Cybersecurity Overview and Preventive Controls

Questions and Answers

What is primarily concerned with the confidentiality, integrity, and availability of IT resources?

Network Architecture

Data Management

Cybersecurity (correct)

Cloud Computing

Which of the following is considered a preventive security control?

Incident response teams

Training and culture (correct)

Intrusion detection systems

Log analysis

Which statement about insider threats is accurate?

They typically originate from external hackers.

They are easily detected by external security measures.

They are the primary source of cybersecurity breaches.

They pose a unique and often overlooked risk. (correct)

What kind of technology does Spotify use to translate podcasts into different languages?

Realistic synthetic voices

According to studies mentioned, what is a skill that can improve through practice?

Detecting AI-generated content

Which of the following is NOT a category under security controls?

Responsive Controls

What type of threat does malware represent?

Technical threat

What role does management play in creating a culture of security?

It helps by setting the organization's funding and communication policies.

What is a significant reason for organizations to monitor encryption algorithms?

To guard against data breaches occurring due to outdated algorithms.

What is the primary purpose of a Virtual Private Network (VPN)?

To encrypt data traveling between two networks over the internet.

Which of the following is an example of a detective control?

Log Analysis for identifying possible attacks.

What is the first step in the incident response process?

Recognition.

What role does a Computer Incident Response Team (CIRT) serve?

Managing organizational incidents and responses.

What technique do VPNs typically employ to ensure the confidentiality of data?

Encryption.

Which of the following incidents is categorized as a technical incident?

A network intrusion.

Which of the following is NOT a goal of incident response?

To ensure maximum data loss.

What is a significant advantage of using single sign-on for authentication?

Reduces time spent logging into multiple applications.

Which of the following is considered a disadvantage of employee training and awareness regarding password management?

It requires frequent communication which may be ignored.

What is the primary purpose of imposing complexity requirements for passwords?

To eliminate highly simple passwords.

Regular password expiry can be beneficial because it makes accounts less susceptible to attacks, but it also has a downside. What is one of these downsides?

Promotes writing down passwords for memory aid.

What does the principle of least privilege dictate in the context of authorization?

Access should only be granted for necessary functions.

What is included in proactive detection methods during incident response?

Antivirus and vulnerability scanning

Which of the following is a component of the containment phase in incident response?

Assigning incidents based on team member availability

Which of the following is a pro of using regular password expiry?

It decreases the likelihood of an account being compromised.

What is a common negative outcome resulting from complexity requirements for passwords?

Users may opt for passwords that only meet the minimum standards.

Which response step involves analyzing logs and researching mitigation strategies?

Technical response

Which control type does single sign-on primarily represent?

Preventive

What is an essential task performed during the recovery phase?

Deploying patches

What metric could be used to measure the effectiveness of incident response?

Total number of reported incidents

What includes legal responses in incident management?

Investigation and consideration of regulatory issues

Which of the following indicates follow-up activities in incident response?

Evaluating response speed and effectiveness

What is a primary goal of incident recovery?

Getting systems back online and functional

What is an important aspect to consider when designing and implementing security controls?

Input from a variety of business and technology stakeholders is essential.

Which of the following resources focuses specifically on cybersecurity news and updates?

http://krebsonsecurity.com/

Which of the following best describes the practice of restricting user access to specific tasks?

Authorization

What advantage does a VPN provide when compared to a privately owned network?

Functionality of a privately owned network using the Internet.

When configuring a VPN, which of the following is a disadvantage mentioned?

Reconfiguring VPNs can be costlier than physical networks.

Which online resource specializes in security news and insights?

http://www.darkreading.com/

What is the primary focus of the recommended AFM 347 course?

Cybersecurity

Which of the following resources would you consult for official US cybersecurity policies and alerts?

https://www.us-cert.gov/

Study Notes

Recap of Last Class

• Cybersecurity focuses on confidentiality, integrity, and availability of IT resources.
• Security threats include malware, DDOS, and social engineering; they can harm organization reputation and financial stability.
• Insider threats are often underestimated.

Security Lifecycle

• Security is a management issue; it involves risk assessment and mitigation.
• Preventive Controls: Includes culture, training, authentication, authorization, IT solutions (e.g., firewalls, encryption), and environmental security.
• Detective Controls: Encompasses log analysis and intrusion detection systems.
• Response: Managed by Computer Incident Response Teams (CIRT).

Preventive Controls Overview

• People: Establishing a culture of security starts with management support and funding.
• Single Sign-On: Streamlines login processes, enhancing user experience but presents a single point of failure.
• Employee Training: Promotes good password hygiene but risks being overlooked if excessive.
• Complexity Requirements: Ensures password strength but may encourage minimal compliance.

Password Management

• Regular password expiry reduces risks but can lead to predictable password patterns and increased reliance on notes.

Authorization Principles

• Authorization specifies access levels to information resources, adhering to the principle of least privilege to minimize risk.
• Monitoring encryption standards is crucial following incidents, such as the TJX breach which resulted in 94 million stolen credit cards.

Virtual Private Networks (VPN)

• VPNs encrypt data between networks, offering secure connections without high infrastructure costs.
• They require user authentication and maintain data integrity through hashing.

Detective Controls

• Log analysis helps identify potential cyber threats by examining system logs.
• Intrusion Detection Systems monitor approved network traffic for signs of breaches.

Incident Response Framework

• Recognition: Unusual activity detection through proactive and reactive methods.
• Containment: Stops incidents and mitigates damages through sorting and immediate response actions.
• Recovery: Involves eradicating threats, applying patches, and restoring data from backups.
• Follow-up: Analysis post-incident to assess response effectiveness and necessary policy changes.

Measuring Incident Response Effectiveness

• Metrics include the number of reported/detected incidents and average response times, aiding management in understanding incident management capabilities.

Additional Resources

• Websites such as krebsonsecurity.com and infosecurity-magazine.com provide further information on cybersecurity.
• Consider enrolling in related courses such as AFM 347 for deeper knowledge.

Sample Quiz Questions

• Authorization defined as restricting user access.
• Understanding of VPN costs and functionality compared to traditional networks is essential for comprehension of secure communication channels.

Class Take-Aways

• Security controls are crucial for incident prevention and response; stakeholder input is essential in design and implementation efforts.

Description

This quiz covers essential concepts in cybersecurity, focusing on the importance of confidentiality, integrity, and availability of IT resources. You'll learn about security threats, preventive and detective controls, and the role of computer incident response teams. Test your knowledge on how to protect organizations from various security risks.