Cybersecurity Best Practices

Questions and Answers

What is the primary purpose of a hardware firewall?

• To filter packets based on a set of rules (correct)
• To provide comprehensive backup plans for the organization
• To configure watching for specific types of activities
• To intercept packets as they arrive to a computer

What is the goal of an email phishing attack?

• To capture the user's ID and password (correct)
• To install a firewall on the user's computer
• To conduct a comprehensive backup of the user's data
• To install an intrusion detection system on the user's computer

What is the primary function of an Intrusion Detection System (IDS)?

• To provide comprehensive backup plans for the organization
• To identify if the network is being attacked (correct)
• To add additional security to the network
• To filter packets based on a set of rules

Why is it important to back up individual computers used throughout the organization?

To ensure that all data is preserved in case of a system failure (A)

What is the purpose of training employees not to give away passwords?

To prevent cheating a security person (B)

What is the primary purpose of a VPN in an organization?

To allow employees to access internal resources from outside the corporate network (D)

What is the primary goal of a good information-security policy?

To provide guidelines for employee use of information resources and recourse in case of policy violation (D)

What is a potential consequence of implementing overly restrictive security measures?

Employees will find ways to bypass the security measures (B)

What is an essential aspect of physical security?

Protecting the actual hardware and networking components (A)

What is a recommended practice for personal information security?

Making passwords long, strong, and unique (B)

Flashcards

Employee Password Training

A security measure that trains employees to avoid sharing their passwords, preventing unauthorized access and potentially reducing security risks. It is crucial for organizations to prevent employees from giving away their login credentials to others, including security personnel, to avoid unauthorized access and data breaches.

Email Phishing

A type of online attack where users receive emails disguised as legitimate messages from trusted sources like banks or employers, leading them to click links that take them to fake websites designed to steal their login credentials.

Comprehensive Backup Plan

A crucial plan for every organization that ensures data is regularly backed up on both corporate servers and individual computers, protecting against data loss in case of disasters or technical failures.

Firewall

A technology that safeguards networks by filtering incoming and outgoing data packets based on a set of predefined rules, preventing unauthorized access and malicious activities.

Intrusion Detection System (IDS)

A security device that monitors network activity for potential attacks and alerts security personnel if suspicious behavior is detected. It doesn't prevent attacks but provides early warning of potential breaches.

Virtual Private Network (VPN)

A secure connection that allows users outside a company's network to access internal resources safely. It creates a virtual tunnel through a firewall, ensuring data privacy and protection.

Physical Security

The physical protection of hardware and networking components responsible for storing and transmitting information. This includes measures such as locked doors, cameras, and environmental controls to safeguard against unauthorized access.

Security Policies

A set of rules that guide employee behavior in using company resources and provides a framework for handling security breaches and violations. These policies balance security needs with the need for effective resource utilization.

Personal Information Security

A proactive approach to personal cybersecurity that includes keeping software updated, installing antivirus software, being cautious about online connections, backing up data regularly, using two-factor authentication, creating strong passwords, and avoiding suspicious links and attachments.

Two-Factor Authentication

A security measure that involves requiring users to provide two forms of authentication, typically a password and a one-time code from a mobile device, to gain access to an account. This enhances security by adding an extra layer of protection against unauthorized access.

Study Notes

Security Measures

• Train employees to avoid giving away passwords to prevent cheating by security personnel.

Email Phishing

• Phishing occurs when a user receives an email that appears to be from a trusted source, such as a bank or employer.
• The user is asked to click a link and log in to a fake website that mimics the genuine website.
• The user's ID and password are then captured by the attacker.

Backups

• A comprehensive backup plan is essential for the entire organization.
• Data on corporate servers and individual computers should be backed up regularly.

Firewalls

• Firewalls can exist as hardware or software (or both).
• A hardware firewall is a device that filters packets based on a set of rules.
• A software firewall runs on the operating system and intercepts packets as they arrive.
• Firewalls protect all company servers and computers by stopping packets from outside the organization's network that do not meet a strict set of criteria.

Intrusion Detection Systems (IDS)

• IDS is a device that can be placed on the network for security purposes.
• IDS does not add any additional security, but instead, identifies if the network is being attacked.
• IDS can be configured to watch for specific types of activities and alert security personnel if that activity occurs.

Virtual Private Network (VPN)

• VPN allows users outside of a corporate network to access internal resources by taking a detour around the firewall.
• VPN uses firewalls and other security technologies to make internal resources invisible to the outside world.

Physical Security

• Physical security is the protection of the actual hardware and networking components that store and transmit information resources.
• Measures include locked doors, physical intrusion detection (cameras), and environmental monitoring (temperature, humidity, and airflow).
• Employee training is also essential for physical security.

Security Policies

• A good information-security policy lays out guidelines for employee use of company resources and provides recourse in case of policy violations.
• Policies must balance the need for security with users' need to access and use resources effectively.

Personal Information Security

• Keep software up to date.
• Install and update antivirus software regularly.
• Be cautious when making connections.
• Backup data regularly.
• Use two-factor authentication to secure accounts.
• Use long, strong, and unique passwords.
• Be suspicious of strange links and attachments.

Description

This quiz covers cybersecurity best practices, including training employees to keep passwords secure, recognizing email phishing scams, and creating comprehensive backup plans for organizations.