Cybersecurity Threat Mitigation

Questions and Answers

PDF Questions PDF Answers

What type of threat involves an unauthorized party gaining access to an asset?

Interception (correct)

Fabrication

Interruption

Modification

What happens when an asset of the system becomes lost, unavailable, or unusable?

Modification

Interception

Interruption (correct)

Fabrication

What type of threat involves tampering with an asset?

Interception

Modification (correct)

Fabrication

Interruption

What is an example of a directed attack?

Draining a specific person's bank account

What is the result of an unauthorized party creating counterfeit objects on a computing system?

Fabrication

What is the term for unauthorized access to program or data files?

Illicit copying

What is a prerequisite for a malicious attacker to succeed?

Having method, opportunity, and motive

What is an example of a hardware vulnerability?

Adding devices to the network

What is machinicide?

A physical attack on computer hardware or software

What can be inserted into a network communication system by an intruder?

Spurious transactions

What is a possible motive for an attacker to perform an attack?

For fun or challenge

How can the security of hardware components be enhanced?

By using simple physical measures such as locks and guards

What is the term used to describe the possibility of harm occurring?

Risk

What is the primary goal of data encryption in terms of security?

To provide confidentiality of data

What is the term used to describe the weakness in a system that can be exploited by a threat?

Vulnerability

What is the primary goal of deflecting a threat in terms of security?

To make another target more attractive

What is the primary goal of incident response in terms of security?

To recover from the effects of the threat

Which of the following is a type of control that addresses the need for confidentiality and integrity of data?

Encryption

What is the primary goal of deflecting a threat?

To make another target more attractive

What is the term used to describe the possibility of harm occurring?

Risk

What is the primary goal of risk management?

To minimize the impact of potential harm

What is a vulnerability in the context of security?

A weakness in a system that can be exploited by a threat

Which of the following security concepts is NOT directly related to the threat of modification?

Availability

What is the primary goal of preventing an interception threat in terms of security?

Protecting data confidentiality

Which of the following is an example of an interruption threat?

Malicious destruction of a hardware device

What is the primary goal of risk management in relation to threat analysis?

Assessing the likelihood of a threat occurring

Which of the following is a characteristic of a directed attack?

Targets a specific individual or organization

What is the primary goal of implementing security controls in terms of threat analysis?

Preventing threats from occurring

What is the primary concern of a software alteration attack?

To exploit fractional interest truncation

What is the purpose of configuration management in a commercial computing center?

To prevent software deletion

What is a characteristic of a logic bomb?

It is a program that is designed to fail or cause unintended behavior when certain conditions are met

What is the primary goal of a software deletion attack?

To destroy a valuable software asset

What is a common vulnerability of software?

It is easy to modify or delete

What is the primary concern of a software modification attack?

To cause a system to fail or perform unintended tasks

What is the primary purpose of using a key in a scrambled alphabet substitution cipher?

To ensure a unique ciphertext letter for each plaintext letter

What is the encryption process in a substitution cipher with a key as a sentence?

By repeating the keyword along the message and summing them mod 26

What is a characteristic of a one-time pad?

It is considered the perfect cipher

What is the result of encrypting the message 'gold' using a scrambled alphabet table with key='sand'?

EMJ

What is the purpose of using the alphabet table in a substitution cipher with key as a sentence?

To convert plaintext letters to ciphertext letters

What is the weakness of using a substitution cipher with a key as a sentence?

It is vulnerable to key repetition

What is the purpose of adding a dummy letter in the message before encryption?

To make the message length a multiple of the number of columns

What is the goal of substitution in cryptography?

Confusion in the encryption pattern

What is an encryption algorithm called when it can be broken given enough time and data?

Breakable

What is the purpose of transposition in cryptography?

To achieve diffusion of the information

What is the challenge in decrypting a 25-character message in just uppercase letters with a given cipher scheme?

Selecting the right decipherment from a large set of possibilities

What is the primary goal of a secure encryption algorithm?

To prevent an interceptor from using a small piece of the ciphertext to predict the entire pattern of the encryption

What is the primary purpose of the Caesar cipher in cryptography?

To create a scrambled alphabet for secure communication

What is the major weakness of the Caesar cipher?

It is a repeated pattern that can be easily deciphered

What is the encryption formula for the Caesar cipher?

ci = E(pi) = pi + K mod 26

What is the decryption formula for the Caesar cipher?

pi = D(ci) = ci - K mod 26

What type of substitution cipher is the Caesar cipher?

Monoalphabetic cipher

What is the advantage of the Caesar cipher?

It is quite simple and easy to implement

Study Notes

Risk Management in Computing Security

• Risk refers to the possibility of harm arising from vulnerabilities within a system.
• Strategies to manage risk include preventing attacks, making them harder, deflecting threats, detecting breaches, and recovering from damages.

Types of Attacks

• Directed Attack: Targets specific individuals or organizations with malicious intent.
• Types of Threats:
  • Interception: Unauthorized access to assets, compromising confidentiality (e.g., wiretapping).
  • Interruption: Assets become lost or unavailable, violating availability (e.g., hardware destruction).
  • Modification: Tampering with assets, violating integrity (e.g., altering database values).
  • Fabrication: Creation of counterfeit objects in a system, violating authenticity (e.g., inserting fake transactions).

Software Vulnerabilities

• Software Alteration: Can involve truncating interest calculations, leading to financial exploitation.
• Software Deletion: Accidental erasure of files highlights the need for strict configuration management.
• Software Modification: Malicious changes can lead to program failures or unintended behaviors (e.g., logic bombs).

Attacker Profile

• Successful attackers require:
  • Method: Skills and tools to execute an attack.
  • Opportunity: Time and access to target systems.
  • Motive: Reasons such as revenge, fraud, or challenge.

Hardware Vulnerabilities

• Physical Attacks: Can include water damage or direct physical destruction of components.
• Machinicide: Intentional harm to hardware via weapons or vandalism; prevention may involve physical security measures.

Data Controls

• Encryption: Essential for ensuring data confidentiality and integrity by making it unreadable to unauthorized parties.

Cryptography Concepts

• Substitution Cipher: Involves mapping plaintext letters to ciphertext letters using scrambled alphabets or keys.
• Caesar Cipher: A classic method using letter shifting to encrypt messages; simple but vulnerable to pattern recognition.
• One-Time Pads: Considered a perfect cipher due to its unpredictability when used correctly.

Encryption Goals and Challenges

• Confusion and Diffusion: Confusion obfuscates message patterns; diffusion spreads information throughout ciphertext.
• Breakability: An encryption algorithm is considered breakable if it can be deciphered in practical time despite being theoretically secure.

Substitution Techniques

• Simple Substitution: Replaces original message characters with other symbols.
• Key-Based Substitution: Uses keys to organize the alphabet or repeat symbols along with the message for encryption.

Summary of Encryption Practices

• Ciphers like the Caesar cipher exemplify the balance between simplicity and vulnerability.
• Each encryption method has unique strengths and weaknesses affecting its security in practical applications.

Description

This quiz covers ways to deal with harm in cybersecurity, including prevention, deterrence, deflection, detection, and recovery. Learn about risk management and threat neutralization.