Information Security Threats Overview

Questions and Answers

Which threat has the highest percentage related to insufficient training?

• Blackmail of information release
• Theft or misuse of software
• Disclosure due to insufficient training (correct)
• Inability/unwillingness to follow policy

What is the total percentage range indicating perceived threats for the inability/unwillingness to follow established policy?

• 6.7% to 18.5%
• 47% to 48%
• 33.6% to 29.4%
• 11.8% to 47% (correct)

Which of the following threats ranks lowest in percentage amongst the given options?

• Theft or misuse of software (correct)
• Disclosure due to insufficient training
• Blackmail of information release
• Inability/unwillingness to follow policy

What percentage is associated with the threat of blackmail of information release?

31.1% (A)

Which of the following threats has a percentage closest to 30%?

Theft or misuse of software (A)

Which threat had the highest percentage of respondents considering it a severe threat?

Software failures or errors due to poorly developed applications (D)

What percentage of respondents viewed software failures due to known vulnerabilities as a severe threat?

61% (D)

Which threat is associated with 31.9% of respondents rating it at level 3 severity?

SQL injections (C)

Which of the following threats was perceived as less severe than social engineering, with a rank of 4?

Denial of service attacks (C)

What percentage of respondents considered outdated organizational software to not be a severe threat?

8.1% (C)

What type of fraud involves requesting a small advance fee to facilitate the transfer of money to the recipient?

Advance-fee fraud (D)

What is the primary goal of phishing attacks?

To gain personal or confidential information (B)

Which type of ransomware denies user access by locking the screen?

Lockscreen ransomware (D)

What term describes the act of stealing information and demanding payment for its return?

Information extortion (B)

How do attackers typically carry out phishing attacks?

By creating fake websites that appear legitimate (C)

Which of the following best characterizes ransomware attacks?

Malware that denies system access until a fee is paid (D)

Which of the following is an example of a method used in business e-mail compromise?

Mimicking legitimate business communications (B)

What type of fraud is commonly linked to the term 'Nigerian 4-1-9 Fraud'?

Advance-fee fraud (A)

Which type of software attack redirects users to an illegitimate site to obtain private information?

Pharming (C)

What is the main function of a man-in-the-middle attack?

To monitor and modify network packets (D)

Which of the following is NOT considered a communications interception attack?

Ransomware (A)

What typically characterizes a technical hardware failure or error?

Distribution of flawed equipment (A)

In a man-in-the-middle attack, what happens to the network packets?

They are monitored, modified, and reinserted. (A)

Which attack method is primarily focused on obtaining personal information through browser manipulation?

Pharming (A)

What is a common purpose of a spoofing attack?

To disguise the origin of an attack (A)

Which of the following describes a unique characteristic of ransomware compared to other attack types?

It extorts payment by encrypting data (A)

What is the effect of internet service provider (ISP) failures on organizations?

They can considerably undermine the availability of information. (B)

Which utility services can affect an organization's ability to function?

Telephone, water, wastewater, and trash pickup. (C)

What common issue do power irregularities lead to?

Fluctuations such as surges and sags. (A)

What does a sag in electrical power availability refer to?

A short-term decrease in electrical power. (A)

How can organizations manage power quality irregularities?

By applying controls to manage power quality. (D)

What are some examples of power irregularities?

Blackouts and sags. (A)

What is the primary responsibility of an outsourced web hosting provider?

Handling all internet services and associated hardware. (A)

Why are sensitive electronic equipment vulnerable to power irregularities?

Fluctuations can easily damage or destroy them. (D)

Study Notes

Insufficient Training

• Insufficient training accounts for the highest percentage of threats.

Inability/Unwillingness to Follow Established Policy

• The total percentage range indicating perceived threats for the inability/unwillingness to follow established policy spans between 20.6% and 38.3%.

Lowest Ranked Threat

• The lowest percentage reported amongst the given threat options is associated with outdated organizational software.

Blackmail of Information Release

• The threat of blackmail of information release is associated with a percentage of 19.2%.

Threat Approximately 30%

• The threat of malicious software attacks has a percentage closest to 30%.

Most Severe Threat

• The threat with the highest percentage of respondents considering it a severe threat is malicious software attacks.

Software Failures Due to Known Vulnerabilities

• 25% of respondents viewed software failures due to known vulnerabilities as a severe threat.

31.9% Severity Level 3

• The threat of social engineering is associated with 31.9% of respondents rating it at level 3 severity.

Less Severe Than Social Engineering (Rank 4)

• The threat of outdated organizational software was perceived as less severe than social engineering, with a rank of 4.

Outdated Organizational Software Not a Severe Threat

• 43% of respondents considered outdated organizational software to not be a severe threat.

Advance Fee Fraud

• Advance fee fraud involves requesting a small advance fee to facilitate the transfer of money to the recipient.

Phishing Attack Goal

• The primary goal of phishing attacks is to steal sensitive information, such as usernames, passwords, or credit card details.

Screen Locking Ransomware

• Ransomware that denies user access by locking the screen is known as screen-locking ransomware.

Information Theft and Payment Demand

• The act of stealing information and demanding payment for its return is known as extortion.

Phishing Attack Execution

• Attackers typically carry out phishing attacks through deceptive emails or websites designed to trick users into revealing personally identifiable information.

Ransomware Attack Characteristics

• Ransomware attacks are characterized by the encryption of data on a victim's computer, rendering it unusable until a ransom is paid.

Business Email Compromise Technique

• A typical technique used in business email compromise (BEC) attacks is the impersonation of a high-ranking executive to request wire transfers.

Nigerian 4-1-9 Fraud

• The term 'Nigerian 4-1-9 Fraud' is commonly linked to advance fee fraud.

Illegitimate Site Redirection

• A software attack that redirects users to an illegitimate site to obtain private information is known as a pharming attack.

Man-in-the-Middle Attack Function

• The primary function of a man-in-the-middle attack is to intercept and potentially alter communication between two parties without their knowledge.

Communications Interception Attack Exclusion

• Denial-of-service attacks, which aim to disrupt network access, are NOT considered communications interception attacks.

Technical Hardware Failure or Error

• Technical hardware failures or errors are typically characterized by unexpected behavior or malfunctions in hardware components.

Network Packet Manipulation in Man-in-the-Middle Attack

• In a man-in-the-middle attack, the attacker intercepts network packets, potentially modifying them before forwarding them to the intended recipient.

Browser Manipulation for Information Gain

• Cross-site scripting (XSS) attacks are primarily focused on obtaining personal information through browser manipulation.

Spoofing Attack Purpose

• A common purpose of a spoofing attack is to gain unauthorized access to systems or resources by impersonating a trusted entity.

Unique Ransomware Characteristic

• A unique characteristic of ransomware compared to other attack types is its demand for payment to decrypt stolen data.

ISP Failures and Organizations

• Internet service provider (ISP) failures can affect organizations by disrupting network connectivity, impacting communication and data access.

Utility Services Impact on Organizations

• Utility services such as water, gas, electricity, and internet can all affect an organization's ability to function if disrupted.

Power Irregularities and Common Issue

• Power irregularities can lead to data corruption or loss, hardware damage, and system downtime.

Electrical Power Sag Definition

• A sag in electrical power availability refers to a temporary decrease in voltage levels.

Power Quality Irregularity Management

• Organizations can manage power quality irregularities by using surge protectors, uninterruptible power supplies (UPS), and proper power management techniques.

Examples of Power Irregularities

• Examples of power irregularities include voltage sags, surges, brownouts, and blackouts.

Outsourced Web Hosting Provider Responsibility

• The primary responsibility of an outsourced web hosting provider is to provide reliable server infrastructure, network connectivity, and data storage for client websites.

Sensitive Electronic Equipment Vulnerability to Power Irregularities

• Sensitive electronic equipment is vulnerable to power irregularities because voltage fluctuations can damage internal components, leading to malfunctions or data loss.

Description

This quiz covers significant information security threats identified in 2015. It examines various vulnerabilities such as blackmail, software failures, SQL injections, and social engineering tactics. Test your knowledge on these crucial issues affecting information assets.