
Signup and view all the answers
What measures should be included in data center access control policies?
What measures should be included in data center access control policies?
Signup and view all the answers
What is a common characteristic of a botnet?
What is a common characteristic of a botnet?
Signup and view all the answers
Which of the following is NOT a type of ransomware mentioned?
Which of the following is NOT a type of ransomware mentioned?
Signup and view all the answers
Which method is commonly used by cybercriminals to hide their command and control servers?
Which method is commonly used by cybercriminals to hide their command and control servers?
Signup and view all the answers
What is the primary purpose of phishing emails?
What is the primary purpose of phishing emails?
Signup and view all the answers
Which of these ransomware variants has the distinguished characteristic of being Ransomware as a Service (RaaS)?
Which of these ransomware variants has the distinguished characteristic of being Ransomware as a Service (RaaS)?
Signup and view all the answers
What distinguishes drive-by downloads from other forms of malware delivery?
What distinguishes drive-by downloads from other forms of malware delivery?
Signup and view all the answers
Which of the following is an example of a legitimate website that could host malicious code?
Which of the following is an example of a legitimate website that could host malicious code?
Signup and view all the answers
What is a common way ransomware demands payment from victims?
What is a common way ransomware demands payment from victims?
Signup and view all the answers
How are malicious apps typically spread to users?
How are malicious apps typically spread to users?
Signup and view all the answers
What does the existence of numerous crypto-ransomware families indicate about the threat landscape?
What does the existence of numerous crypto-ransomware families indicate about the threat landscape?
Signup and view all the answers
Which of the following is considered a human-made threat to physical security?
Which of the following is considered a human-made threat to physical security?
Signup and view all the answers
What is the primary purpose of the CPNI?
What is the primary purpose of the CPNI?
Signup and view all the answers
Which of the following is NOT a component of a layered defense model?
Which of the following is NOT a component of a layered defense model?
Signup and view all the answers
Which of the following factors should be considered in a detailed site selection process?
Which of the following factors should be considered in a detailed site selection process?
Signup and view all the answers
Which of the following primarily deals with chemical, biological, and radiological threats?
Which of the following primarily deals with chemical, biological, and radiological threats?
Signup and view all the answers
What is a major concern when planning for natural disaster threats to physical security?
What is a major concern when planning for natural disaster threats to physical security?
Signup and view all the answers
In the context of physical security, what does having a plan primarily involve?
In the context of physical security, what does having a plan primarily involve?
Signup and view all the answers
Which of the following is an example of a utility system threat?
Which of the following is an example of a utility system threat?
Signup and view all the answers
Study Notes
Cyber Security Strategy
- A cyber security strategy is a high-level plan to secure assets over three to five years.
- The plan should be updated sooner than three years as technology and cyber threats evolve quickly.
Cyber Security Controls
- Security controls are countermeasures that reduce the risk of threats exploiting vulnerabilities.
- Controls help with developing and implementing a cyber security strategy.
Top Security Threats
- Crypto ransomware is malware that restricts access to infected systems and demands payment for removal.
- Examples of ransomware tactics include encrypting personal files, locking system access, and overloading system resources.
Crypto Ransomware Families
- Many ransomware families have emerged over time, including notable ones like WannaCry, BadRabbit, LockDroid, KeRanger, and CryptoApp.
- The number of crypto-ransomware families has increased from 2005 to 2017.
Addressing Ransomware
- The decision to pay a ransom is complex and debated.
- Security controls can help prevent ransomware attacks, such as:
- Regularly backing up critical data
- Maintaining updated software and patches
- Implementing strong passwords
- Training users to identify and avoid phishing scams
Cyber Security Framework
- A cyber security framework is a system of standards, guidelines, and best practices for managing digital risks.
- Implementing security controls aligns with cyber security strategy objectives, like preventing unauthorized access.
Physical Security
- Physical security refers to the measures taken to protect physical assets and people from threats.
- It prioritizes life safety over facility safety in emergency situations.
Threats to Physical Security
- Physical security threats include:
- Natural disasters (earthquakes, floods, storms, fires)
- Utility system failures (communication and power outages)
- Human-made events (explosions, vandalism, theft, terrorist attacks, riots)
CPNI (Centre for the Protection of National Infrastructure)
- CPNI is a UK government authority that provides security advice to national infrastructure organizations.
- Their mission is to reduce vulnerability to terrorism and other threats.
- CPNI offers free advice to industry, including:
- General security advice
- Physical security guidelines
- Personnel security
- Cyber security
CBR (Chemical, Biological and Radiological Defence)
- CBR focuses on defense against chemical, biological, and radiological threats.
- It involves implementing measures like:
- Filter air conditioning systems
- Planning for quick shutdown of systems that spread airborne hazards
- Ensuring doors and windows can be closed quickly
- Having a well-defined plan for response
A Layered Defense Model
- A layered defense model involves multiple layers of physical security controls to protect assets:
- Perimeter security
- Building grounds security
- Building entrance security
- Building floors/office suites security
- Offices/data centers
- Equipment, supplies, and media security
Site Selection and SAPMA
- A detailed site selection process is crucial for physical security.
- SAPMA (Security Assessment for Protectively Marked Assets) evaluates security based on three key elements:
- Delay: Measures that slow down attackers (e.g., secure storage)
- Deter: Measures that discourage attackers (e.g., entry control)
- Detect: Measures that identify attacks (e.g., video surveillance)
Delaying Attacks
- Secure storage involves using containers and locks.
- Perimeter security includes fences and other barriers.
Deterrent Measures
- Entry control includes measures like visitor control and access oversight.
- Compliance checks, such as searches, can be a deterrent.
Controlled Access Points
- Gates and bollards provide controlled access points and deter vehicle intrusion.
Guards and Guard Stations
- Guards serve as deterrents but require motivation and attentiveness.
- Guard stations must offer visibility and access control.
Data Center Security
- Data center security includes:
- Constructing rooms with solid, fire-proof walls
- Implementing multi-factor access controls
- Posting access control lists
- Using CCTV for surveillance
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers essential aspects of cyber security strategy, focusing on security controls, major threats like crypto ransomware, and trends in ransomware families. It emphasizes the importance of developing a long-term plan to counter evolving cyber threats and outlines effective measures for addressing ransomware incidents.