Data Classification and Disaster Recovery Quiz

Cybersecurity Threats and Risk Assessment

• Reconnaissance: determining what information is available for targeting
• Weaponization: coupling an exploit with a means of gaining access to a specific system
• Delivery: delivering a weaponized payload to a victim via various means (e.g., email, web access, USB)
• Exploit: exploiting a vulnerability to enable installation
• Installation: installing a malware package on an asset
• Command and control: creating a command and control channel to operate malware remotely
• Actions: activating a threat to achieve goals (e.g., obtaining data, doing damage, or making a ransom demand)

Security Operations Center (SOC)

• A facility that tracks and integrates multiple security inputs
• Ascertains risk, determines attack targets, contains attack impact, and recommends/executes responses
• Can be established by an organization or outsourced to a private company

Control Identification

• Data type/classification: classifying information transmitted, processed, or stored by an asset
• Asset value classification: ranking asset value (e.g., low, medium, high)
• Disaster recovery priority: ranking priority for devoting resources to recovery
• Exposure level: degree to which an asset is exposed to threats

Threat Identification

• Threat sources: environmental, business resources, hostile actors
• Threat information sources: in-house experience, security alert services, global threat surveys
• Annual surveys: Verizon Data Breach Investigations Report (DBIR), Trustwave Global Security Report, Cisco Annual Cybersecurity Report, Fortinet Threat Landscape Report

Threat Types

• Spyware: software that collects information from a computer and transmits it to another system
• Adware: advertising integrated into software, resulting in pop-up ads or browser redirection
• Phishing: digital social engineering using authentic-looking emails to request information
• Password attack: accessing an obstructed device using a captured user ID/password
• Website exploit: inserting malicious code on a web server to attack the server or user systems

Risk Assessment

• Estimating secondary loss: losses from dealing with secondary stakeholder reactions
• Secondary loss magnitude: expected losses from secondary stakeholder reactions
• Secondary loss event frequency: percentage of time a primary loss event results in a secondary loss
• Business impact reference table (BIRT): a tool for performing impact assessments

Risk Determination

• Estimating primary risk: f3 (primary loss event frequency, primary loss magnitude)
• Estimating secondary risk: f3 (secondary loss event frequency, secondary loss magnitude)
• Overall risk: f4 (primary risk, secondary risk)

Risk Evaluation

• Comparing risk analysis results with risk evaluation criteria
• Criteria developed vary significantly from one organization to another