Introduction to Cyber Security and Risk Management Quiz

Questions and Answers

What is the practice of protecting systems, networks, and programs from digital attacks known as?

Information Technology

Network Defense

Digital Protection

Cyber Security (correct)

Which of the following poses a risk when authorized users misuse information by altering, deleting, or using data without proper authorization?

Misuse of Information by Authorized Users (correct)

Malware Attacks

Data Leaks

Unauthorized Access

What type of threat vector includes situations where malicious attackers, malware, or employee errors result in unauthorized access to sensitive systems or data?

External Breaches

Data Leaks

Insider Threats

Unauthorized Access (correct)

What are the typical assets in an organization that need protection in the context of cyber security?

Systems, Data, and Networks

Which category of threats can result in personally identifiable information (PII) and other sensitive data being leaked?

Data Leaks

What is the meaning of Cyber Security as per the provided text?

Practice of protecting systems, networks, and programs from digital attacks

What potential consequences may poorly configured replication and backup processes result in?

Significant consequences for organizations

What is the purpose of Cyber Security Risk Management within organizations?

To address the most significant risks effectively and promptly

What does the CIA Triad stand for in the context of cybersecurity?

A framework for information security

What does the stage of 'Risk Control' involve in Cyber Security Risk Management?

Mitigating identified risks effectively

What does the Common Vulnerabilities and Exposures (CVE) system provide a reference method for?

Publicly known information security vulnerabilities and exposures

What is the potential impact of poorly configured replication and backup processes?

Resulting in data loss or accidental deletion

What are the potential repercussions of downtime in cybersecurity?

Reputational damage and financial losses

What does the stage of 'Risk Assessment' involve in Cyber Security Risk Management?

Analyzing identified risks to determine likelihood and potential impact

What is phishing?

A form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware

How do phishing attacks often mimic the targeted site?

By observing everything while the victim is navigating the site and transversing security boundaries with the victim

What measures can help prevent or reduce the impact of phishing attacks?

Legislation, user education, public awareness, and technical security measures

What was the first recorded use of the term 'phishing'?

In 1995 in the cracking toolkit AOHell

How has phishing awareness changed in professional settings from 2017 to 2020?

Increased from 72% to 86%

What is the most common type of cybercrime as of 2020?

Phishing

What is the primary goal of most 'bulk attacks' mentioned in the text?

To steal money

What distinguishes 'spear phishing' from general phishing attacks?

It targets specific individuals or organizations with personalized content

What is the primary target of 'whaling' attacks mentioned in the text?

Senior executives and high-profile individuals

What is the main objective of 'CEO fraud' as described in the text?

To trick employees into sending money to an offshore account

What characterizes 'clone phishing' according to the text?

Copying and modifying legitimate emails to contain malicious content

What is the common focus of 'bulk attacks', 'spear phishing', 'whaling', CEO fraud', and 'clone phishing'?

Targeting individuals or organizations with fraudulent content

What is the primary purpose of social engineering attacks as mentioned in the text?

To target executives and employees with customized content

Which demographic group was found to have the highest susceptibility to simulated phishing links in the study mentioned in the text?

Older women

Study Notes

Cyber Security Fundamentals

• Cyber Security is the practice of protecting systems, networks, and programs from digital attacks.

Insider Threats

• Authorized users misusing information by altering, deleting, or using data without proper authorization pose a risk.

Threat Vectors

• Threat vectors include situations where malicious attackers, malware, or employee errors result in unauthorized access to sensitive systems or data.

Assets to be Protected

• Typical assets in an organization that need protection include sensitive systems and data.

Threat Categories

• One category of threats can result in personally identifiable information (PII) and other sensitive data being leaked.

Cyber Security Meaning

• Cyber Security refers to the protection of systems, networks, and programs from digital attacks.

Consequences of Poorly Configured Replication and Backup Processes

• Poorly configured replication and backup processes can result in data loss and other consequences.

Cyber Security Risk Management

• The purpose of Cyber Security Risk Management is to manage risks within organizations.

CIA Triad

• The CIA Triad stands for Confidentiality, Integrity, and Availability in the context of cybersecurity.

Risk Control and Risk Assessment

• The stage of 'Risk Control' involves implementing measures to mitigate or reduce risks.
• The stage of 'Risk Assessment' involves identifying and evaluating risks.

Common Vulnerabilities and Exposures (CVE)

• The CVE system provides a reference method for known vulnerabilities and exposures.

Impact of Downtime

• Downtime can result in financial losses, reputational damage, and other consequences.

Phishing Attacks

• Phishing is a type of cybercrime where attackers attempt to trick victims into divulging sensitive information.
• Phishing attacks often mimic the targeted site to appear legitimate.
• Measures to prevent or reduce the impact of phishing attacks include training, awareness, and technical controls.
• The first recorded use of the term 'phishing' was in 1996.
• Phishing awareness in professional settings has increased from 2017 to 2020.
• Phishing is the most common type of cybercrime as of 2020.

Types of Phishing Attacks

• Bulk attacks involve sending large-scale phishing emails to many recipients.
• Spear phishing is a targeted attack on a specific individual or group.
• Whaling attacks target high-profile individuals such as CEOs or CFOs.
• CEO fraud involves impersonating a CEO or other executive to trick employees into divulging sensitive information.
• Clone phishing involves creating a fake email that appears to be a clone of a legitimate email.

Social Engineering

• The primary purpose of social engineering attacks is to trick individuals into divulging sensitive information.

Susceptibility to Phishing

• The demographic group found to have the highest susceptibility to simulated phishing links in a study was millennials.

Description

Test your knowledge on the basics of cyber security and risk management with this quiz. The quiz covers topics such as the meaning of cyber security and the practice of protecting systems, networks, and programs from digital attacks.