Cybersecurity Best Practices

Questions and Answers

What is the primary purpose of a hardware firewall?

To filter packets based on a set of rules

What is the goal of an email phishing attack?

To capture the user's ID and password

What is the primary function of an Intrusion Detection System (IDS)?

To identify if the network is being attacked

Why is it important to back up individual computers used throughout the organization?

To ensure that all data is preserved in case of a system failure

What is the purpose of training employees not to give away passwords?

To prevent cheating a security person

What is the primary purpose of a VPN in an organization?

To allow employees to access internal resources from outside the corporate network

What is the primary goal of a good information-security policy?

To provide guidelines for employee use of information resources and recourse in case of policy violation

What is a potential consequence of implementing overly restrictive security measures?

Employees will find ways to bypass the security measures

What is an essential aspect of physical security?

Protecting the actual hardware and networking components

What is a recommended practice for personal information security?

Making passwords long, strong, and unique

Study Notes

Security Measures

• Train employees to avoid giving away passwords to prevent cheating by security personnel.

Email Phishing

• Phishing occurs when a user receives an email that appears to be from a trusted source, such as a bank or employer.
• The user is asked to click a link and log in to a fake website that mimics the genuine website.
• The user's ID and password are then captured by the attacker.

Backups

• A comprehensive backup plan is essential for the entire organization.
• Data on corporate servers and individual computers should be backed up regularly.

Firewalls

• Firewalls can exist as hardware or software (or both).
• A hardware firewall is a device that filters packets based on a set of rules.
• A software firewall runs on the operating system and intercepts packets as they arrive.
• Firewalls protect all company servers and computers by stopping packets from outside the organization's network that do not meet a strict set of criteria.

Intrusion Detection Systems (IDS)

• IDS is a device that can be placed on the network for security purposes.
• IDS does not add any additional security, but instead, identifies if the network is being attacked.
• IDS can be configured to watch for specific types of activities and alert security personnel if that activity occurs.

Virtual Private Network (VPN)

• VPN allows users outside of a corporate network to access internal resources by taking a detour around the firewall.
• VPN uses firewalls and other security technologies to make internal resources invisible to the outside world.

Physical Security

• Physical security is the protection of the actual hardware and networking components that store and transmit information resources.
• Measures include locked doors, physical intrusion detection (cameras), and environmental monitoring (temperature, humidity, and airflow).
• Employee training is also essential for physical security.

Security Policies

• A good information-security policy lays out guidelines for employee use of company resources and provides recourse in case of policy violations.
• Policies must balance the need for security with users' need to access and use resources effectively.

Personal Information Security

• Keep software up to date.
• Install and update antivirus software regularly.
• Be cautious when making connections.
• Backup data regularly.
• Use two-factor authentication to secure accounts.
• Use long, strong, and unique passwords.
• Be suspicious of strange links and attachments.

Description

This quiz covers cybersecurity best practices, including training employees to keep passwords secure, recognizing email phishing scams, and creating comprehensive backup plans for organizations.