Cybersecurity Fundamentals for Access Bank

Questions and Answers

What is the main purpose of password management?

To protect against unauthorized access to passwords by attackers. (correct)

To ensure that all passwords are easy to remember.

To guarantee the security of all passwords used for online services.

To limit the number of passwords a user needs to manage.

Which of the following is NOT a characteristic of a strong password?

It is at least 12 characters long.

It includes a mix of uppercase and lowercase letters, numbers, and symbols.

It is unique for each online account.

It is based on a common phrase or pattern. (correct)

What is the primary benefit of using a password manager?

It allows you to store all passwords in a single, secure location. (correct)

It prevents you from having to remember all your passwords.

It helps you to automatically create strong passwords.

It automatically fills in login credentials on websites.

How does two-step verification enhance security?

It adds an extra layer of authentication, requiring a code sent to a mobile device. (C)

What does the term "multi-vector attack" signify in the context of fifth-generation cyber attacks?

Attacks that target multiple points of entry simultaneously. (B)

What is the significance of the term "weapons-grade" hacking tools used in fifth-generation cyber attacks?

These tools are designed to be particularly destructive and difficult to detect. (D)

What is the primary implication of the rapid speed of fifth-generation cyber attacks?

They are able to spread quickly and infect a large number of systems within hours. (A)

Which of these are key benefits of installing software updates?

Enhanced data security (A), Improved system performance (B), Increased system functionality (C), Reduced risk of cyberattacks (D)

Why is testing software patches in a controlled environment before deployment essential?

To ensure the patches do not disrupt critical operations (D)

Which principle emphasizes the importance of having more than one person involved in a process to prevent fraud?

Separation of Duties (C)

What is the main purpose of an intrusion detection system (IDS)?

To monitor network traffic and system activities for suspicious behavior (D)

Which cybersecurity tool is primarily responsible for preventing sensitive data from leaving the network perimeter?

Data loss prevention (DLP) system (D)

What is the main objective of the "No Trust without Evidence" principle?

To establish a framework for verifying the reliability of systems and processes. (B)

Which principle is designed to minimize the potential impact of system failures or outages?

Fail Secure (A)

Which of these cybersecurity principles emphasizes the importance of regularly assessing systems and applications for vulnerabilities?

Regular Audits (C)

What is the primary role of an incident response plan in cybersecurity?

To provide a framework for responding to security incidents (A)

Which of the following is NOT a principle of cybersecurity?

User Authentication (D)

Which principle directly addresses the issue of unauthorized access to sensitive information?

Confidentiality (B)

What is the main function of a security awareness training program?

To educate employees on cybersecurity best practices (A)

Which of these statements is NOT a core principle of cybersecurity?

Using only the latest technology to ensure maximum security (C)

Which principle suggests the use of security measures throughout the entire software development life cycle?

Security as Overarching Design (B)

Which principle is particularly crucial in ensuring that security policies are consistent and effective across an organization?

Consistency (D)

Which principle directly addresses the importance of maintaining the accuracy and reliability of data?

Integrity (B)

When selecting third-party vendors, what should be prioritized over personal connections or incentives?

Quality of services (A)

What is the primary objective of ethical hacking and penetration testing in the banking sector?

To identify and fix vulnerabilities in digital systems (A)

Which of the following is NOT a benefit of whistleblower protection programs in the banking industry?

Increased risk of retaliation for whistleblowers (D)

What is the main role of responsible disclosure in the context of ethical hacking and penetration testing?

To provide a framework for reporting vulnerabilities to affected organizations (C)

Which of the following BEST describes the purpose of whistleblower protection in the banking industry?

To ensure that employees can freely report wrongdoing (B)

What is a primary reason for the importance of whistleblower protection in the banking sector?

To enhance the bank's reputation and trust with customers (B)

Which of the following is NOT a potential consequence of failing to establish a robust whistleblower protection program in the banking industry?

Reduced employee productivity and motivation (C)

What is the main implication of establishing whistleblower protection programs for the banking industry?

Creation of a more transparent and accountable financial system (B)

What is the primary objective of cybersecurity?

To protect data and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. (B)

What is the main reason why cybersecurity is crucial for banks?

To protect sensitive financial information and prevent fraud. (A)

Which of the following is NOT a key concept in cybersecurity?

Profitability (C)

What does the term "encryption" refer to in cybersecurity?

A process of transforming data into an unreadable format. (A)

What is the primary purpose of decryption in cybersecurity?

To convert encrypted data back into its original readable form. (D)

Which of the following is NOT a characteristic of fifth-generation cyber attacks?

Relying primarily on brute force techniques to gain access. (C)

What is the significance of cybersecurity in the context of financial services?

To safeguard sensitive financial data, protect customer privacy, and prevent financial crimes. (B)

What is the primary focus of "password management" in cybersecurity?

Storing passwords in a secure location. (B)

What is a "firewall" in the context of cybersecurity?

A software program that filters incoming and outgoing network traffic. (B)

Which of the following is a common characteristic of phishing attacks?

They typically involve requests for personal information. (C)

What is "multi-factor authentication" (MFA) in cybersecurity?

Requiring users to verify their identity through multiple independent factors. (D)

What is one of the major benefits of implementing multi-factor authentication (MFA)?

It reduces the risk of unauthorized access to accounts. (C)

Why is it important to be cautious about opening attachments in emails, especially from unknown senders?

Attachments can contain malware or viruses that can harm your device. (A)

What is the primary role of antivirus software in cybersecurity?

To identify, prevent, and remove malware infections. (C)

Why are firewalls considered an essential component of network security?

Firewalls prevent unauthorized access to the network by filtering incoming traffic. (B)

What is the primary principle of cybersecurity?

To ensure the confidentiality, integrity, and availability of information and systems. (A)

Why is it crucial to avoid conflicts of interest in cybersecurity?

Conflicts of interest can lead to biased decisions that compromise security. (A)

What is the primary purpose of a firewall?

To control access to and from a network (A)

Which type of firewall examines the contents of network packets?

Application-level firewall (A)

What is a key benefit of regular updates for antivirus software?

Enhanced protection against zero-day threats (C)

Which of the following is NOT a function of a firewall?

Updating malware definitions (C)

How do packet-filtering firewalls operate?

By examining the headers of network packets (B)

What is the primary function of antivirus software?

To detect and remove malicious software (B)

Which type of firewall operates at the application level?

Application-level firewall (B)

What is the main function of "intrusion detection" in modern firewalls?

Spotting and blocking malicious activities (A)

Flashcards

Fifth Generation Cyber Attacks

Large-scale cyber attacks using advanced multi-vector tools.

Multi-Vector Attacks

Attacks that target multiple entry points at once.

Password Management

Practices and tools for creating and managing passwords.

Strong Passwords

Complex passwords that are hard to guess or crack.

Two-Step Verification

An extra layer of security requiring two forms of identification.

Authentication

The process of verifying the identity of a user or system.

Phishing Awareness

Recognizing and avoiding deceptive attempts to access personal information.

Password Rotation

Regularly updating passwords to enhance security.

Software Updates

Important for security and functionality of systems.

Risk Mitigation

Reducing potential risks through strategies like patching vulnerabilities.

Regular Audits

Systematic reviews to identify areas needing updates or patches.

Timely Deployment

Applying patches quickly to prevent security vulnerabilities.

Intrusion Detection System (IDS)

Monitors for malicious activities on the network.

Intrusion Prevention System (IPS)

Blocks malicious traffic in real-time to protect networks.

Data Loss Prevention (DLP)

Prevents sensitive data from exiting the network perimeter.

Incident Response Plan

A structured approach for handling security incidents.

Firewall

A digital barrier that protects networks from unauthorized access.

Packet-filtering firewall

A firewall that examines packet headers to allow or block them.

Application-level firewall

A firewall that inspects the content of packets to determine access.

Malware

Malicious software designed to harm or exploit devices.

Antivirus software

Software that detects, prevents, and removes malware.

Malware detection

The process of scanning for known malware signatures and behaviors.

Regular scanning

Scheduled checks by antivirus to identify hidden threats.

Intrusion detection

A security measure that identifies and blocks suspicious activities.

Confidentiality

Ensures that data is kept private and shared only with authorized individuals.

Integrity

Ensures that data is authentic, accurate, and free from tampering.

Availability

Ensures systems and applications are functioning and accessible when needed.

Compliance

Involves adhering to cybersecurity policies to prevent cyberattacks.

Separation of Duties

Requires multiple individuals to complete critical tasks to prevent fraud.

Fail Secure

Establishes backup protections to safeguard systems during failures.

No Trust without Evidence

Measures trustworthiness through the validation of required evidence.

Least Privilege Basis

Gives individuals the minimal access needed to perform their tasks.

Third-Party Relationships

Partnerships with vendors based on quality service, not personal ties.

Ethical Hacking

Practices to identify and correct vulnerabilities in systems.

Penetration Testing

Simulated attacks to test system security and identify weaknesses.

Responsible Disclosure

Guidelines for reporting vulnerabilities to organizations ethically.

Whistleblower Protection

Legal safeguards for individuals reporting unethical acts without fear.

Fraud Detection

Uncovering financial misconduct through internal reports.

Regulatory Compliance

Adherence to laws requiring protective programs for whistleblowers.

Ethical Banking Culture

A work environment promoting integrity and the reporting of wrongdoings.

Cybersecurity

Protection of computer systems and networks from digital attacks.

Importance of Cybersecurity

Vital for protecting data integrity and privacy in financial services.

Cyber Threats

Potential attacks that can exploit vulnerabilities in systems.

Two-Factor Authentication

An extra layer of security requiring two forms of verification.

Phishing Attacks

Fraudulent attempts to obtain sensitive information via deception.

Data De-Identification

Removing personal identifiers from data to protect privacy.

Multi-Factor Authentication Benefits

Increases security by requiring multiple verification forms.

Red Flags in Phishing

Indicators that an email or message may be a phishing attempt.

Cybersecurity Principles

Guidelines to protect data and systems effectively.

Email Security Tips

Best practices to safeguard email accounts against threats.

Study Notes

Learning Outcomes

• Students will understand the importance of cybersecurity to Access Bank.
• Students will identify cybersecurity threats in work and personal environments.
• Students will have an understanding of preventive measures to counter security vulnerabilities.
• Students will understand how to apply cybersecurity principles in work environments.

Course Outline

• Module 1: Understanding the fundamentals of Cybersecurity.
• Module 2: Password Management & Authentication.
• Module 3: Email & Social Engineering.
• Module 4: Types of cybersecurity tools.
• Module 5: Principles of Cybersecurity.
• Module 6: Ethical Considerations.

Module 1: Understanding Cybersecurity Fundamentals

• Cybersecurity is the practice and science of protecting applications, networks, and data from unauthorized access, attacks, or criminal use.
• Key concepts in cybersecurity include Confidentiality, Integrity, and Availability (CIA Triad).
• Cybersecurity has evolved through different generations, from traditional perimeter defenses to advanced multi-vector attacks (5th generation).
• Biggest moments in recent cybersecurity history (2020) can be analyzed in terms of danger, cost, and reputational impact, offering lessons about cybercrime.
• Encryption and decryption mechanisms convert data into an unreadable format, protecting data in transit and at rest.

Module 2: Password Management and Authentication

• Password management comprises of various practices, including creation, storage, retrieval, rotation, and policy enforcement.
• Best practices include using strong, unique passwords and avoiding common words.
• Authentication verifies the identity of a user, system, or service. This is categorized as something the user knows, has, or is.
• Multi-Factor Authentication (MFA) adds an extra layer of security by requiring two or more forms of verification.

Module 3: Email and Social Engineering

• Phishing is a cyberattack where attackers send fraudulent messages to trick victims into revealing sensitive information.
• Red flags in phishing attacks include poor grammar/spelling, urgent/threatening language, unfamiliar senders, and inappropriate URLs.
• Email security tips include using strong passwords, enabling two-factor authentication, using email encryption, avoiding public Wi-Fi, and not opening attachments from unknown senders.

Module 4: Cybersecurity Tools

• This module explores essential cybersecurity tools crucial for safeguarding organizational digital assets.
• Firewalls act as digital barriers, examining network traffic to allow or block it.
• Antivirus Software identifies and removes malicious software from systems.
• Antivirus software scans files and processes in real-time, identifies malware, and prevents infections through suspicious files/websites.
• Necessary software must be kept up to date, with regular updates to antivirus software being crucial to maintaining a robust security posture.

Module 5: Cybersecurity Principles

• Cybersecurity principles guide organizations in protecting their systems and data. These principles include confidentiality, integrity, and availability, as well as compliance, simplicity, and secure by default practices.
• Confidentiality involves keeping data secret.
• Integrity ensures data is trustworthy and accurate.
• Availability ensures data and systems are accessible when needed.

Module 6: Ethical Considerations in Cybersecurity

• Ethical considerations, especially in the banking industry, are paramount.
• Ethical principles concerning data confidentiality and privacy include informed consent, data minimization, data security and encryption, transparency and accountability, respect for privacy laws, handling data breaches and responsible disclosure.
• Cybersecurity issues, such as conflict of interest and whistleblower protection, are covered.
• Whistleblower protection safeguards individuals reporting wrongdoing within an organization.

Description

This quiz covers the essential principles of cybersecurity as applicable to Access Bank. It will help students recognize potential cybersecurity threats, understand preventive measures, and apply foundational cybersecurity knowledge in their work environments.