Governance and Risk Management: Identifying Assets, Vulnerabilities, Threats, and Controls

Questions and Answers

What is the primary reason for implementing strict security measures for assets?

• To reduce operating costs and increase efficiency
• To comply with industry regulations and standards
• To enhance the organization's reputation and public image
• To prevent data breaches and unauthorized access (correct)

Which of the following is NOT considered an asset in information security?

• A server hosting the organization's website
• An employee's personal laptop (correct)
• A database containing customer records
• A software application used for financial reporting

What is the term used to describe activities intended to gain unauthorized access to assets?

• Threats
• Vulnerabilities
• Attacks (correct)
• Controls

Which of the following is an example of a data breach, as mentioned in the text?

A hacker gaining access to a company's customer database (A)

What is the term used to refer to components of a computer and the data stored in it?

Assets (B)

What does the term 'RISK' refer to in the context of cyber threats?

The probability that bad things will happen to a specific asset (D)

Which category of THREATS include actions like sabotage and espionage?

Disclosed Threats (B)

What type of attack involves sending a large number of messages to a target system to exhaust its resources?

Denial of Service (DoS) Attacks (D)

Which type of malware does not require an application to spread across a system?

Worm (D)

In the context of cybersecurity, what is the purpose of a Protocol Analyzer (Sniffer)?

To detect vulnerabilities in systems or networks (A)

What type of attack involves intercepting communication between two parties without their knowledge?

Hijacking (D)

What is the primary goal of a Black Hat Hacker?

To bypass security measures and gain unauthorized access (A)

Which of the following activities is considered a Security Breach?

Launching a Distributed Denial-of-Service (DDoS) attack (B)

What is the primary responsibility of a White Hat Hacker?

To check and identify vulnerabilities in a company's systems through ethical hacking (C)

Which of the following assets does Information Assurance and Security aim to protect?

All of the above (D)

What is the primary characteristic of a Grey Hat Hacker?

They combine ethical and unethical hacking practices (C)

What is the primary goal of a Cracker?

To gain unauthorized access to vital data and deprive it from the original owner (A)

What is the primary function of a Trojan Horse malware?

To collect sensitive information and open backdoors (D)

What is the purpose of a rootkit?

To gain unauthorized access and hide its existence (D)

Which of the following actions can spyware perform?

Scan and snoop for confidential data (A)

Which countermeasure is NOT mentioned for preventing or curing malware?

Disabling firewalls (A)

What is the primary function of a firewall?

To inspect network traffic and allow or deny it based on protocols (A)

Which of the following actions is NOT mentioned as a countermeasure against malware?

Disabling firewalls (A)

Flashcards are hidden until you start studying

Study Notes

Assets in Information Security

• Refers to any pieces of information, devices, or parts related to them that support business activities.
• Includes components of a computer and/or the data stored in it.
• Should be put under strict security measures to prevent losses to the organization.

Types of Threats

• Disclosed Threats: sabotage and espionage.
• Unauthorized Threats: modification made exceeding the policy that has been agreed upon (Unauthorized Changes).
• Denial or Destruction Threats: DoS and/or DDoS.

Types of Active Threats

• Birthday Attacks.
• Brute-force password attacks.
• Dictionary password attacks.
• IP addressing Spoofing.
• Hijacking.
• Replay attacks.
• Man-In-The-Middle attacks.
• Masquerading.
• Social Engineering.
• Phishing.
• Phreaking.

Malware Classification

• Virus: contaminates a program and causes it to be copied to other computers.
• Worm: duplicates and sends itself to other hosts without any user intervention.
• Trojan Horse: hides in a useful program, collects sensitive info, and may open backdoors into computers.
• Rootkit: a group of software that gains unauthorized access to a machine and hides its existence.
• Spyware: targets confidential data, scans, snoops, and installs another spyware.

Countermeasures Against Malware

• Training events for users.
• Regular updates and bulletins about malwares.
• Evaluating new programs or quarantining files on a computer.
• Purchasing and installing anti-malware software and scanning files regularly.
• Using comprehensive login credentials.
• Firewall: inspects network traffic and denies or permits traffic depending on protocols.

Security Breaches

• Refers to any action that would result in a violation of any rules of the CIA.
• Caused by activities such as:
  • Attack through Denial of Service (DoS).
  • Distributed denial-of-service (DDoS).
  • Unacceptable Web Browsing.
  • Wiretapping.
  • Backdoors.
  • Data Modifications.

Assets to be Protected by Information Assurance and Security

• Customer Data.
• IT and Network Infrastructure.
• Intellectual Property.
• Finances and Financial Data.
• Service Availability and Productivity.
• Reputation.

Types of Hackers

• Black Hat Hackers: bypass security measures of a network and create malware to gain access to systems.
• White Hat Hackers: use their skills to do good, checking and finding vulnerabilities in a company's system.
• Grey Hat Hackers: combination of ethical and unethical hackers.

Crackers

• Someone who violates/breaks the security of remote machines and gets unauthorized access to vital data, depriving the original user/owner.