021 Security Concepts - 021.2 Risk Assessment and Management (weight: 2)

Questions and Answers

What is essential for IT security regarding security-related events?

Information must come exclusively from internal sources.

Understanding the market dynamics is sufficient.

Information from various sources is crucial. (correct)

Only manufacturer-provided information is needed.

What type of vulnerabilities are known as 'Zero-Day Vulnerabilities'?

Recently discovered vulnerabilities without available patches. (correct)

Vulnerabilities that affect only obsolete systems.

Vulnerabilities that are widely known and documented.

Vulnerabilities that have been patched.

Which characteristic of Remote Execution vulnerabilities makes them particularly dangerous?

They are usually easy to identify.

They require physical access to the system.

They can be exploited without needing user credentials. (correct)

They affect only systems without network connectivity.

In what scenarios is different information required according to the IT security processes?

During planning, testing, hardening, and defense.

What indicates the high market value of Zero-Day vulnerabilities?

Their exploitation can yield significant benefits for attackers.

Why are systems connected to the Internet particularly vulnerable to Remote Execution?

They are more accessible to attackers.

What is a key component of assessing security gaps?

Analyzing threats and vulnerabilities.

What is the potential risk of Zero-Day vulnerabilities for system administrators?

The vulnerability may go unnoticed until exploited.

What is one of the key characteristics of privilege escalation vulnerabilities?

Increasing permissions beyond original access levels.

What defines untargeted attacks?

Random attacks on potentially vulnerable targets.

What characterizes Advanced Persistent Threats (APTs)?

Well-prepared, long-term attacks on specific entities.

What is the purpose of the Common Vulnerabilities and Exposures (CVE) system?

To catalog vulnerabilities uniformly for identification and sharing.

How is a CVE ID formatted?

CVE-Year-SequenceNumber.

What does the Common Vulnerability Scoring System (CVSS) assess?

The risk associated with specific vulnerabilities.

CVE scores can indicate which risk level for vulnerabilities?

4.0 to 6.9 represents medium risk.

Which of the following represents the highest risk level in CVE scoring?

Critical.

What is one function of an Information Security Management System (ISMS)?

To identify, assess, and manage security risks.

What is the primary role of a Computer Emergency Response Team (CERT)?

To manage and mitigate security incidents

The Information Security Incident Response Plan primarily aims to:

Document procedures and details for handling security incidents.

What distinguishes IT Forensics from other forms of analysis post-incident?

It analyzes systems to uncover specific actions taken during an attack

Which of the following factors does NOT contribute to CVE scoring?

Type of attacker.

What is included in a well-structured Information Security Incident Response Plan?

Documentation of necessary contacts and sensitive information.

What is the goal of a Security Assessment?

To test the effectiveness of existing security measures

What is one consequence of utilizing standardized attack tools in untargeted attacks?

They enable attackers to cast a wider net over potential targets.

What is a key method used in penetration testing (Pentests)?

Using real hacker tools and methods

What is necessary before conducting a penetration test?

Obtaining explicit permission and outlining the scope

What should be evaluated during a Security Assessment?

The effectiveness of security measures and unusual activities

Which statement is incorrect about Certified Computer Security Incident Response Teams (CSIRTs)?

They are primarily involved in creating security software.

Which question is NOT central to IT Forensics?

What was the response time of the IT team?

What type of testing can be part of a Security Assessment?

Automated vulnerability scans

What aspect must be clearly defined in a penetration test agreement?

The scope, objectives, and limitations of the test

Study Notes

Importance of Information in IT Security

• Security-related information is critical for protecting both the organization and its products.
• Information is sourced from various channels and is essential for planning, testing, hardening, defense, and analysis.
• Action plans and improvements are based on this information, particularly for damage control during attacks.
• Manufacturers and suppliers provide crucial data, but additional information can be obtained either internally or from third parties.

Core Characteristics of Security Vulnerabilities

• Analyzing threats and security vulnerabilities is the starting point for security assessment.
• Vulnerabilities exhibit specific properties that help categorize them.
• Many key terms are predominantly in English and not translated in casual discourse.

Zero-Day Vulnerabilities

• Newly discovered vulnerabilities often lack developed patches and defenses.
• High risk due to the unawareness of target vulnerabilities among those responsible.
• High market value as zero-days are efficient attack vectors.

Remote Execution and Remote Exploitation

• Vulnerabilities that can be exploited over a network without needing system access.
• Systems connected to the Internet and open networks are particularly at risk.

Privilege Escalation

• Vulnerabilities can enable attackers with limited permissions to escalate their access.
• This may lead to bypassing security checks and accessing unauthorized functions and data.

Untargeted Attacks

• Random attacks scan networks for potential targets.
• Malware is sent indiscriminately, allowing a low hit rate to reveal many vulnerable targets.
• Standardized tools facilitate rapid experimental attacks, and attackers accept that detection may occur.

Advanced Persistent Threats (APT)

• Tailored attacks aimed at specific targets, often involving comprehensive pre-attack reconnaissance.
• Designed to infiltrate deeply and remain undetected for extended periods, often by professional adversaries or state-affiliated groups.

Common Vulnerabilities and Exposures (CVE)

• CVE is a database and method for cataloging, identifying, evaluating, and disseminating information about security weaknesses.
• Managed by the American National Cybersecurity Federally Funded Research and Development Center (FFRDC), operated by MITRE Corporation.
• The CVE database can be searched online for specific vulnerabilities.

CVE Identifiers and Scores

• Each vulnerability is assigned a unique CVE ID composed of a prefix "CVE", year, and a numeric identifier (e.g., CVE-2019-1213).
• The Common Vulnerability Scoring System (CVSS) rates vulnerability risks, aiding quick assessments and prioritization of defenses.
• CVSS scores range from 0.0 (None) to 10.0 (Critical), helping gauge the severity of vulnerabilities quickly.

Information Security Management System (ISMS)

• Centralizes the management of security-related information and evaluates risks and damage potential.
• Key functions include identifying risks, assessing their likelihood and potential impact, and determining appropriate countermeasures.
• Documentation of findings is essential and often aligns with quality assurance measures like ISO 27000.

Incident Response Planning

• The Information Security Incident Response Plan outlines actionable steps during a security incident.
• Requires approval from top management and centralizes vital information and contacts.
• Sensitive data within must remain confidential while being accessible to response teams during IT outages.

Computer Emergency Response Team (CERT)

• CERTs, an essential group for managing security incidents and minimizing damage, monitor threat conditions and provide alerts.
• Offer recommendations and posture support in addressing security events.
• Large organizations often establish their CERTs; in Germany, CERT-Bund operates under the Federal Office for Information Security (BSI).

IT Forensics

• Following a security incident, reliable information must be collected to track attack methods and consequences.
• IT forensics encompasses the post-attack analysis of systems using various tools.
• Key investigative questions include the method of attack, affected systems, and whether data integrity was compromised.

Security Assessments

• Regular checks of security measures are crucial, known as "Security Assessments."
• Involves automated tools to identify vulnerabilities, simulating attacks, and monitoring logs for unusual activity.

Penetration Testing

• Pentests assess IT infrastructure security by using hacker methodologies and tools.
• Authorization by the organization being tested is mandatory; often conducted by external providers.
• Goals include identifying security shortfalls and testing the effectiveness of existing defenses, keeping tests low-profile to simulate real conditions.

Legal Framework for Pentesting

• It requires a clear legal framework to define the scope, objectives, and permissible actions.
• Detailed agreements must specify if actions may modify data or impact system availability.

Description

Explore essential information regarding IT security and its implications for organizations. This quiz covers the sources of security-relevant events and the varying information needs across different situations such as planning, testing, and defense. Enhance your understanding of how these insights shape security measures.