28 Questions
What is the practice of protecting systems, networks, and programs from digital attacks known as?
Cyber Security
Which of the following poses a risk when authorized users misuse information by altering, deleting, or using data without proper authorization?
Misuse of Information by Authorized Users
What type of threat vector includes situations where malicious attackers, malware, or employee errors result in unauthorized access to sensitive systems or data?
Unauthorized Access
What are the typical assets in an organization that need protection in the context of cyber security?
Systems, Data, and Networks
Which category of threats can result in personally identifiable information (PII) and other sensitive data being leaked?
Data Leaks
What is the meaning of Cyber Security as per the provided text?
Practice of protecting systems, networks, and programs from digital attacks
What potential consequences may poorly configured replication and backup processes result in?
Significant consequences for organizations
What is the purpose of Cyber Security Risk Management within organizations?
To address the most significant risks effectively and promptly
What does the CIA Triad stand for in the context of cybersecurity?
A framework for information security
What does the stage of 'Risk Control' involve in Cyber Security Risk Management?
Mitigating identified risks effectively
What does the Common Vulnerabilities and Exposures (CVE) system provide a reference method for?
Publicly known information security vulnerabilities and exposures
What is the potential impact of poorly configured replication and backup processes?
Resulting in data loss or accidental deletion
What are the potential repercussions of downtime in cybersecurity?
Reputational damage and financial losses
What does the stage of 'Risk Assessment' involve in Cyber Security Risk Management?
Analyzing identified risks to determine likelihood and potential impact
What is phishing?
A form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware
How do phishing attacks often mimic the targeted site?
By observing everything while the victim is navigating the site and transversing security boundaries with the victim
What measures can help prevent or reduce the impact of phishing attacks?
Legislation, user education, public awareness, and technical security measures
What was the first recorded use of the term 'phishing'?
In 1995 in the cracking toolkit AOHell
How has phishing awareness changed in professional settings from 2017 to 2020?
Increased from 72% to 86%
What is the most common type of cybercrime as of 2020?
Phishing
What is the primary goal of most 'bulk attacks' mentioned in the text?
To steal money
What distinguishes 'spear phishing' from general phishing attacks?
It targets specific individuals or organizations with personalized content
What is the primary target of 'whaling' attacks mentioned in the text?
Senior executives and high-profile individuals
What is the main objective of 'CEO fraud' as described in the text?
To trick employees into sending money to an offshore account
What characterizes 'clone phishing' according to the text?
Copying and modifying legitimate emails to contain malicious content
What is the common focus of 'bulk attacks', 'spear phishing', 'whaling', CEO fraud', and 'clone phishing'?
Targeting individuals or organizations with fraudulent content
What is the primary purpose of social engineering attacks as mentioned in the text?
To target executives and employees with customized content
Which demographic group was found to have the highest susceptibility to simulated phishing links in the study mentioned in the text?
Older women
Study Notes
Cyber Security Fundamentals
- Cyber Security is the practice of protecting systems, networks, and programs from digital attacks.
Insider Threats
- Authorized users misusing information by altering, deleting, or using data without proper authorization pose a risk.
Threat Vectors
- Threat vectors include situations where malicious attackers, malware, or employee errors result in unauthorized access to sensitive systems or data.
Assets to be Protected
- Typical assets in an organization that need protection include sensitive systems and data.
Threat Categories
- One category of threats can result in personally identifiable information (PII) and other sensitive data being leaked.
Cyber Security Meaning
- Cyber Security refers to the protection of systems, networks, and programs from digital attacks.
Consequences of Poorly Configured Replication and Backup Processes
- Poorly configured replication and backup processes can result in data loss and other consequences.
Cyber Security Risk Management
- The purpose of Cyber Security Risk Management is to manage risks within organizations.
CIA Triad
- The CIA Triad stands for Confidentiality, Integrity, and Availability in the context of cybersecurity.
Risk Control and Risk Assessment
- The stage of 'Risk Control' involves implementing measures to mitigate or reduce risks.
- The stage of 'Risk Assessment' involves identifying and evaluating risks.
Common Vulnerabilities and Exposures (CVE)
- The CVE system provides a reference method for known vulnerabilities and exposures.
Impact of Downtime
- Downtime can result in financial losses, reputational damage, and other consequences.
Phishing Attacks
- Phishing is a type of cybercrime where attackers attempt to trick victims into divulging sensitive information.
- Phishing attacks often mimic the targeted site to appear legitimate.
- Measures to prevent or reduce the impact of phishing attacks include training, awareness, and technical controls.
- The first recorded use of the term 'phishing' was in 1996.
- Phishing awareness in professional settings has increased from 2017 to 2020.
- Phishing is the most common type of cybercrime as of 2020.
Types of Phishing Attacks
- Bulk attacks involve sending large-scale phishing emails to many recipients.
- Spear phishing is a targeted attack on a specific individual or group.
- Whaling attacks target high-profile individuals such as CEOs or CFOs.
- CEO fraud involves impersonating a CEO or other executive to trick employees into divulging sensitive information.
- Clone phishing involves creating a fake email that appears to be a clone of a legitimate email.
Social Engineering
- The primary purpose of social engineering attacks is to trick individuals into divulging sensitive information.
Susceptibility to Phishing
- The demographic group found to have the highest susceptibility to simulated phishing links in a study was millennials.
Test your knowledge on the basics of cyber security and risk management with this quiz. The quiz covers topics such as the meaning of cyber security and the practice of protecting systems, networks, and programs from digital attacks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free