Governance and Risk Management: Identifying Assets, Vulnerabilities, Threats, and Controls

Questions and Answers

What is the primary reason for implementing strict security measures for assets?

To reduce operating costs and increase efficiency

To comply with industry regulations and standards

To enhance the organization's reputation and public image

To prevent data breaches and unauthorized access (correct)

Which of the following is NOT considered an asset in information security?

A server hosting the organization's website

An employee's personal laptop (correct)

A database containing customer records

A software application used for financial reporting

What is the term used to describe activities intended to gain unauthorized access to assets?

Threats

Vulnerabilities

Attacks (correct)

Controls

Which of the following is an example of a data breach, as mentioned in the text?

A hacker gaining access to a company's customer database

What is the term used to refer to components of a computer and the data stored in it?

Assets

What does the term 'RISK' refer to in the context of cyber threats?

The probability that bad things will happen to a specific asset

Which category of THREATS include actions like sabotage and espionage?

Disclosed Threats

What type of attack involves sending a large number of messages to a target system to exhaust its resources?

Denial of Service (DoS) Attacks

Which type of malware does not require an application to spread across a system?

Worm

In the context of cybersecurity, what is the purpose of a Protocol Analyzer (Sniffer)?

To detect vulnerabilities in systems or networks

What type of attack involves intercepting communication between two parties without their knowledge?

Hijacking

What is the primary goal of a Black Hat Hacker?

To bypass security measures and gain unauthorized access

Which of the following activities is considered a Security Breach?

Launching a Distributed Denial-of-Service (DDoS) attack

What is the primary responsibility of a White Hat Hacker?

To check and identify vulnerabilities in a company's systems through ethical hacking

Which of the following assets does Information Assurance and Security aim to protect?

All of the above

What is the primary characteristic of a Grey Hat Hacker?

They combine ethical and unethical hacking practices

What is the primary goal of a Cracker?

To gain unauthorized access to vital data and deprive it from the original owner

What is the primary function of a Trojan Horse malware?

To collect sensitive information and open backdoors

What is the purpose of a rootkit?

To gain unauthorized access and hide its existence

Which of the following actions can spyware perform?

Scan and snoop for confidential data

Which countermeasure is NOT mentioned for preventing or curing malware?

Disabling firewalls

What is the primary function of a firewall?

To inspect network traffic and allow or deny it based on protocols

Which of the following actions is NOT mentioned as a countermeasure against malware?

Disabling firewalls

Study Notes

Assets in Information Security

• Refers to any pieces of information, devices, or parts related to them that support business activities.
• Includes components of a computer and/or the data stored in it.
• Should be put under strict security measures to prevent losses to the organization.

Types of Threats

• Disclosed Threats: sabotage and espionage.
• Unauthorized Threats: modification made exceeding the policy that has been agreed upon (Unauthorized Changes).
• Denial or Destruction Threats: DoS and/or DDoS.

Types of Active Threats

• Birthday Attacks.
• Brute-force password attacks.
• Dictionary password attacks.
• IP addressing Spoofing.
• Hijacking.
• Replay attacks.
• Man-In-The-Middle attacks.
• Masquerading.
• Social Engineering.
• Phishing.
• Phreaking.

Malware Classification

• Virus: contaminates a program and causes it to be copied to other computers.
• Worm: duplicates and sends itself to other hosts without any user intervention.
• Trojan Horse: hides in a useful program, collects sensitive info, and may open backdoors into computers.
• Rootkit: a group of software that gains unauthorized access to a machine and hides its existence.
• Spyware: targets confidential data, scans, snoops, and installs another spyware.

Countermeasures Against Malware

• Training events for users.
• Regular updates and bulletins about malwares.
• Evaluating new programs or quarantining files on a computer.
• Purchasing and installing anti-malware software and scanning files regularly.
• Using comprehensive login credentials.
• Firewall: inspects network traffic and denies or permits traffic depending on protocols.

Security Breaches

• Refers to any action that would result in a violation of any rules of the CIA.
• Caused by activities such as:
  • Attack through Denial of Service (DoS).
  • Distributed denial-of-service (DDoS).
  • Unacceptable Web Browsing.
  • Wiretapping.
  • Backdoors.
  • Data Modifications.

Assets to be Protected by Information Assurance and Security

• Customer Data.
• IT and Network Infrastructure.
• Intellectual Property.
• Finances and Financial Data.
• Service Availability and Productivity.
• Reputation.

Types of Hackers

• Black Hat Hackers: bypass security measures of a network and create malware to gain access to systems.
• White Hat Hackers: use their skills to do good, checking and finding vulnerabilities in a company's system.
• Grey Hat Hackers: combination of ethical and unethical hackers.

Crackers

• Someone who violates/breaks the security of remote machines and gets unauthorized access to vital data, depriving the original user/owner.

Description

This quiz focuses on the objectives of identifying assets, vulnerabilities, threats, and controls in governance and risk management. Learn about the importance of securing assets in information security to prevent potential risks and threats.