Introduction to Cybersecurity Concepts

Questions and Answers

What are the three key elements necessary for achieving cybersecurity?

• People, Plans, Tools
• People, Policies, Technologies (correct)
• People, Procedures, Protocols
• People, Platforms, Procedures

Which of the following is NOT typically included as an endpoint device requiring protection?

• Email servers (correct)
• Computers
• Routers
• Smart devices

Which technology is commonly used to protect against malicious software?

• Next-generation firewalls
• Antivirus software (correct)
• DNS filtering
• Encryption protocols

What is defined as a vulnerability in cybersecurity?

A weakness in the security system (A)

What is the role of a control in cybersecurity?

To remove or reduce a vulnerability (A)

Which of the following describes a 'threat' in cybersecurity?

A set of circumstances that has the potential to cause loss or harm (B)

Which of the following best describes the purpose of policies in cybersecurity?

To outline frameworks for addressing cyber attacks (C)

What type of tool is typically used to filter out malicious websites in cybersecurity?

DNS filtering (B)

What does privilege escalation refer to?

Gaining elevated access through programming errors (C)

Which of the following is NOT a method used to ensure confidentiality?

Checksums (D)

What is an important aspect of maintaining data integrity?

File permissions and user access controls (C)

What best describes the purpose of backups in data management?

To restore affected data to its correct state (A)

Which of the following refers to the assurance that information is reliable and accurate?

Integrity (D)

What is two-factor authentication primarily designed to enhance?

Security of user access (D)

Which method helps verify that data has not been maliciously altered?

Checksums (A)

What does the 'authorization' step in AAA services define?

Granting or denying access to resources (A)

Which security method entails carrying a device to authorize network access?

Security tokens (B)

Which element is responsible for logging system events for auditing purposes in AAA?

Auditing (A)

What does 'encryption' primarily aim to achieve in data communication?

Hiding the communication's intent (A)

What is one of the main threats to data availability?

Environmental issues (B)

What is the primary purpose of two-factor authentication?

To enhance login security (A)

What is a common symptom of malware activity?

Problems connecting to networks (A)

What is a primary function of ransomware?

To encrypt files and demand payment for decryption (D)

What countermeasure can effectively reduce malware risks?

Regularly updating anti-virus definitions (B)

Which attack involves deceiving users into revealing sensitive information?

Phishing (C)

Which of the following is an example of social engineering?

Pretending to be customer service to gather information (A)

What is the primary goal of confidentiality in cybersecurity?

To protect sensitive information from unauthorized access (A)

Which practice is considered a countermeasure against social engineering attacks?

Strong password policies (B)

What type of phishing targets specific individuals or organizations?

Spear Phishing (D)

Which of the following describes a zero-day attack?

An attack that is unknown to security teams or users (C)

What does eavesdropping refer to in cybersecurity?

Interception of digital communications by unauthorized individuals (B)

Which method can be used to protect confidentiality?

Data encryption (A)

What is a primary characteristic of baiting in social engineering?

Promising rewards to the victim (B)

What is a common action taken in a port scanning attack?

Sending messages to learn about available services on a network (B)

Which of the following is a form of voice phishing?

Vishing (A)

What defines an asset in an organization?

Any element that holds value for the organization (A)

Which of the following best describes 'threat modeling'?

A systematic approach to identify and analyze potential threats (B)

What characterizes a proactive approach in threat modeling?

Implementing defenses based on predicted threats (D)

What is the main goal of risk management in an organization?

To reduce or eliminate vulnerabilities and their impacts (C)

How is a vulnerability defined within cybersecurity?

The lack of a safeguard or a system weakness (B)

Who is considered a threat agent?

An entity that initiates a threat (C)

What is the purpose of a control in cybersecurity?

To prevent threats from exploiting vulnerabilities (D)

What approach is labeled as an adversarial approach in threat modeling?

Analyzing threats post-deployment (B)

What is a primary responsibility of the governance committee in security management?

Oversee and guide security actions (C)

Which approach is most effective for security management planning?

Top-down approach (A)

What is the focus of a strategic security plan?

To define an organization's security purpose (C)

Which of the following plans is described as a short-term and highly detailed plan?

Operational Plan (A)

Who is responsible for reporting directly to senior management within the security team?

Chief Information Security Officer (B)

What should a tactical plan primarily provide?

Specific tasks to achieve strategic goals (B)

How often must operational plans be updated to remain compliant with tactical plans?

Monthly or quarterly (B)

What type of risk assessment is typically included in a strategic plan?

Long-term risk assessment (C)

Which of the following is NOT a responsibility of the security management planning team?

Developing financial projections (D)

What document should be concrete, well defined, and clearly stated in a strategic plan?

Security policy (A)

What does the term 'spoofing' primarily relate to in the STRIDE model?

Pretending to be someone else (C)

Which of the following best describes the term 'tampering' within the STRIDE framework?

Modifying data without authorization (D)

In the context of security governance, what does 'transparency' imply?

Openness and clarity in actions (B)

Which threat is associated with 'information disclosure' in the STRIDE model?

Unauthorized data access (D)

What is the primary risk addressed by the threat of 'elevation of privilege'?

Transforming a limited user account into a more privileged account (B)

What is the purpose of integrating security assessments into supply chain practices?

To ensure product quality (A)

Which principle does accountability emphasize in security governance?

Providing sound reasoning for actions (D)

What characterizes a secure supply chain?

Reliability of vendors and their security practices (D)

What is the common approach to mitigate 'denial of service' attacks?

Implementing load balancers and increased capacity (A)

How does the STRIDE model categorize threats?

Through a systematic classification of attack types (A)

Which of the following best defines 'reputation' in relation to security governance?

The credibility of an organization’s practices (D)

What type of analysis is crucial when applying security in the supply chain?

Security assessment of connections (A)

What does the threat of 'repudiation' in the STRIDE framework imply?

Claiming one did not perform an action (B)

Why is security in governance considered a business operations issue?

It requires comprehensive management beyond IT staff (A)

Study Notes

Cybersecurity Fundamentals

• Cybersecurity combines three key pillars: people, policies, and technologies.
• People need to understand data security principles such as strong password creation, cautious email usage, and data backup.
• Policies establish how organizations handle cyber threats and attacks.
• Technology provides essential tools for protecting against cyber attacks.

Key Entities to Protect

• Endpoint devices: includes computers, smart devices, and routers.
• Networks: safeguard interconnected devices.
• Cloud and data centers: housing critical data and applications.

Common Protective Technologies

• Next-generation firewalls.
• DNS filtering.
• Malware protection and antivirus software.
• Email security solutions.

Vulnerabilities, Threats, and Countermeasures

• Vulnerability: a weakness in security systems that can be exploited.
• Threat: a circumstance that poses potential harm or loss.
• Controls: protective measures to mitigate vulnerabilities, including actions and procedures.

Malware Symptoms

• Increased CPU usage and slow computer performance.
• Network connectivity issues and system crashes.
• Appearance of unusual files or abnormal computer behavior.
• Automated emails sent without user initiation.

Malware Countermeasures

• Use high-quality antivirus software with up-to-date virus definitions.
• Exercise caution when opening unsolicited email attachments or downloading files.
• Regularly back up data to prevent loss.

Types of Cybersecurity Threats

• Ransomware: malware that locks and encrypts files, demanding payment for decryption.
• Social engineering: manipulation techniques to trick users into divulging confidential information.
• Phishing: fraudulent emails mimicking legitimate sources to steal sensitive data.
• Spear phishing/whaling: targeting specific individuals or organizations.
• Angler phishing: exploiting social media trust to capture personal information.
• Vishing/Smishing: phishing via voice calls and SMS, respectively.
• Pharming: misdirecting users to fraudulent websites silently.
• Pretexting: using fabricated stories to gain victim trust for information extraction.
• Baiting: enticing victims with tempting offers.
• Tailgating: unauthorized entry by following authorized individuals.
• Doxing: publicizing personal information online to harm individuals.
• Zero-Day Attack: exploiting previously unknown vulnerabilities.
• Reverse Social Engineering: deceiving the target into believing they need help.

Security Awareness and Education

• Implement strong password policies and periodic changes.
• Conduct effective training programs to increase awareness of cyber threats.
• Classification of information based on sensitivity.
• Enforce two-factor authentication for added security.

CIA Triad: Confidentiality, Integrity, Availability

• Confidentiality: measures to protect sensitive information from unauthorized access.
• Integrity: assurance that data remains accurate and reliable.
• Availability: ensuring authorized users can access information when needed.

Ensuring Confidentiality

• Utilize encryption, access control, and steganography to safeguard data secrecy.
• Awareness of attacks like eavesdropping, sniffing, and shoulder surfing that violate confidentiality.

Maintaining Data Integrity

• Use file permissions, user access controls, and version control to protect data.
• Implement cryptographic checksums to verify file integrity over time.

Ensuring Availability of Data

• Protect against threats such as device failures and Denial-of-Service attacks.
• Store backup copies in geographically isolated locations to prevent data loss.

AAA Services: Authentication, Authorization, Accounting

• Identification: claiming an identity when accessing systems.
• Authentication: verifying the claimed identity.
• Authorization: defining resource access permissions for specific identities.
• Auditing: logging activities to monitor compliance.
• Accounting: reviewing logs to hold individuals accountable for actions.

Protection Mechanisms

• Layering/Defense in Depth: using multiple security controls to enhance protection.
• Abstraction: efficiently grouping elements with similar security needs.
• Data Hiding: obscuring data from unauthorized users.
• Encryption: ensuring sensitive information is not accessible to unintended recipients.

Asset, Threat, Vulnerability, and Risk Elements

• Asset: Valuable elements for an organization, including resources, processes, and infrastructure requiring protection.
• Threat: Any potential event capable of causing unwanted impact on an organization.
• Attack: An actual event that results in unwanted consequences for an organization.
• Vulnerability: Lack of safeguards or system weaknesses that can be exploited by threats.
• Threat Agent: An individual or process that initiates a threat.
• Exploit: Occurs when a threat agent leverages a vulnerability.
• Risk: The possibility of a threat exploiting a vulnerability, leading to asset damage.
• Risk Elements: Include Threat, Vulnerability, Asset, and Damage.

Threat Modeling

• Purpose: Security process for identifying, categorizing, and analyzing potential threats.
• Proactive Approach: Defensive strategy that includes threat prediction during design and development phases.
• Reactive Approach: Adversarial strategy applied post-deployment to address threats.

Identifying Threats

• Methods:
  • Focused on Assets: Identifying threats based on asset valuation.
  • Focused on Attackers: Identifying threats by analyzing potential attackers and their goals.
  • Focused on Software: Evaluating software for potential threats.
• Steps:
  • Identify involved technologies.
  • Analyze potential attacks on each technology element.
  • Determine prevention measures by anticipating issues.

STRIDE Threat Model

• Developed by Microsoft for classifying threats.
• Components:
  • Spoofing: Gaining unauthorized access through false identity.
  • Tampering: Unauthorized modifications of data.
  • Repudiation: Denying performed actions.
  • Information Disclosure: Unwanted sharing of confidential information.
  • Denial of Service (DoS): Disabling resource access for legitimate users.
  • Elevation of Privilege: Unauthorized escalation of user permissions.
• Threat Properties Violated: Reflects spoofing, tampering, repudiation, disclosure, DoS, and elevation against authentication, integrity, non-repudiation, confidentiality, availability, and authorization.

Supply Chain Security Concepts

• Definition: A network connecting a company with suppliers for product distribution.
• Secure Supply Chain: Involves reliable and trustworthy vendors ensuring quality and integrity in products.
• Security Assessments: Vital for both product design and third-party interactions.

Security Governance Principles

• Importance: Governance practices direct the security efforts of an organization.
• Core Principles:
  • Credibility: Trustworthiness and believability.
  • Transparency: Openness in actions.
  • Accountability: Responsibility and justification for actions.

Evaluating Security Governance

• Complexity: Governance issues increase in a global market with varying laws.
• Security Management: Should involve more than just IT; it is critical for business operations.
• Management Strategy: Commonly overseen by a governance committee or board, utilizing frameworks like NIST 800-53.

Security Function Alignment

• Security Management Planning: Aligns security functions with organizational strategy and objectives.
• Top-Down Approach: Senior management establishes policies guiding security efforts.
• CISO Role: Chief Information Security Officer responsible for cybersecurity, reporting directly to management.

Security Policy Development and Implementation

• Plans Developed:
  • Strategic Plan: Long-term stability, aligning security purpose with organizational goals, updated annually.
  • Tactical Plan: Midterm details on achieving strategic goals, often for about a year.
  • Operational Plan: Short-term, highly detailed, updated frequently to ensure compliance with tactics.

Example of Policy Plans

• Strategic Goal: Educate 100% of users by 2025.
• Tactical Goal: Train 30% of users by the end of 2021.
• Operational Steps:
  • Contract training program development.
  • Conduct training sessions.
  • Implement assessments to ensure knowledge retention.
  • Execute mock attacks for applied learning.
  • Finalize training reports.

Description

Explore the fundamental principles of cybersecurity, focusing on the three key pillars: People, Policies, and Technologies. This quiz will test your understanding of essential security practices and organizational frameworks. Learn how to secure data and recognize the importance of robust cybersecurity measures.