Cybersecurity Policies and Regulations Quiz

Questions and Answers

Which of these policies defines permissible activities for users within an organization, helping prevent misuse of IT resources?

• Acceptable Use Policies (correct)
• Access Control Policies
• Incident Response Policies
• Data Protection Policies

Which regulation focuses on protecting patient data in the U.S. healthcare sector?

• Payment Card Industry Data Security Standard (PCI DSS)
• Federal Information Security Management Act (FISMA)
• Health Insurance Portability and Accountability Act (HIPAA) (correct)
• General Data Protection Regulation (GDPR)

What does 'GDPR' stand for?

• Government Digital Protection Regulations
• Government Data Protection Regulation
• Global Data Privacy Regulation
• General Data Protection Regulation (correct)

Which of the following is NOT a key area covered by cybersecurity policies?

Network Security (D)

Which regulation is specifically designed to protect sensitive data within U.S. federal agencies?

FISMA (A)

What is the primary goal of 'Security Awareness Training' in cybersecurity?

Reducing human-related vulnerabilities by informing employees about risks (A)

Which of the following options are NOT considered critical infrastructure under the 'Critical Infrastructure Protection' framework?

Education systems (D)

What is the primary function of a digital signature in cryptography?

To ensure the origin and integrity of data (D)

Which of the following is NOT a key component of Disaster Recovery (DR)?

Penetration testing (C)

How do government regulations impact private sector security practices?

Regulations set industry benchmarks, impacting private companies that handle sensitive information (C)

Which of the following is NOT a common vulnerability exploited by attackers?

Secure Authentication (A)

How does Symmetric Encryption differ from Asymmetric Encryption?

All of the above (D)

What is the primary goal of Risk Management?

To identify, assess, and mitigate risks to an organization's assets (B)

What is the purpose of input validation in software security?

To prevent malicious commands from being injected into applications (B)

In which stage of incident response does the focus shift from containing the damage to restoring systems to their normal operating state?

Recovery (A)

What does "SQL Injection" refer to in the context of application vulnerabilities?

Injecting malicious SQL statements to manipulate or exfiltrate data from a database (D)

Which access control mechanism grants access based on a user's role within an organization?

Role-Based Access Control (RBAC) (B)

Which of the following is a common mitigation technique for software vulnerabilities?

Keeping applications patched with the latest security updates (A)

Which of the following is NOT a valid risk mitigation strategy?

Risk Assessment (A)

What is the purpose of encryption?

To prevent unauthorized access to data (B)

What is the role of PKI (Public Key Infrastructure) in cryptography?

To manage and distribute digital certificates for secure communication (D)

Which of the following is NOT a core principle of cryptography?

Availability (A)

Which of the following actions is typically performed during the Containment stage of incident response?

Isolating affected systems from the network (A)

Which access control mechanism allows resource owners to set permissions for their resources?

Discretionary Access Control (DAC) (A)

What does a "layered defense" approach in cybersecurity involve?

Implementing diverse security measures across different layers, such as physical, network, application, and endpoint security (C)

Why is integrating cybersecurity into business operations important?

To ensure security considerations are factored into every aspect of business operations, including product development and supply chain management (D)

What is the main focus of a Zero Trust architecture in cybersecurity?

Assuming that any user or device accessing the network, regardless of location, could be malicious (D)

Which of the following is NOT a benefit of using AI and ML in cybersecurity?

Increased reliance on human intervention for threat detection (C)

What is the main purpose of cybersecurity standards and frameworks?

Providing a set of best practices for organizations to follow (D)

How do security awareness training programs contribute to a holistic security approach?

By educating employees about cybersecurity best practices and reducing the risk of human error (C)

What is the role of incident response and recovery planning in a holistic security approach?

To ensure a quick recovery from incidents and minimize their impact on the organization (D)

Which of the following is NOT a key aspect of a holistic security approach?

Prioritizing a single specific security tool over other aspects (C)

Which of these regulations focuses on data protection for California residents?

CCPA (C)

What is a key principle emphasized by the GDPR?

Requiring explicit consent for data processing (D)

What is the primary motivation behind government regulation of information technology?

To ensure the ethical and secure use of technology for societal benefit (B)

Which of the following is NOT a key area typically addressed by government regulations in the realm of information technology?

Environmental impact of data centers (D)

What is the primary goal of the 'right to be forgotten' provision of the GDPR?

To give individuals control over their online presence and data (B)

What is the main reason for governments enacting data privacy regulations?

To ensure that companies handle personal information responsibly and securely (D)

Which of the following is a notable aspect of the GDPR's enforcement mechanism?

Substantial fines for non-compliance, reaching up to a percentage of global turnover (A)

What is the main challenge that government regulations strive to address when it comes to information technology?

To maintain a balance between innovation and the protection of public interests (C)

What is a defining characteristic of an Advanced Persistent Threat (APT)?

Prolonged attacks aimed at maintaining access to sensitive information. (A)

Which of the following is NOT a primary motive for cybersecurity incidents?

Scientific research (B)

What do Insider Threats and Advanced Persistent Threats (APTs) have in common?

Both involve unauthorized access to systems by malicious actors. (C)

Which of the following describes a scenario where a Zero-Day Exploit is most likely to be used?

An attacker exploiting a vulnerability before a security patch is available. (C)

Cyber-espionage is primarily motivated by:

Gaining a competitive advantage in business. (B)

Which of the following is NOT a characteristic of Hacktivists?

They typically seek to gain financial profits through data theft. (B)

What type of attack is most likely to involve the exfiltration of sensitive data from a target system?

Advanced Persistent Threat (APT) (C)

Which scenario BEST describes the use of cyber tools for 'Cyber Warfare and Intelligence Gathering'?

A nation-state actor using malware to gather intelligence on another country's military infrastructure. (B)

Flashcards

Incident Identification

Detecting and analyzing potential security incidents using monitoring tools and alerts.

Containment

Isolating affected systems to prevent the spread of an attack.

Eradication

Removing malicious elements and addressing vulnerabilities from the system.

Recovery

Restoring systems to normal operations and validating their security after an incident.

Risk Management

Process of identifying, assessing, and mitigating risks to organization’s assets.

Disaster Recovery (DR)

Focuses on restoring operations after a significant incident like a cyberattack or natural disaster.

Access Control

Restricting user access based on permissions, roles, and policies to secure resources.

Encryption

The process of converting data into a secure format to ensure confidentiality and integrity.

Cybersecurity Policy

A framework for managing risks and ensuring compliance with regulations.

Data Protection Policies

Guidelines for securely handling, storing, and transferring data.

Access Control Policies

Rules that define who can access sensitive information and systems.

Incident Response Policies

Steps for identifying, containing, and mitigating security incidents.

Acceptable Use Policies (AUP)

Defines permissible activities for users in an organization.

Security Awareness Training

Education for employees on cybersecurity risks and practices.

General Data Protection Regulation (GDPR)

EU law enforcing strict data privacy and protection guidelines.

Health Insurance Portability and Accountability Act (HIPAA)

U.S. law protecting patient data in the healthcare sector.

Zero-Day Exploits

Attacks that target unknown vulnerabilities not yet patched.

Insider Threats

Internal users misuse their access, intentionally or unintentionally.

Advanced Persistent Threats (APTs)

Long-term, stealthy attacks often by nation-state actors to steal information.

Financial Gain Motives

Cybercriminals aiming for monetary profit through theft, extortion, or fraud.

Political and Ideological Agendas

Cyber actions driven by political motives, such as activism or protest.

Corporate Espionage

Competitors illegally access proprietary information for an advantage.

Cyber Warfare

Nation-states using cyber tools for spying and sabotage.

Revenge or Sabotage

Disgruntled insiders harming systems or leaking info as retaliation.

5G Vulnerabilities

The new weaknesses in cybersecurity due to 5G technology and IoT.

Geopolitical Tensions

Increased cyberattacks driven by national conflicts and interests.

Data Privacy Regulations

Laws aimed at protecting personal data in the digital economy.

GDPR

A strict EU regulation for how organizations handle personal data.

CCPA

A California law providing privacy rights for residents regarding their data.

Cybersecurity Investment

Resources allocated by public and private sectors to enhance security measures.

Digital Platform Regulations

Rules governing the ethical and secure use of digital technologies.

Layered Defense

A strategy involving multiple security measures to protect against attacks.

Integration of Cybersecurity

Incorporating security into all business operations and strategies.

Incident Response Planning

Creating and updating plans for responding to security incidents swiftly.

Regular Testing and Drills

Conducting exercises to simulate attacks and improve response.

AI and Machine Learning in Security

Using advanced technologies for detecting threats and automating responses.

Zero Trust Architecture

A security model assuming threats could be internal or external, requiring verification.

Standards and Frameworks

Guidelines that help organizations manage and mitigate cybersecurity risks.

Attribute-Based Access Control (ABAC)

Access control method using user attributes to grant or deny access.

Symmetric Encryption

Encryption method using the same key for both encrypting and decrypting data.

Asymmetric Encryption

Encryption method using a public key for encryption and a private key for decryption.

Hashing

Creates a unique digital fingerprint of data to verify integrity.

Digital Signatures

Uses asymmetric cryptography to verify data authenticity and integrity.

SQL Injection

An attack method where malicious SQL statements are inserted to manipulate data.

Cross-Site Scripting (XSS)

Attack where malicious scripts are injected into web applications to hijack sessions.

Input Validation

The process of checking all input data to prevent attacks.

Study Notes

Cybersecurity (CYB 201)

• Cybersecurity is about protecting digital assets (systems, data, and networks) from unauthorized access, breaches, and failures.
• Key concepts include: Cyber, Security, Confidentiality, Integrity, and Availability.
• Cyber: Refers to the digital or networked environment.
• Security: Protecting data and systems from unauthorized access or disruption.
• Confidentiality: Access restricted to authorized individuals only.
  • Techniques include encryption (converting data into secure format, readable only by some with decryption key) and access control (restricting based on user roles and permissions).
• Integrity: Ensures data is accurate, complete, and unaltered.
  • Techniques include hashing (unique digital fingerprints, changing if data modified), checksums, and digital signatures (using algorithms and cryptographic keys).
• Availability: Ensuring systems, data, and services are readily available to authorized users.
  • Methods include redundant systems (backup servers and data replication) for system failures.
• Authentication: Verifying a user, device, or system's identity before granting access.
  • Methods include passwords, PINs, multi-factor authentication (MFA), and biometrics (fingerprints, facial recognition).
• Access Control: Regulating user access to resources based on roles, permissions, and policies.
  • Types include Role-Based Access Control (RBAC), Mandatory Access Control (MAC), and Discretionary Access Control (DAC).
• Non-repudiation: Ensures actions cannot be denied later.
  • Techniques include digital signatures.
• Fault-tolerant methodologies: Designing systems to continue operating even with component failures.
  • Methods include redundancy, failover systems, load balancing, backups, and DDoS protection.
• Network Resilience: Maintaining service during high traffic or attacks.
• Data Replication: Synchronizing data across multiple locations.
• Failover Systems: Automatically switching operations to a backup system when the primary fails.
• Load Balancing: Distributing network/application traffic across multiple servers.
• Backups: Regularly storing copies of data in a secure, separate location.
• DDoS Protection: Protecting against distributed denial-of-service (DDoS) attacks that overload systems.
• Network Segmentation: Isolating network segments to limit the impact of breaches.

Fault-Tolerant Methodologies in Cybersecurity

• Fault tolerance: Designing systems to continue functioning even in component failure.
• Redundancy: Duplicate critical system components (servers, databases, etc.).
• Failover systems: Automatic switching to backup systems.
• Load balancing: Distributing traffic across multiple servers.
• Backups: Ensuring data recovery if the primary system fails.
• DDoS protection: Protecting against distributed denial-of-service attacks.
• Network segmentation: Isolating segments to limit malicious network impacts.

Security Policies and Best Practices

• Security policies: Formal documents defining an organization's security approach.
• Acceptable Use Policy (AUP): Defines acceptable employee activities on company devices and networks.
• Data Protection Policy: Specifies how sensitive data should be handled, stored, and moved.
• Incident Response Policy: Outlines steps to handle security incidents.

Testing Security and Incident Response

• Vulnerability Scanning: Automated tools scan systems for known vulnerabilities.
• Penetration Testing (Pen Testing): Ethical hackers simulate attacks to find and highlight weaknesses.
• Red Team Exercises: Specialized teams conduct complex simulated attacks to test defences.
• Security Audits: Comprehensive reviews of security practices, policies, and infrastructure.
• Incident Response (IR): Plan to detect, analyse and respond to security incidents.
  • Stages: Preparation, Identification, Containment, Eradication, Recovery, and Post-incident Review.

Risk Management and Disaster Recovery

• Risk Management: Identifying, assessing, and mitigating risks to an organisation's assets.
  • Stages: Risk Assessment, Risk Mitigation, Risk Acceptance, Risk Transfer.
• Disaster Recovery (DR): Restoring operations after a critical incident (cyberattack, natural disaster, or outage).
  • DR components include backups, failover systems, business continuity planning (BCP), and DR drills.

Access Control

• Access Control: Regulates user access based on roles, permissions, and policies.
• Role-Based Access Control (RBAC): Granting access based on user roles, within an organisation.
• Mandatory Access Control (MAC): Centralized policies restrict access based on data classifications.
• Discretionary Access Control (DAC): Allows resource owners to set permissions for their resources.

Basic Cryptography

• Cryptography: Securing data to make it unreadable to unauthorized access.
• Key cryptographic concepts include: Encryption (converting data into secure format), Symmetric Encryption(using single key for encryption and decryption), Asymmetric Encryption(using public and private key), Hashing (creating a fixed-length fingerprint for data integrity), and Digital Signatures (using asymmetric cryptography for data integrity and authentication).

Software Application Vulnerabilities

• SQL Injection: Attackers inject malicious SQL code into vulnerable input fields.

• Cross-Site Scripting (XSS): Malicious scripts injected into webpages,viewed by other users.

• Buffer Overflow: Writing more data to a buffer than its capacity.

• Insecure Deserialization: Untrusted data deserialized into objects.

• Broken Authentication: Improper authentication mechanism.

• Sensitive Data Exposure: Disclosure of sensitive data in applications.

• Missing Function Level Access Control: Vulnerable access based on user input roles accessing unauthorised data

• Command Injection: Attacker inputs malicious commands from user input into an application.

• Path Traversal: Allows attackers to access files outside intended directories.

• Race Conditions: Unpredictable behaviour from concurrent actions.

• Insufficient Logging & Monitoring: Deficient logging & monitoring for security incident detection.

Evolution of Cyber-Attacks

• Early attacks (1980s-1990s): simple viruses and worms.
• Organised crime and financial motives (2000s): attacks for financial gain
• Advanced Persistent Threats (APTs) and Nation-State attacks (2010s): complex, targeted, long-term operations for espionage
• Targeted ransomware and supply chain attacks (2020s): sophisticated, large-scale attacks on critical infrastructure and supply chains.