Cybersecurity Fundamentals Week 02

Questions and Answers

What is one of the primary objectives of cybersecurity?

• To redesign software for aesthetics
• To protect information systems and networks (correct)
• To eliminate all forms of hacking
• To create new technology for entertainment purposes

Which of the following is NOT considered a critical infrastructure sector?

• Energy supply
• Healthcare services
• Agricultural marketing (correct)
• Transportation systems

What is the potential impact of cybercrime on a global scale?

• A decrease in software usage
• Increasing operational costs (correct)
• Upper hand in international relations
• Minimal economic effects

Which type of threat involves impersonating another user to gain unauthorized access?

Spoofing (D)

Which of the following describes a vulnerability in cybersecurity?

A weak point in a system that can be exploited (C)

What is the purpose of threat intelligence in cybersecurity?

To identify and manage potential threats (C)

Which method is often used for evaluating software security?

Penetration testing and vulnerability assessments (D)

Which one of the following is an emerging trend in cybersecurity?

Increased automation of security processes (B)

What should organizations consider as key areas to invest in for cybersecurity?

Employee training and awareness (D)

Which of the following best explains the cost of cybersecurity?

It includes ongoing operational costs and investments (D)

What does tampering primarily aim to compromise?

Integrity of persistent data (D)

What type of attack is characterized by attempting to deny access to valid users?

Denial of Service (DoS) (A)

Which of the following is a primary objective of social engineering attacks?

Unauthorized access through deception (D)

What is a common goal of information disclosure attacks?

Reading unauthorized files or data (D)

Which type of attack is specifically designed to exploit vulnerabilities in application software?

Cross-site scripting (XSS) (D)

Which threat action involves performing operations without a traceable record?

Repudiation (D)

What is the primary focus of denial of service (DoS) attacks?

Making services unavailable to users (A)

What does elevation of privilege intend to achieve?

Access resources with higher permissions (C)

Which is NOT a form of malware as mentioned in the types of attacks?

Spam (C)

What type of action involves reading data during its transit between two computers?

Information disclosure (B)

Flashcards

Cybersecurity

Protecting computer systems and networks from theft, damage, or unauthorized access.

Cybersecurity Objectives

Goals for protecting systems and data, such as confidentiality, integrity, and availability.

Critical Infrastructure

Essential services like power grids, water systems, and transportation networks.

Cost of Cybersecurity breaches

Financial damage resulting from attacks on computer systems.

Vulnerabilities

Weaknesses in computer systems that attackers can exploit.

Threat Modeling (STRIDE)

A structured method for identifying and analyzing potential threats to a system.

Spoofing

Tricking someone into giving up sensitive information, often by mimicking a trusted entity.

Threat Intelligence

Gaining knowledge of current or future threats.

Software Security

Ensuring that software applications are secure from exploits.

National Vulnerability Database

A publicly accessible database of known cybersecurity vulnerabilities.

Tampering

A threat action that maliciously changes or modifies persistent data, like database records or data in transit.

Repudiation

A threat action aimed at performing prohibited operations in a system where actions can't be traced.

Information Disclosure

A threat action to read data not authorized to be accessed, in a file or in transit.

Denial of Service

A threat action that attempts to block access to valid users, like a server going down.

Elevation of Privilege

A threat action to gain higher access rights to resources for unauthorized access or system compromise.

Social Engineering

Attacks that use human interaction to manipulate individuals into taking action that violates security.

Phishing

A social engineering technique using deceptive emails or messages to steal information.

Cross-site Scripting (XSS)

A software vulnerability where malicious scripts are injected into legitimate websites.

Denial of Service (DoS)

Attacking a system to prevent legitimate users from accessing it.

Virus

Malicious software that replicates itself and spreads to other systems.

Study Notes

Course Information

• Course name: Cybersecurity Fundamentals
• Course code: CSC 1029

Objectives

• Understand what cybersecurity is and its importance
• Understand what is being protected from attackers
• Understand lessons learned from historical and current events, and emerging trends

Agenda: Week 02

• What is Cybersecurity and Types of Attacks
• Cybersecurity Objectives
• What are we protecting?
• Cost of Cybersecurity
• Your Next Move: Software Developer Vulnerabilities
• Threat Model: STRIDE
• Types of Attacks
• Importance of Software Security
• TODO and Resources for Help

What is Cybersecurity?

• Read CompTIA article: https://www.comptia.org/content/articles/what-is-cybersecurity
• Watch YouTube video: https://www.youtube.com/embed/inWWhr5tnEA

Objectives of Cybersecurity

• Read CompTIA resource: State of Cybersecurity for 2024 Market Overview through to Policy https://www.comptia.org/content/research/cybersecurity-trends-research
• Consider top objectives for Cybersecurity

What are we Protecting?

• Review 16 Critical Infrastructure Sectors https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors

Cost of Cybersecurity

• Estimated global cost of cybercrime in 2021: $6.1 trillion (Source: Cybersecurity Ventures)
• Estimated global spending on cybersecurity in 2022: $172.5 billion (Source: Gartner)
• U.S. job openings requesting cybersecurity-related skills: 714,548 (Source: CyberSeek)

Vulnerabilities

• Review the National Vulnerability Database https://nvd.nist.gov/
• Review visualizations https://nvd.nist.gov/general/visualizations/vulnerabilities/cwe-over-time

Threat Model: STRIDE

• Spoofing
• Tampering
• Repudiation
• Information disclosure
• Denial of service
• Elevation of privilege
• Associated Security Controls

Threat Intelligence

• Read CompTIA blog post: Threat Modeling and Cyber Threat Intelligence: Anticipating the Next Hit https://www.comptia.org/blog/threat-modeling-and-cyber-threat-intelligence

Types of Attacks

• Social engineering attacks (e.g., organization penetration, IT infrastructure exploration, phishing, spam, spoofing, man in the middle)
• Attacks against application software (e.g., Cross-site scripting (XSS), Buffer overflows, SQL code injection, Time/logic bombs, Back door)
• Attacks against supporting infrastructure (e.g., Denial of Service (DoS), Virus, Worm, Trojans, Spyware, Adware)
• Physical attacks (e.g., External drives & Flash Sticks, Bringing down the system, Stealing hardware)

Cybersecurity Principles

• Complete the interactive lesson

Recent Cyber Attacks

• MGM Casino Cyber Attack September 2023 https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/

Pre-work Grade

• Post weekly discussion question and research solution to D2L
• Complete Week 02 Content Module in D2L to 100%

### Help and Support

• Student Office Hours (by Appointment/Drop-in)
• Email: [email protected]
• RRCC On Campus Tutoring: https://www.rrcc.edu/learning-commons/tutoring
• 24/7 Online Tutoring: D2L > Content > Resources for Help

Description

Dive into the essentials of cybersecurity in this Week 02 quiz. Explore the significance of cybersecurity, the types of attacks, and what we aim to protect. Understand software developer vulnerabilities and the importance of security measures in safeguarding information.