Cyber Security Strategy and Ransomware Overview

Questions and Answers

What is the primary purpose of a Cyber Security Strategy?

To identify potential risks only once a year

To implement physical security measures

To create a detailed manual for users

To outline how to secure assets over the next three to five years (correct)

What are security controls primarily used for?

To create encryption algorithms

To replace the need for cybersecurity training

To reduce the chances of threats exploiting vulnerabilities (correct)

To exploit vulnerabilities effectively

Which of the following describes Crypto Ransomware?

Malware that restricts access and demands a ransom for removal (correct)

An application that enhances system access for administrators

Malware that deletes files without user interaction

Software that protects against phishing attempts

What is the recommended lifespan for updating a Cyber Security Strategy?

Every three to five years, or sooner if needed

What is NOT a typical feature of Cyber Security Controls?

Safeguards that enhance system performance

What is the main purpose of a cybersecurity framework?

To manage risks in the digital world

Which of the following statements about security and safety is true?

Safety focuses on human life, while security focuses on material protection

What is the first requirement in physical security?

Ensuring life safety

According to Bruce Schneier, what is the misconception about technology in security?

Technology alone can solve all security issues

What aspect of cybersecurity strategies is highlighted as essential?

To match objectives with proper security controls

What does the term 'event' refer to in the context of safety systems?

Any scenario that can affect safety and security

What is NOT a focus of security systems?

Facilitating customer service

Which of the following is a goal of physical security?

To ensure the continuity of business operations

What are the three primary elements of the SAPMA framework?

Delay, Deter, Detect

Which of the following is NOT a purpose of building entry point locks?

To prevent honest people from entry

What type of physical control allows for biometric identification?

Card access controls

Which of the following is a disadvantage of conventional locks?

They can be easily picked or duplicated

Why should the number of gates in security areas be minimized?

To simplify security management

What is the main purpose of using bollards in security?

To block vehicle access to buildings

What characteristic should guard stations in high threat environments possess?

Bulletproof walls, doors, or windows

What measures should be included in data center access control policies?

Posted control lists indicating allowed personnel

What is a common characteristic of a botnet?

A network of infected computers controlled by a single entity.

Which of the following is NOT a type of ransomware mentioned?

CryptoProbe

Which method is commonly used by cybercriminals to hide their command and control servers?

Using encryption techniques.

What is the primary purpose of phishing emails?

To trick recipients into providing sensitive information.

Which of these ransomware variants has the distinguished characteristic of being Ransomware as a Service (RaaS)?

Encryptor RaaS

What distinguishes drive-by downloads from other forms of malware delivery?

They automatically install malware through web browsing without user consent.

Which of the following is an example of a legitimate website that could host malicious code?

Any reputable online store.

What is a common way ransomware demands payment from victims?

By directing victims to cryptocurrency payment methods.

How are malicious apps typically spread to users?

By users willingly downloading them without caution.

What does the existence of numerous crypto-ransomware families indicate about the threat landscape?

There is a significant increase in cybercriminal activity and innovation.

Which of the following is considered a human-made threat to physical security?

Terrorist attacks

What is the primary purpose of the CPNI?

To provide advice on reducing vulnerability to threats

Which of the following is NOT a component of a layered defense model?

Security personnel training

Which of the following factors should be considered in a detailed site selection process?

Neighborhood crime rates

Which of the following primarily deals with chemical, biological, and radiological threats?

CBR

What is a major concern when planning for natural disaster threats to physical security?

Historical weather patterns

In the context of physical security, what does having a plan primarily involve?

Emergency preparedness and protocol

Which of the following is an example of a utility system threat?

Power outage

Study Notes

Cyber Security Strategy

• A cyber security strategy is a high-level plan to secure assets over three to five years.
• The plan should be updated sooner than three years as technology and cyber threats evolve quickly.

Cyber Security Controls

• Security controls are countermeasures that reduce the risk of threats exploiting vulnerabilities.
• Controls help with developing and implementing a cyber security strategy.

Top Security Threats

• Crypto ransomware is malware that restricts access to infected systems and demands payment for removal.
• Examples of ransomware tactics include encrypting personal files, locking system access, and overloading system resources.

Crypto Ransomware Families

• Many ransomware families have emerged over time, including notable ones like WannaCry, BadRabbit, LockDroid, KeRanger, and CryptoApp.
• The number of crypto-ransomware families has increased from 2005 to 2017.

Addressing Ransomware

• The decision to pay a ransom is complex and debated.
• Security controls can help prevent ransomware attacks, such as:
  • Regularly backing up critical data
  • Maintaining updated software and patches
  • Implementing strong passwords
  • Training users to identify and avoid phishing scams

Cyber Security Framework

• A cyber security framework is a system of standards, guidelines, and best practices for managing digital risks.
• Implementing security controls aligns with cyber security strategy objectives, like preventing unauthorized access.

Physical Security

• Physical security refers to the measures taken to protect physical assets and people from threats.
• It prioritizes life safety over facility safety in emergency situations.

Threats to Physical Security

• Physical security threats include:
  • Natural disasters (earthquakes, floods, storms, fires)
  • Utility system failures (communication and power outages)
  • Human-made events (explosions, vandalism, theft, terrorist attacks, riots)

CPNI (Centre for the Protection of National Infrastructure)

• CPNI is a UK government authority that provides security advice to national infrastructure organizations.
• Their mission is to reduce vulnerability to terrorism and other threats.
• CPNI offers free advice to industry, including:
  • General security advice
  • Physical security guidelines
  • Personnel security
  • Cyber security

CBR (Chemical, Biological and Radiological Defence)

• CBR focuses on defense against chemical, biological, and radiological threats.
• It involves implementing measures like:
  • Filter air conditioning systems
  • Planning for quick shutdown of systems that spread airborne hazards
  • Ensuring doors and windows can be closed quickly
  • Having a well-defined plan for response

A Layered Defense Model

• A layered defense model involves multiple layers of physical security controls to protect assets:
  • Perimeter security
  • Building grounds security
  • Building entrance security
  • Building floors/office suites security
  • Offices/data centers
  • Equipment, supplies, and media security

Site Selection and SAPMA

• A detailed site selection process is crucial for physical security.
• SAPMA (Security Assessment for Protectively Marked Assets) evaluates security based on three key elements:
  • Delay: Measures that slow down attackers (e.g., secure storage)
  • Deter: Measures that discourage attackers (e.g., entry control)
  • Detect: Measures that identify attacks (e.g., video surveillance)

Delaying Attacks

• Secure storage involves using containers and locks.
• Perimeter security includes fences and other barriers.

Deterrent Measures

• Entry control includes measures like visitor control and access oversight.
• Compliance checks, such as searches, can be a deterrent.

Controlled Access Points

• Gates and bollards provide controlled access points and deter vehicle intrusion.

Guards and Guard Stations

• Guards serve as deterrents but require motivation and attentiveness.
• Guard stations must offer visibility and access control.

Data Center Security

• Data center security includes:
  • Constructing rooms with solid, fire-proof walls
  • Implementing multi-factor access controls
  • Posting access control lists
  • Using CCTV for surveillance

Description

This quiz covers essential aspects of cyber security strategy, focusing on security controls, major threats like crypto ransomware, and trends in ransomware families. It emphasizes the importance of developing a long-term plan to counter evolving cyber threats and outlines effective measures for addressing ransomware incidents.