Chapter 1

Questions and Answers

Which type of attack targets systems to disrupt their availability by overwhelming them with traffic?

• Phishing attack
• Ransomware attack
• Man-in-the-middle attack
• Denial of Service (DoS) attack (correct)

What is defined as the probability or likelihood of the occurrence of a threat?

• Threat
• Risk (correct)
• Asset
• Vulnerability

What is one potential consequence of the disclosure of confidential information?

• Increased market share
• Improved public relations
• Enhanced customer loyalty
• Loss of revenue (correct)

Which of the following best describes assets in the context of security?

Items of economic value owned by an individual or organization. (B)

Who are considered 'script kiddies' in the context of cybersecurity?

People using pre-existing tools to hack without expertise (C)

What term is used to describe the risk that remains after implementing safeguards?

Residual risk (B)

What characterizes organized crime groups among threat actors?

Their primary goal is to financially benefit from illegal activities. (B)

What is an example of a specific tool designed to target critical infrastructure?

Stuxnet (C)

Which category do hurricanes and flooding fall under in the context of security threats?

Natural threats (C)

In risk management, what does an increased vulnerability indicate?

A higher chance of successful attacks (B)

In terms of risk management, what essential framework has been adopted by the U.S. federal government?

Risk Management Framework (RMF) (C)

What type of malware is designed to damage or destroy a system or data?

Virus (B)

What kind of risk is associated with unauthorized attacks by an insider or outsider on an organization’s infrastructure?

Threat actor risk (D)

What is a primary method used by attackers in today's DoS attacks?

Using botnets (D)

Which of the following options best summarizes the components of risk?

Assets, threats, and vulnerabilities (C)

What describes threats in an organizational context?

Events that impact confidentiality, integrity, or availability of assets. (D)

What does ISO 27001 specify?

Requirements for an Information Security Management System (ISMS). (D)

Which of the following best describes a threat?

Any potential danger to an asset. (A)

What is the primary focus of ISO 27005?

Defining a risk management approach. (B)

Which document outlines how organizations can monitor and measure security?

ISO 27004 (D)

In the context of security, what is a vulnerability?

A weakness in a system that can be exploited. (C)

What role does a threat actor have in an attack?

To exploit vulnerabilities. (A)

What is the purpose of the ISO/IEC 27000 series?

To establish recommendations for information security management. (C)

What method is primarily used to perform attacks through vulnerabilities?

Threat vectors. (D)

Flashcards

Risk

The probability of a threat affecting an asset.

Assets

Things of value to an organization, physical or digital.

Threats

Events that could harm an organization's assets.

Vulnerabilities

Weaknesses in a system that a threat can exploit.

Residual Risk

The risk remaining after security measures are in place.

Risk Management Framework (RMF)

A structured approach to managing risk in information systems.

Insider Threat

A threat posed by someone within the organization.

External Threat

A threat posed by someone outside the organization.

Cyberattacks on critical infrastructure

Attacks targeting essential systems like power plants, water treatment facilities, and oil refineries.

Stuxnet

A malicious software specifically designed to attack industrial control systems, notably targeting Iranian nuclear facilities.

Viruses and malware

Software created with harmful intent, designed to damage or destroy systems and data.

Disclosure of confidential information

Leaking sensitive data like customer information or trade secrets, impacting reputation and potentially causing financial loss.

DoS and DDoS Attacks

Overwhelming a server with traffic, rendering it inaccessible and causing service outages.

Threat Actors

Individuals or groups intentionally harming or potentially impacting organizations or individuals.

Script kiddies

Threat actors with limited skills using pre-made tools to exploit vulnerabilities.

Organized crime groups

Threat actors motivated by financial gain, stealing information and scamming people.

ISO 27000 Series

A set of internationally recognized standards for managing information security, developed by ISO and IEC. It provides guidelines for establishing, implementing, and maintaining an Information Security Management System (ISMS).

ISO 27001

The core standard in the ISO 27000 series, specifying the requirements for an ISMS. It provides a framework for identifying, analyzing, and mitigating information security risks.

ISO 27002

A code of practice for information security management, providing detailed guidance on various security controls and best practices. It helps organizations implement effective security measures based on industry standards.

Threat Agent

The method or entity that delivers a threat to an asset. It can be a person, a virus, a malware, or even a natural disaster.

Latent Threat

A potential risk that exists but hasn't been activated. This occurs when a vulnerability exists but hasn't been exploited or is unknown.

Realized Threat

An active attack where a vulnerability is exploited, causing real damage to an asset. It's an actual instance of a threat happening.

Exploit

A method or tool that takes advantage of a vulnerability to gain unauthorized access or control over an asset.

Study Notes

Cybersecurity Fundamentals

• Cybersecurity programs aim to protect all connections and organizational data, regardless of storage or transmission.
• Cybersecurity concepts include the difference between threats, vulnerabilities, and exploits.
• Common threats include viruses, Trojans, DoS/DDoS attacks, phishing, rootkits, man-in-the-middle attacks, SQL injection, and cross-site scripting.
• Common software and hardware vulnerabilities include weak or hardcoded passwords, software bugs, missing encryption, buffer overflows, and path traversal.
• The CIA triad (Confidentiality, Integrity, Availability) defines security policies to protect assets.
• Cloud security threats include data breaches, insecure APIs, DoS attacks, and compromised credentials.
• IoT (Internet of Things) security threats include device vulnerabilities, lack of security features, and physical access issues.
• Digital forensics and incident response (DFIR) involves understanding digital evidence and responding to security incidents.

"Do I Know This Already?" Quiz

• The quiz assesses prior knowledge of the chapter's topics, helping determine if the entire chapter or relevant sections should be read.
• Questions cover introduction to cybersecurity, definitions, common threats, vulnerabilities, CIA triad, cloud security, and IoT security.

Technical Questions

• A threat is any potential danger to an asset.
• A vulnerability is a weakness in system design, implementation, software, code, or a missing mechanism
• An exploit is a piece of software, tool, or process that takes advantage of a vulnerability.
• Malware attack mechanisms include Master Boot Record, File Infector, Macro Infector, etc.
• Vulnerability is identified by a CVE (Common Vulnerabilities and Exposures) identifier.
• SQL injection attacks can be blind, out-of-band, or in-band.
• A web application vulnerability occurs when a flaw is in a web application targeting an end user.
• A denial-of-service attack impacts availability.
• Security mechanisms like encryption, controlled traffic routing, and access controls preserve confidentiality.
• Cloud deployment models include public, private, community, and hybrid.

Risk, Assets, Threats, and Vulnerabilities

• Risk is the probability a threat will manifest.
• An asset has economic value to an individual or organization.
• A threat actor is an individual or group responsible for security incidents.
• Natural disasters, user attacks, and disclosure of confidential information threaten systems.

Defining Threat Actors

• Script kiddies use existing tools to attack systems.
• Organized crime groups aim to steal information and make money.
• State-sponsored actors steal data or conduct political attacks.
• Hacktivists perform attacks to promote a cause.
• Terrorist groups perform attacks based on political or religious beliefs.

Threats, Vulnerabilities, and Exploits

• A security threat is any potential danger to an asset.
• Security vulnerabilities include flaws in systems, software, or code.
• An exploit takes advantage of a vulnerability during a security breach.

Viruses and Worms

• Viruses need an existing program to infect; Worms can spread independently.
• Spyware, a type of malware, steals information without user acknowledgement.
• Malware uses several propagation methods including master boot record infection, BIOS infection, file infection, and macro infection.

Malware Payloads

• Malware may overwrite parts of an infected file, put the code at the beginning or end, or prepender or appender.
• Malware detection is increasingly challenging due to the variety of techniques used to obfuscate code, encrypt, and make malicious code undetectable by antivirus software.

Trojan Types

• Remote Access Trojans (RATs) give attackers complete control over the system.
• Data hiding Trojans hide the data, usually involving ransom payments for release.
• Banking Trojans steal banking information.
• Denial-of-Service (DoS) Trojans disrupt services by overwhelming them.
• Proxy Trojans mask attackers' identity.
• FTP Trojans allow malicious file transfer.

Cloud Security Threats

• Cloud security threats include data breaches, insecure APIs, DoS attacks, and privilege escalation.

IoT Security Threats

• IoT device vulnerabilities, lack of security features, compromised credentials, and physical access.

Incident Response

• Incident response addresses security incidents, providing a predictable and managed response.
• Incident response plans (IRPs), policies, procedures, and personnel are components of a response program.
• Incident classification and handling, information classification and protection, record retention and destruction, and acceptable usage of encryption are all important considerations during incident response.

Incident Response Teams

• CSIRT (Computer Security Incident Response Team) is responsible for investigating and resolving computer security incidents.
• PSIRT (Product Security Incident Response Team) handles security vulnerabilities in products or services.

Common Vulnerability Scoring Systems (CVSS)

• CVSS provides a standardized method for scoring vulnerabilities based on the severity, such as base, temporal, and environmental aspects for analysis.

Security Vulnerabilities in Open-Source Software

• Open-source software vulnerabilities frequently require urgent attention, so organizations and individuals routinely update software and tools.

Digital Forensics and Incident Response (DFIR)

• Digital evidence preservation ensures evidence integrity from collection through presentation in a court of law.
• Digital forensics and incident response methodologies involve policies, plans, procedures, and personnel.