Cybersecurity Fundamentals: Attackers

Questions and Answers

What are the three essential components a malicious attacker needs to succeed?

• Knowledge, strategy, and timing
• Method, opportunity, and motive (correct)
• Technology, access, and information
• Resources, secrecy, and stealth

Which of the following describes the principle of confidentiality in computer security?

• Data is incorrect and needs verification
• Data should be modified fairly and transparently
• Data is only accessible to authorized users (correct)
• Data can be viewed by anyone with Internet access

In computer security, which term refers to the ability of a system to ensure that an asset can be used by authorized parties?

• Integrity
• Confidentiality
• Authentication
• Availability (correct)

What does it mean to mitigate a threat in the context of computer security?

To make the impact of an attack less severe (B)

Which type of control is specifically mentioned as being tangible in nature?

Physical controls (D)

Which method involves making an attack harder but not impossible?

Deter (C)

An attacker who wishes to change data without authorization is specifically violating which security principle?

Integrity (B)

Which of the following options describes the action of deflecting a threat?

Making another target more attractive for attack (D)

What is the primary focus of computer security?

Protecting computer assets from loss or harm (C)

Which of the following best defines a vulnerability in a computing system?

A weakness in the system that can be exploited (B)

What differentiates an advanced persistent threat (APT) from other threats?

It remains undetected for an extended period (D)

What is an example of a data disclosure threat?

Sending sensitive information to the wrong recipient (A)

What characterizes an insider threat?

A person with authorized access who can harm the organization (C)

Which type of threat focuses on making unauthorized changes to information?

Alteration threat (A)

Sabotage threats can include which of the following actions?

Deliberate damage to facilities or IT procedures (A)

The term 'threat' in the context of computer security refers to which of the following?

Set of circumstances that can cause loss or harm (C)

Flashcards

Vulnerability

A flaw or weakness in a system, procedure, or implementation that could be exploited by an attacker to cause harm or loss.

Threat

A situation or entity with the potential to cause harm to a computer system.

Insider Threat

An individual granted access to an organization's resources who intentionally abuses their privileges for malicious purposes.

Advanced Persistent Threat (APT)

A persistent, stealthy, and often state-sponsored group that infiltrates networks, remaining undetected for extended periods with specific objectives.

Data Disclosure Threat

The unauthorized sharing of sensitive information, often due to human error. Examples include sending confidential emails to the wrong recipient or mishandling data.

Alteration Threat

Unauthorized modifications to data or systems.

Sabotage Threat

Intentional actions to damage an organization's infrastructure, either physically or virtually. This can include neglect of maintenance and IT procedures.

Harm

Negative consequences that occur when a threat successfully exploits a vulnerability, resulting in harm to valuable assets.

Computer Security

The goal of protecting computer assets, including hardware, software, and data, from unauthorized access, modification, and disruption. It encompasses three key objectives: confidentiality, integrity, and availability.

Controls (Protection Measures)

Measures implemented to block threats from exploiting vulnerabilities.

Prevent

Prevents an attack or removes vulnerabilities to avoid a successful attack.

Deter

Increases the difficulty for attackers but doesn't entirely stop them, aiming to discourage attacks.

Deflect

Diverts an attacker's attention to a less valuable or more vulnerable target.

Mitigate

Reduces the impact of a successful attack, lessening the severity of the damage.

Detect

Identifies attacks as they happen or after the fact.

Recover

Restores systems and operations to a functional state after an attack.

Study Notes

Attackers and Attacks

• A human or system can launch an attack by exploiting a vulnerability.
• Success of a malicious attack relies on three components: method, opportunity, and motive.
• If any component is denied, the attack will likely fail.

Security Goals

• Confidentiality: Protects sensitive data to ensure only authorized access.
• Integrity: Ensures that data is modified only by authorized personnel or processes, maintaining precision and accuracy.
• Availability: Guarantees that authorized users can access the data when needed.

Computer Security

• The primary aim is to safeguard computer assets: hardware, software, and data.
• Prevents unauthorized data access (confidentiality) and modification (integrity) while ensuring availability.

Controls (Protection Measures)

• Controls or countermeasures block threats from exploiting vulnerabilities.
• Methods to address threats include:
  • Prevent: Block the attack or eliminate vulnerabilities.
  • Deter: Increase difficulty for attackers but not entirely prevent.
  • Deflect: Divert attention to a different, less secure target.
  • Mitigate: Reduce the impact of a successful attack.
  • Detect: Identify attacks as they occur or afterward.
  • Recover: Restore operations after an attack.

Types of Control

• Physical Controls: Utilize tangible methods to thwart attacks.

Vulnerabilities

• Vulnerabilities are weaknesses in systems—procedures, design, or implementation—that could lead to harm or loss.

Threats

• A threat represents a situation with the potential to cause harm to a computing system.
• Understanding threats involves recognizing:
  • The possible negative events affecting assets.
  • The individuals or factors that could contribute to these events.

Insider Threats

• An insider is anyone granted access or knowledge of an organization's resources.
• Insider threats arise when an authorized individual exploits their access for malicious purposes.

Advanced Persistent Threats (APTs)

• APTs are stealthy, often state-sponsored groups that infiltrate networks, remaining undetected for extended periods with specific objectives.

Data Disclosure Threat

• This threat involves unauthorized sharing of sensitive information, often due to human error, such as misdirected emails or improper data handling.

Alteration and Sabotage Threats

• Alteration Threat: Focused on unauthorized modifications of information or systems.
• Sabotage Threat: Involves deliberate actions to damage an organization's infrastructure, either physically or virtually, including neglect of maintenance and IT procedures.

Harm

• Harm is the negative outcome resulting from an actualized threat affecting valuable assets.

Description

This quiz explores the key concepts surrounding attackers in cybersecurity. Understand the requirements for a successful attack and the critical security goals of confidentiality and integrity. Test your knowledge on how vulnerabilities can be exploited and how to mitigate these risks.