Data Classification and Disaster Recovery Quiz

Questions and Answers

What are the three important categories of threat information sources mentioned in the text?

Internal reports, cybersecurity news, annual reports

Security incident data, breach investigations, threat horizon reports

In-house experience, security software, global threat surveys (correct)

Monitoring, anti-virus apps, threat landscape data

Based on the 2018 DBIR, how many industry sectors were the results broken down by?

25 industry sectors

20 industry sectors (correct)

10 industry sectors

15 industry sectors

What do the key aspects of an attack include as per the text?

Tools and techniques

Servers and media

Malware and viruses

Actors and tactics (correct)

What does the ENISA Threat Landscape Report provide a detailed breakdown of?

Potential cybersecurity threats

According to Threat Horizon Report, what are the three challenging themes the major threats are broken down into?

Disruption, Distortion, Deterioration

What does the DBIR define as a 'breach'?

Incident that results in an unauthorized party gaining access to data

What is the primary characteristic of spyware?

Collects and transmits information from a computer

Which type of attack involves using authentic-looking emails to request information from users?

Phishing

What characterizes adware?

Integrates advertising into software

How is a password attack defined?

Accessing an obstructed device by capturing user credentials

What is the main goal of website exploit attacks?

Inserting malicious code on a web server

Why is it challenging to assess future trends in cybersecurity according to the text?

Threats evolve as adversaries discover new techniques

What is the purpose of classifying information according to the established policy?

To drive the risk assessment process

Which of the following is NOT a factor considered in asset value classification?

Disaster recovery priority

What is the purpose of assigning a disaster recovery priority to an asset?

To prioritize resources for recovery in case of a security breach

Which of the following is NOT a factor that determines an asset's exposure level?

The asset's monetary value

Which of the following is NOT a category of threat sources identified in the threat identification process?

Regulatory compliance threats

Which of the following is an example of a hostile actor threat source?

Hacker

What are the two components of estimating the secondary loss?

Secondary loss magnitude and secondary loss event frequency

What is the purpose of the Business Impact Reference Table (BIRT)?

To provide consistent definitions for different types of impacts and severity levels

How is the primary risk calculated?

Primary risk = f3(Primary loss event frequency, Primary loss magnitude)

How is the overall risk calculated?

Overall risk = f4(Primary risk, Secondary risk)

What is the purpose of risk evaluation?

To compare the results of risk analysis with risk evaluation criteria

Which of the following is NOT a component of estimating the secondary loss?

Primary loss event frequency

What is the first step in the cyber attack process described in the text?

Reconnaissance

What is the purpose of the command and control step in the cyber attack process?

To create a channel to remotely operate the malware

What is the main purpose of a security operations center (SOC)?

To track and integrate multiple security inputs

What is the difference between an organization establishing its own SOC and outsourcing SOC services?

An organization-established SOC is for the organization's own cybersecurity, while an outsourced SOC serves multiple clients

What is the purpose of the 'Weaponization' step in the cyber attack process?

To couple an exploit with a means of gaining access to the specific system to be attacked

What are controls for cybersecurity according to the text?

Any process, policy, procedure, guideline, practice, or organizational structure that modifies information security risk

Study Notes

Cybersecurity Threats and Risk Assessment

• Reconnaissance: determining what information is available for targeting
• Weaponization: coupling an exploit with a means of gaining access to a specific system
• Delivery: delivering a weaponized payload to a victim via various means (e.g., email, web access, USB)
• Exploit: exploiting a vulnerability to enable installation
• Installation: installing a malware package on an asset
• Command and control: creating a command and control channel to operate malware remotely
• Actions: activating a threat to achieve goals (e.g., obtaining data, doing damage, or making a ransom demand)

Security Operations Center (SOC)

• A facility that tracks and integrates multiple security inputs
• Ascertains risk, determines attack targets, contains attack impact, and recommends/executes responses
• Can be established by an organization or outsourced to a private company

Control Identification

• Data type/classification: classifying information transmitted, processed, or stored by an asset
• Asset value classification: ranking asset value (e.g., low, medium, high)
• Disaster recovery priority: ranking priority for devoting resources to recovery
• Exposure level: degree to which an asset is exposed to threats

Threat Identification

• Threat sources: environmental, business resources, hostile actors
• Threat information sources: in-house experience, security alert services, global threat surveys
• Annual surveys: Verizon Data Breach Investigations Report (DBIR), Trustwave Global Security Report, Cisco Annual Cybersecurity Report, Fortinet Threat Landscape Report

Threat Types

• Spyware: software that collects information from a computer and transmits it to another system
• Adware: advertising integrated into software, resulting in pop-up ads or browser redirection
• Phishing: digital social engineering using authentic-looking emails to request information
• Password attack: accessing an obstructed device using a captured user ID/password
• Website exploit: inserting malicious code on a web server to attack the server or user systems

Risk Assessment

• Estimating secondary loss: losses from dealing with secondary stakeholder reactions
• Secondary loss magnitude: expected losses from secondary stakeholder reactions
• Secondary loss event frequency: percentage of time a primary loss event results in a secondary loss
• Business impact reference table (BIRT): a tool for performing impact assessments

Risk Determination

• Estimating primary risk: f3 (primary loss event frequency, primary loss magnitude)
• Estimating secondary risk: f3 (secondary loss event frequency, secondary loss magnitude)
• Overall risk: f4 (primary risk, secondary risk)

Risk Evaluation

• Comparing risk analysis results with risk evaluation criteria
• Criteria developed vary significantly from one organization to another

Description

Test your knowledge on data classification policies, asset value classification, and disaster recovery priorities in the context of information security.