Cybersecurity Threats Overview

Questions and Answers

What type of threat is characterized by a disgruntled employee accessing patient records?

Phishing Attack

Insider Threat (correct)

Ransomware

Data Leakage

Which vulnerability involves the potential for unauthorized access due to poor password practices?

Missing Data Encryption

Weak and Unchanged Passwords (correct)

Unrestricted File Uploads

Broken Algorithms

What is a primary goal of the risk management framework?

To establish a blame culture

To eliminate all risks

To focus solely on external communication

To create and protect value (correct)

Which of the following best describes ransomware?

Malware that encrypts data for ransom

What principle of risk management emphasizes integrating it into organizational processes?

Risk management shall be an integral part of all organizational processes

What kind of attack attempts to gain sensitive information by impersonating a legitimate source?

Phishing

How should the risk management framework be treated within the organization?

It should be monitored, reviewed, and improved continuously

Which example does NOT represent a cyber vulnerability?

Phishing emails

What are the three processes involved in the risk management process?

Risk assessment, communication and consultation, and monitoring and review

What is the primary purpose of communication and consultation in risk management?

To provide, share, or obtain information for risk management

What is the primary aim of risk treatment?

To identify activities for risk mitigation

Which of the following steps is NOT part of the risk assessment process?

Implementing risk policies

What is essential for effective communication and consultation in risk management?

Establishing a consultative team with defined responsibilities

Which of the following best defines risk retention?

Accepting the risk based on informed decision

What is the purpose of monitoring in risk management?

To continually check for deviations from the expected status

What does context establishment involve in risk assessment?

Documenting the internal and external context relevant to the assessment

Which aspect strengthens risk awareness within an organization?

Communicating risk assessment results to stakeholders

Which risk treatment technique involves using insurance?

Risk sharing

What does the review process in risk management aim to achieve?

Analyze the effectiveness of risk processes

Which of the following best describes risk treatment?

Identifying options for managing identified risks

Why is endorsement of the risk management process important?

It creates mutual understanding among decision makers and stakeholders

Which of the following is considered a cyber-system?

A network of interconnected banking systems

Which of the following is NOT a technique for risk treatment?

Risk amplification

What is one of the main purposes of monitoring and review in risk management?

To detect changes and identify emerging risks

What is a crucial aspect that distinguishes cyber-risk assessment from general risk assessment?

The global potential origins of threats.

Which phase should be focused on during the second step of cyber-risk assessment?

Understanding what assets can be harmed.

In the context of cyber-risk management, what does monitoring and review specifically prioritize?

Analysis of the implementation and operation of risk management.

What kind of incidents can significantly impact cyber-systems?

Major global incidents.

Why is it important to ask about what could go wrong in cyber-risk assessment?

To expand the focus on all potential disruptions.

What defines cybersecurity?

The protection of cyber-systems against cyber-threats

Which of the following correctly identifies a cyber-threat?

A DoS attack on a web server

What differentiates a malicious cyber-risk from a non-malicious one?

The source of the risk, whether intentional or unintentional

Which of the following best describes a cyber-physical system?

A system that integrates cyber operations with physical processes

What is a common misconception about safety in relation to cybersecurity?

Safety and cybersecurity are entirely separate disciplines.

During the communication of cyber-risk, what is an important consideration?

Stakeholders may be consumers or providers of services.

How is cyber-risk defined?

A risk caused by a cyber-threat

Which statement correctly contrasts cybersecurity and safety?

Cybersecurity deals with threats in cyber-space, while safety deals with physical incidents.

Study Notes

Insider Threats

• Disgruntled employees with access to Electronic Health Records (EHR) systems may intentionally access, steal, or tamper with patient data.

Phishing Attacks

• Cybercriminals send phishing emails to clinic staff to steal login credentials and gain unauthorized access to patient data.

Cyber Vulnerabilities

• Missing data encryption
• Lack of security cameras
• Unlocked doors at businesses
• Unrestricted upload of dangerous files
• Code downloads without integrity checks
• Using broken algorithms
• URL Redirection to untrustworthy websites
• Weak and unchanged passwords
• Websites without SSL

Ransomware

• A form of malware that encrypts data and demands a ransom for an unlock code.

Phishing

• An attempt to gain sensitive information by posing as a trustworthy contact.

Data Leakage

• This often occurs when information is exposed to unauthorized individuals due to internal errors.

Hacking

• Exploiting vulnerabilities in organization's computer systems and networks to gain unauthorized access or control of digital information.

Insider Threats

• The potential for an insider to use their authorized access or understanding of an organization to harm that organization.

Risk Management

• Coordinated activities to direct and control an organization in relation to risk.

Risk Management Framework

• Defines the mandate and commitment of risk management.
• Outlines the risk management policy and responsibilities.
• Details the integration of risk management into organizational processes.
• Defines the mechanisms for internal and external communication and reporting.
• Should be continuously monitored, reviewed, and improved.
• Must comply with the basic principles for risk management.

Risk Management Principles

• Risk management should create and protect value.
• Risk management should be part of decision making.
• Risk management should be an integral part of all organizational processes.
• Risk management should be based on the best available information.

Risk Management Process

• Involves three processes: risk assessment, communication and consultation, and monitoring and review.
• Risk assessment is finite but conducted regularly.
• Communication and consultation are continuous.
• Monitoring and review are continuous.

Communication and Consultation

• Activities aiming to provide, share, or obtain information regarding the management of risk.
• Interaction and information sharing serve as the basis for decision making.
• The information of relevance is anything that may determine how the organization should manage risk.

Success of Communication and Consultation

• Establishing a consultative team with defined responsibilities to communicate and discuss decisions with stakeholders.
• Defining a plan for communication and consultation.
• Ensuring the endorsement of the risk management process.
• Communicating risk assessment results.

Risk Assessment

• Activities aiming to understand and document the risk picture for specific parts or aspects of an organization.
• Involves estimation of the risk level and identification of options for risk treatment.
• The results of the risk assessment serve as the basis for decision making regarding how to respond to the risks.

Risk Assessment Continued

• Divided into five steps: context establishment, risk identification, risk analysis, risk evaluation, and risk treatment.

Context Establishment

• Documentation of both the external and internal context of relevance for the assessment in question.

Risk Treatment

• Activities aiming to identify and select means for risk mitigation, reduction, avoidance, and acceptance.
• Risk level may increase or decrease based on the treatment applied.
• Focus on techniques to reduce the risk level.
• A treatment is an appropriate measure to reduce the risk level.
• A risk treatment is based on multiple factors, such as the cost of applying the risk treatment.

Risk Treatment Continued

• Risk treatment techniques: risk reduction, risk retention, risk avoidance, risk sharing.

Risk Reduction

• Reducing the likelihood or consequence of incidents.

Risk Retention

• Accepting the risk by informed decision.
• Typically an option if the risk is within an acceptable level or is too costly to treat.

Risk Avoidance

• Avoiding the activity that gives rise to the risk.

Risk Sharing

• Transferring the risk or parts of it to another party.
• Example: using insurance or sub-contracting.

Monitoring and Review

• Monitoring: continual checking, supervising, critically observing, or determining the current status to identify deviations from the expected or required status.
• Review: Determining the suitability, adequacy, and effectiveness of the risk management process and framework.
• Main purposes of monitoring and review: ensure controls are effective and efficient, obtain further information to improve risk assessment, analyze and learn lessons from incidents, changes, trends, successes, and failures, detect changes, identify emerging risks.

Cyberspace

• A collection of interconnected computerized networks, including services, computer systems, embedded processors, and controllers, as well as information in storage or transit.
• The internet is an example of global cyberspace.
• Any collection of interconnected networks is a cyberspace.
• Examples of unconnected-to-the-internet cyberspaces: military networks and emergency communication networks and systems.
• A cyber-system is a system that makes use of a cyberspace.

Cyber-System

• May include information infrastructure, as well as people and other entities that are involved in the business process.
• Many of the services the society relies on are cyber-systems.
• A cyber-physical system is a cyber-system that controls and responds to physical entities through actuators and sensors.
• Cyber-physical systems are increasingly part of daily lives, used to control smart grids, smart homes, production lines, etc.

Cybersecurity

• The protection of cyber-systems against cyber-threats.
• A cyber-threat is a threat that exploits a cyberspace.
• Cyber-threats may be malicious or non-malicious.
• Defined by what we need to protect the assets from, not what the assets are.
• It is not defined by the kinds of assets that are to be protected, but rather by the kinds of threats to the assets.

Cybersecurity and Safety

• Safety: the protection of life and health by prevention of physical injury caused by damage to property or the environment.
• Safety focuses on system incidents that can harm the surroundings; cybersecurity focuses on threats that cause harm via a cyberspace.
• Assets usually considered with safety are usually limited to human life and health as well as environmental assets, while the assets of concern to cybersecurity can be anything that needs to be protected.
• Safety issues are not outside the scope of cybersecurity.

Cyber-risk Management

• Cyber-risk: a risk that is caused by a cyber-threat.
• Cyber-risk is not the same as any risk that a cyber-system can be exposed to. Example: flood damaging a server is not a cyber-risk.
• A cyber-risk is malicious if it is (at least partly) caused by a malicious threat.

Communication and Consultation of Cyber-risk

• The general process of communication and consultation is suited for cyber-risk, but there are two things that require attention:
  • Cyber-systems may potentially have stakeholders everywhere.
  • Adversaries can be everywhere, and any major incident somewhere in the world may have a considerable impact on the cyber-system.
• Dealing with these parameters require increased focus on information collection by monitoring and surveillance.

Cyber-risk Assessment

• Two things distinguish risk assessment in the context of cyber-systems from the general case:
  • The potentially far-reaching extent of a cyberspace implies that the origins of threats are widespread, possibly global.
  • The number of potential threat sources and threats, both malicious and non-malicious, is very large.
• The process of cyber-risk assessment has the 2nd step divided into two phases.

Cyber-risk Assessment Continued

• There are an almost unlimited number of ways unintentional things may happen.
• It's recommended to start from the assets and the ways in which they may be harmed.
• By asking what can go wrong? And how? We keep ourselves in the right focus.
• Asking how something could happen unintentionally or by accident and what could be the cause will cause us to move in all directions.

Monitoring and Review of Cyber-risk

• The monitoring and review makes a clear distinction between:
  • Monitoring and review of risk: In which we are concerned with the system in question.
  • Monitoring and review of risk management: In which we focus on the implementation and operation of the risk management process for the system in question.

Description

Explore various cybersecurity threats including insider threats, phishing attacks, ransomware, and data leakage. This quiz covers vulnerabilities and common attack methods that organizations face. Test your knowledge on how to identify and mitigate these risks.