Information Systems Security and Threats

Questions and Answers

What makes information theft generally invisible to defenders?

There are clear signs of compromise.

Physical assets are also compromised at the same time.

Information theft often occurs in public spaces.

It typically goes unnoticed unless specifically searched for. (correct)

Which of the following is a reason for underestimating the risk of information compromise?

Compromised assets are often destroyed.

Physical assets are monitored more actively.

Information theft can be easily detected.

The compromised information remains intact and accessible. (correct)

What type of attack did Keith Rhodes’ team use against a US Government department?

Self-inflicted DDoS attack (correct)

Virus deployment

Phishing attacks

Brute force password cracking

According to Rhodes, how secure are user IDs and passwords for protecting SCADA systems?

Inadequate, as they can be broken in 24 hours.

What is one of the primary causes of information loss in organizations?

Negligence or ignorance.

What vulnerability is introduced by insiders using flash drives?

Accidental introduction of malware.

Which of the following factors increases the risk of information compromise?

Multi-tenancy buildings with shared infrastructure.

What is commonly associated with social engineering attacks?

Manipulating individuals into revealing sensitive information.

What is a major concern regarding information security in many British companies?

Dependence on the honesty and integrity of staff.

Which of the following practices does NOT contribute to vulnerabilities in information protection?

Using a unique password for different platforms.

How does Chris Davy describe the level of information protection in cases where leaks have occurred?

Reckless.

What risky behavior is commonly observed among employees according to Ponemon (2012)?

Reusing the same password across different sites.

What is one of the top risky practices identified by Ponemon regarding mobile device use?

Using personally-owned devices for work tasks.

Which common vulnerability arises from failing to delete unnecessary information on computers?

Potential for data breaches.

What action should be taken immediately if a USB drive containing confidential data is lost?

Notify the organization immediately.

What is a consequence of leaving computers unattended in public spaces?

Increased chances of data theft.

Which of the following is not considered an adversary route to information disclosure?

Automated software vulnerabilities

What is the primary factor affecting the security of information in most companies?

The actions of the staff

What type of risk is predominantly associated with information theft today?

Insider risk

Which of the following is considered a countermeasure against interception of wireless communication?

Use of encryption technologies

In the context of information security, what do insiders pose a risk of?

Malicious intent or inadvertent disclosure

What two types of insiders might collaborate in information disclosure?

Insiders and outsiders

What should organizations recognize about wireless communication in comparison to wired communications?

Wireless communication is inherently less secure

What historical contract existed between employers and employees regarding security?

Loyalty for security

What is one method that foreign intelligence services (FIS) may use to intercept communications?

Intercepting 100% of SMS messages and emails

Which of the following methods is NOT typically used by foreign intelligence services for espionage?

Conducting open public demonstrations

What is a tactic FIS might use during security trade shows?

Setting up booths as front companies

One method FIS could use to gain access to sensitive data includes:

Using temporary research students for information gathering

Which sector is particularly vulnerable to foreign intelligence services?

Critical national infrastructure (CNI)

What could be a reason for FIS to conduct surreptitious entry?

To gather intelligence and access sensitive areas

How might FIS attempt to gain information through corporate partnerships?

By proposing joint ventures or mergers

Which of the following is a reported method of hacking employed by FIS?

Circumventing security software over Wi-Fi networks

What is considered to be a more effective method of valuing regular assets than book value?

Criticality assessment

What unique characteristic complicates the detection of information theft?

Theft often involves copying, sharing, or disclosing information

Which factor is NOT commonly used to value information?

Historical significance of the information

What can be a potential consequence of information theft for an organization?

Loss of clients and reputation damage

Why is it complicated to take stock of an organization's information assets?

Most sensitive information exists in individuals' memories

Which of the following is a consequence organizations face during and after an information incident?

Costs associated with notifying affected customers

What aspect of information valuation poses challenges compared to regular asset valuation?

The inability to track the copy of stolen information

What could be a significant indirect cost resulting from information theft for an organization?

Increased expenses for hiring data forensics specialists

Which category of employees can be targeted by agents of FIS?

Support employees such as secretaries and technicians

What is a primary characteristic of information brokers?

They blend into business settings and network with professionals

What methods do information brokers use to obtain information?

Open-source gathering and targeted social engineering

How can the tactics of information brokers be categorized?

Ethicality on a continuum from legitimate to deceitful methods

Why might lower-ranking employees be more vulnerable to FIS manipulation?

Their lower pay and rank may make them susceptible to offers

Where are information brokers likely to be found networking?

At professional conferences and seminars

Which of the following suggests that information brokers can exploit vulnerabilities?

They can bypass traditional cybersecurity measures

What is the role of the oil and gas industry concerning information brokers?

It is one of the sectors that suffers from information brokers

Study Notes

Introduction

• Information and intellectual capital are more valuable to enterprises than physical assets.
• Most organizations believe their information systems are secure, but in reality, they're not.

Threats to Information

• Adversaries relentlessly target sensitive data.
• Methods include theft, solicitation, inadvertent disclosure, and hostile interception.
• The internet, a crucial communication tool, is also a primary attack and espionage vector.
• National borders and legal jurisdictions create significant challenges.
• Foreign government agencies engage in significant espionage to gain economic advantage.
• Industrial espionage exists between companies, even allies, with information theft as a central tactic.
• Employees and ex-employees can easily steal trade secrets via flash drives or cloud uploads.

Competitive Intelligence

• Competitive intelligence (CI) involves market analysis, competitor profiling, and surveillance for company advantage.
• A fine line exists between legitimate competitive analysis and illegal data acquisition.
• Cyber sabotage, such as data corruption or denial of access, can harm operations more than theft.
• The WannaCry ransomware attack crippled systems in over 150 countries.

The CIA Triad

• Confidentiality: Only authorized personnel can access information.
• Integrity: Information is unaltered and accurate.
• Availability: Authorized users have uninterrupted access to information.

The Information Lifecycle

• Information's value may change over its lifecycle.
• Handwritten notes, for instance, can become digital files and be stored on various platforms.
• Security should be maintained at every stage.

Information Theft and the Law

• Legal approaches to protecting information vary by jurisdiction (most notably between UK and US).
• Intellectual Property (IP) protection includes patents, trademarks, and copyrights.
• Protecting trade secrets is a significant legal concern.

The Adversaries

• Insider threats are common, and often more damaging than external ones.
• Departing employees, who retain considerable company knowledge, represent a major risk category.
• Disgruntled employees pose a significant risk.
• Contract workers and partners can access and/or transfer information.

The Insider Threat

• Malicious insiders are current or former employees, or business partners with unauthorized access compromising information.
• Reasons include financial gain, dispute with the company or desire to sabotage.
• Insider threats are a considerable concern, particularly among those departing the organization.

Operational Security (OpSec)

• OpSec protects innocuous information that could reveal valuable organizational data.
• Secure handling of documents, materials, and interactions is crucial during off-site activities and business dealings.
• Careful planning, maintenance of documentation and regular audits and testing are required.

Incident Response and Investigations

• Preparing for a cybersecurity incident by outlining clearly defined roles and responsibilities is important.
• Regular rehearsals and simulations will assist with preparedness and efficient crisis management.
• Swift reporting and a thorough documentation process are key to incident resolution.

Bibliography and Further Reading

• A variety of sources (from government agencies and private institutions) are provided for more in- depth study.

Description

This quiz explores the critical aspects of information systems security and the threats they face. It discusses the value of intellectual capital over physical assets and examines various methods of data theft and espionage. Test your understanding of competitive intelligence and the challenges organizations face in safeguarding sensitive data.