Information Security Threats and Vulnerabilities

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the goal of cybersecurity?

The goal of cybersecurity is to protect information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

What are the three components of the CIA triad in cybersecurity?

  • Confidentiality, Integrity, Availability (correct)
  • Confidentiality, Integrity, Authentication
  • Confidentiality, Authorization, Availability
  • Integrity, Availability, Authentication

Multi-factor authentication requires at least three distinct factors for verification.

False (B)

A(n) ______ is a path or method used by an attacker to gain access to a system or network.

<p>threat vector</p> Signup and view all the answers

Match the following attack vectors with their corresponding target types:

<p>Phishing = Email account Stolen credentials = Personal devices Malware-infected website = Organization Exploiting vulnerabilities = Cloud server Unsecured Wi-Fi = Mobile devices</p> Signup and view all the answers

<h1>=</h1> <h1>=</h1> Signup and view all the answers

Flashcards

CIA Triad

The core principles of cybersecurity: Confidentiality, Integrity, and Availability.

AAA Framework

A security framework involving Authentication, Authorization, and Accounting.

Threat Vector

The method or pathway used by attackers to gain unauthorized access.

Ransomware

Malware that encrypts files and demands payment for access.

Signup and view all the flashcards

Multi-Factor Authentication

A security process requiring multiple verification methods to access an account.

Signup and view all the flashcards

Study Notes

Module 1: Information Security Threats and Vulnerabilities

  • This module covers threats, vulnerabilities, and different types of malware impacting information security.
  • Cyber security is the protection of assets from threats. The CIA triad is a framework of confidentiality, integrity, and availability.
  • The five critical elements in the AAA framework are Authentication, Authorization, and Accounting.
  • Module objectives include: Understanding threat sources, threat actors/agents, threat vectors, malware, network security vulnerabilities, impactful areas of vulnerability, assessing risk, and classification of vulnerabilities.
  • A threat is the potential occurrence of an undesirable event disrupting organizational activities. Attackers aim to infiltrate and steal personal, financial, and login credentials.
  • Threat sources can be classified as natural (fires, floods, power failures) and unintentional (unskilled administrators, accidents, untrained employees). Intentional sources include internal (fired employees, disgruntled employees, contractors) and external (hackers, criminals, terrorists, foreign intelligence agents, corporate raiders).
  • Threat actors/agents include Black Hats (malicious), White Hats (defensive), Gray Hats (both offensive and defensive), Suicide Hackers ("cause-driven"), Script Kiddies (unskilled), Cyber Terrorists (political/religious motivation), State-Sponsored Hackers (government-employed), Hacktivists (political agenda), Hacker Teams (skilled hackers), Industrial Spies (corporate espionage).
  • A threat vector is a medium used by malicious actors to exploit vulnerabilities. Examples include: direct access, removable media, wireless connections, email, cloud, ransomware/malware, supply chain, and business partners.
  • Malware is malicious software designed to damage or disable systems. It's used to steal data, slow systems, and cause operational disruption. Examples include Trojans, viruses, ransomware, computer worms, rootkits, PUAs (potentially unwanted apps), spyware, keyloggers, and botnets. Keylogger programs monitor keystrokes to gather information. Botnets are compromised systems used for malicious activities. Fileless malware resides in RAM to avoid detection.
  • The module discusses different types of malware and their propagation methods. It covers various vulnerabilities in the different systems, including network systems, operating systems, and applications.
  • Common vulnerabilities include misconfigurations/weak configurations (network misconfigurations, host misconfigurations), default installations/default configurations, application flaws, poor patch management, design flaws, operating system flaws, default passwords, zero-day vulnerabilities, and legacy platform vulnerabilities.
  • A system is vulnerable due to misconfiguration, poor design, inherent technology issues, and end-user carelessness.
  • Vulnerabilities in these aspects lead to various impacts like information disclosure, unauthorized access, identity theft, reputational damage, financial loss, legal consequences, and data modification.
  • Risk is a function of asset, threat, and vulnerability. Risk is the potential of damage or loss. Examples of risk include disruption, loss of productivity, loss of privacy, theft of information, legal liability, and damage to reputation.
  • The module concludes with a summary describing different threats, malware, and vulnerabilities, and their impacts as well as a look at different types of classifications.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

Information Security Threats and Vulnerabilities PDF

More Like This

Cybersecurity Overview
6 questions

Cybersecurity Overview

ReplaceableSalamander avatar
ReplaceableSalamander
Information Security Quiz
80 questions

Information Security Quiz

WellFeministArt avatar
WellFeministArt
Cybersecurity Threats and Malware
37 questions

Cybersecurity Threats and Malware

LyricalDwarf avatar
LyricalDwarf
Sécurité Informatique - Quiz de Base
59 questions

Sécurité Informatique - Quiz de Base

EnergySavingPrologue avatar
EnergySavingPrologue
Use Quizgecko on...
Browser
Open
Browser
Browser