Security Awareness: Introduction to Security

Questions and Answers

What is a primary challenge in securing information?

• The decreasing sophistication required to launch cyberattacks.
• The rapidly evolving and diverse nature of attacks. (correct)
• The lack of awareness among security professionals about new threats.
• The existence of a single, all-encompassing security solution.

A company experiences a data breach that results in significant financial losses and customer attrition. Which aspect of 'Today's Attacks' does this scenario exemplify?

• The increasing sophistication of malware targeting macOS systems.
• The growing threat to personal medical devices as targets for attackers.
• The substantial financial impact and potential for customer loss. (correct)
• The rise in car hacking incidents compromising vehicle electronic systems.

A credit provider in Belgium had customer information stolen, and attackers threatened to publish the information if their demands were not met. What is the immediate implication of such an attack?

• The vulnerability of car electronic systems to hacking.
• The potential compromise of personal medical devices.
• The risk of preexistent malware on imported devices.
• The exposure of sensitive customer data and potential financial extortion (correct)

What aspect of security makes it difficult to defend against attacks?

The weak security-update distribution. (C)

Why is common information security terminology important?

It helps in creating defenses for computers. (D)

A company decides to implement multi-factor authentication for all employee accounts. How does this relate to the 'AAA' framework?

It strengthens authentication by providing multiple verification methods. (A)

According to one definition, what is information security meant to protect?

The integrity, confidentiality, and availability of information. (B)

What are the three layers that protect information?

Products, People, and Policies and Procedures (C)

An organization identifies a flaw in its web server software that could allow unauthorized access to sensitive data. In the context of information security terminology, what is this flaw known as?

Vulnerability (D)

A security analyst discovers that a malicious actor has successfully leveraged a known buffer overflow vulnerability to install malware on a critical system. What is this scenario?

Exploit (D)

A company decides to discontinue using a vulnerable software application. Which risk option is the company employing?

Avoid (D)

An organization implements strong access controls, encryption, and regular backups to reduce the risk of unauthorized access or data breaches. What risk management strategy is it using?

Mitigate (C)

A healthcare provider assesses the impact and likelihood of a data breach by assigning a risk level based on potential financial losses, reputational damage, and regulatory fines. What do these considerations reflect?

Risk Assessment (C)

Which of the following is an example of 'preventing data theft' as a goal of information security?

Implementing stricter password requirements and multi-factor authentication. (A)

Which legal act focuses on protecting the privacy of student education records?

FERPA (A)

A large-scale attack on a country's banking infrastructure causes widespread panic and significant financial disruption. Which type of threat does this scenario represent?

Cyberterrorism (D)

Cybercriminals are often located in which regions?

Regions like Eastern Europe, Asia, and developing countries. (A)

Cybercriminals meet in hidden online forums to do which of the following?

Exchange information, buy/sell stolen data, and coordinate. (A)

An individual uses freely available hacking tools and tutorials to launch a Distributed Denial of Service (DDoS) attack against a popular website for the thrill of it. What type of attacker best describes this individual?

Script Kiddie (A)

Which statement best characterizes 'spies' in the context of information security?

They are hired to attack a specific computer or system. (D)

What is a common motivation for insider attacks?

Financial gain, often through the theft of sensitive data. (B)

Which activity aligns with the goals of cyberterrorists?

Launching DDoS attacks against financial institutions. (A)

What characterizes hacktivists?

Ideology. (B)

What is the primary difference between hacktivists and cyberterrorists?

Hacktivists’ activities are primarily motivated by political or social ideology. (B)

What is a key indicator that a government agency might be involved in a cyberattack?

The attack targets a specific individual or group of dissidents. (D)

A company implements a firewall to prevent unauthorized access to its network. Which element of a comprehensive security strategy does this represent?

Block Attacks (A)

An organization regularly applies security patches to its operating systems and software applications. How does this practice contribute to a comprehensive security strategy?

By ensuring defenses adapt to evolving threats for updated protection. (A)

An organization creates redundant systems, implements regular data backups, and develops a detailed disaster recovery plan. Which element of a comprehensive security strategy is being addressed?

Minimizing Losses (C)

An organization implements end to end encryption. What is the organization doing?

Protecting confidentiality by scrambling data. (B)

What is a goal of information security?

Protecting integrity, confidentiality, and promoting productivity. (D)

Which factor distinguishes cybercriminals from other types of attackers?

Their primary goal is financial gain. (D)

A company transfers the risk of data breach losses to a third-party insurance provider. Which risk response strategy does this represent?

Risk Transfer (D)

An attacker sends bogus emails to an account owner's contacts asking them to wire money. Which scenario does this exemplify?

Email account compromised. (B)

What difficulties exist for those defending against attacks?

Vendors are overwhelmed trying to keep pace by updating their products. (A)

You access online banking, but you do so using an unsecured public Wi-Fi network. What aspect of information security are you in danger of compromising?

Confidentiality (A)

Which of the following is an example of security being inversely proportional to convenience?

Implementing multi-factor authentication that requires more steps to log in. (D)

A denial-of-service attack overwhelms a company's web servers, making its website unavailable to customers. Which element of the CIA triad is MOST directly affected by this attack?

Availability (C)

Flashcards

Information security definition

Protecting digital information by ensuring confidentiality, integrity, and availability.

What is an asset?

Something that has value; could be data or a physical device.

What is a threat?

A negative event exploiting a vulnerability.

What is a Threat agent

Something or someone carrying out the threat.

What is a vulnerability?

A flaw or weakness that can be exploited.

What is an exploit?

Taking advantage of a vulnerability.

What is Risk?

Likelihood of loss or damage from a threat.

Risk Option: Avoid

Eliminate the cause of the risk.

Risk Option: Accept

Acknowledge the risk & no action's taken.

Risk Option: Mitigate

Reduce likelihood or impact of the risk.

Risk Option: Transfer.

Shift the risk to a third party.

Goals of Information Security

Preventing data theft, identity theft, and cyberterrorism.

Who are cybercriminals?

People who launch attacks against other users and their computers

Who are script kiddies?

Attackers who lack necessary knowledge; use automated software.

Spies

People hired to break into computers and steal information.

Who are Insiders?

Organization's own employees, contractors, or business partners.

Cyberterrorists

Attackers who deface info, spread propaganda and cause outages

Hacktivists

Motivated by ideology to attack websites

Key Elements of Security Strategy

Block attacks, update defenses, minimize losses, send secure information.

Block Attacks

High wall to block entry.

Update Defenses

Continually update defenses.

Minimize Losses

Have backup plans in the event disaster strikes.

Securing information

Scramble all your data or make a secure connection.

Information Security Definition

Task of securing information in a digital format.

What is Security?

Necessary steps to protect a person or property from harm.

Confidentiality

The state of keeping or being kept secret or private

What is Integrity?

Assurance that information is accurate and reliable.

What is Availability?

Ensuring timely and reliable access to information.

Access Control Framework (AAA)

A framework for managing access to resources

Authentication

Proving who you are.

Authorisation

Access only what you need to do your job

Accountability

Report who did what, where and when

Security vs Convenience

Security increases, convenience decreases

Study Notes

About the Presentations

• The presentations are designed to align with the learning objectives outlined at the beginning of each chapter.
• Chapter objectives are listed at the start of each presentation for clarity.
• The presentations are customizable to meet specific class requirements.
• Figures from the textbook chapters are incorporated. A complete image set is available on the Instructor Resources disc.

Security Awareness: Introduction to Security

• Completion of the Intro to Security chapter will enable students to:
  • Describe the difficulties associated with securing information.
  • Define information security and explain its importance.
  • Identify common types of attackers.
  • Be able to describe the process of building a security strategy.

Challenges of Securing Information

• Protecting computers and data is difficult.
• There are numerous and varied types of attacks.
• Defending against attacks presents several challenges.

Today's Attacks

• Businesses are subject to data breaches that can result in significant financial and reputational damage.
  • The average cost of a business data breach is $7.2 million.
• Cybercrime affects over 400 million adults annually, costing an estimated $388 billion in time and money.
• There is the threat of malware being preinstalled on devices imported into the U.S. and sold.
• Personal medical devices are potential attack targets.
• Car hacking involves breaking into a car's electronic systems.
• Email account compromises can lead to financial loss. Attackers send fraudulent emails to contacts requesting money.
• Nigerian 419 Advance Fee Fraud is a top internet scam that has cost victims $41 billion to date.

Difficulties in Defending Against Attacks

• Universally connected devices: Attackers can launch attacks from anywhere in the world.
• Increased speed of attacks: Attacks can target millions of computers within minutes.
• Greater sophistication of attacks: Attack tools vary their behavior to evade detection.
• Availability and simplicity of attack tools: Attacks are no longer limited to highly skilled attackers.
• Faster detection of vulnerabilities: Attackers can quickly discover security holes in software and hardware.
• Delays in security updating: Vendors struggle to keep pace with updates to defend against attacks.
• Weak security update distribution: Many software products lack a timely means of distributing security patches.
• Distributed attacks: Attackers use thousands of computers to target a single computer or network, making them harder to defend against.
• User confusion: Users must make difficult security decisions with minimal guidance.

Defining Information Security

• Grasping common security terminology is helpful when creating computer defenses.
• Information security's importance needs to be understood.
• Security encompasses the necessary actions to protect individuals or property from harm.
• Security for a home includes protection from burglary and natural disasters.
• Security is inversely proportional to convenience: increased security often decreases convenience.

Key Principles of Information Security

• The task of securing information in a digital format is a key principle.
• Information security ensures protective measures are implemented correctly.
• Information security safeguards the integrity, confidentiality, and availability of data, protecting information of value to individuals and organizations.

Protections Overview

• Confidentiality: Preventing unauthorized disclosure of sensitive or private information.
• Integrity: Preventing unauthorized modification of systems and information.
• Availability: Preventing disruption of service and productivity.

AAA Access Control Framework

• Authentication: Proving who you are.
• Authorisation: Only access what you need to do to complete your job.
• Accountability: Be able to report on who did what, where and when

Information Security Definition

• Protecting the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information using products, people, and procedures.
• Protecting information requires multiple layers: products, people, and policies and procedures.
  • Products are the physical security measures.
  • People are those who use security products properly to safeguard data.
  • Policies and Procedures are the plans established to ensure correct usage.

Information Security Terminology

• Asset: Something of value.
• Threat: A malicious or negative event that exploits a vulnerability.
• Threat Agent: The person or thing that carries out a threat..
• Vulnerability: A flaw or weakness that allows a threat agent to bypass security.
• Exploit: Taking advantage of a vulnerability.
• Risk: The likelihood and potential for loss or damage when a threat occurs. Some degree of risk is always present.

Risk Options Framework

• Avoid: Completely eliminate the risk.
• Accept: Acknowledge the risk but take no action.
• Mitigate: Reduce the likelihood or impact of the risk.
• Transfer: Shift the risk to a third party, such as through insurance.

Risk Assessment

• Risk assessment is to be assessed against the organization's budget and protection cost.
• Risk is a combination of likelihood and impact.
• Assessment of whether the risk falls into low, medium or high.

Understanding the Importance of Information Security

• Protect by preventing data theft, thwarting identity theft, avoiding legal consequences, maintaining productivity maintaining productivity, and foiling cyberterrorism.
• Data theft examples: stealing business information and personal credit card numbers.
• Identity theft involves stealing someone's information, impersonating them, usually for financial gain.
  • Data privacy laws include HIPAA (patient information), FISMA (federal information), FERPA (student information), Sarbanes-Oxley (financial reporting), GLBA/PCI DSS (financial information), and GDPR (EU resident data).
• Maintaining productivity involves making sure cleaning, lost estimates, and productivity are not all diverted.
• Cyberterrorism: Politically-motivated attacks intended to cause panic and financial catastrophe
  • Possible targets include the banking industry, air traffic control centers, and water systems.

Who Are the Common Attackers?

• Common categories of attackers are:
  • cybercriminals
  • script kiddies
  • spies
  • insiders
  • cyberterrorists
  • hacktivists
  • government agencies

Cybercriminals

• Individuals who launch attacks against other users and computer systems.
• Operate within loose networks or organized gangs, often in Eastern Europe, Asia, and developing countries.
• Steal personal data (credit card numbers, Social Security numbers) for fraud or sell fake products. They may also target governments and businesses to steal and sell important business or military data.
• Difficult to prosecute due to operating in countries with weak law enforcement.

Cybercriminal Forums

• Cybercriminals use hidden online forums to share data, coordinate attacks, buy and sell information.
• The Surface web is the portion of the Internet that can be found with search engines.
• The Deep web contains content accessible through search dialog boxes on sites.
• The Dark web is intentionally hidden and requires special browsers.

Script Kiddies

• Rely on automated attack software due to a lack of necessary knowledge.
• They purchase "exploit kits" that allow them to perform attacks.
• Over 40 percent of attacks require low or no skills.

Spies

• Spies target specific systems to steal corporate or government information.
• They are hired, not randomly searching for targets.
• Spies can use espionage to obtain information without drawing attention to themselves.
• Spies often possess excellent computer skills.

Insiders

• Include employees, contractors, and business partners within an organization.
• Insider data breaches account for 48% of those that occur.
• Insider attacks can include sabotage or theft of intellectual property.
• Sabotage often comes from employees who have been recently demoted or reprimanded.

Cyberterrorists

• The goal is to deface electronic information, spread misinformation, deny service and cause critical infrastructure outages or corruption.
• May be ideologically rather than financially motivated.

Hacktivists

• They are motivated by ideology to launch attacks, for specific Webs sites that cause problems.
• Hacktivists may promote a political agenda or retaliate for a prior event.

Government Agencies

• May instigate attacks against own citizens or against foreign governments.
• Malware has been used by goverments to target others: Flame and Stuxnet are powerful examples.

Building a Comprehensive Security Strategy

• Involves four key elements:
  • Block attacks.
  • Update defenses.
  • Minimize losses.
  • Send secure information.
• Many of these tactics have been used for centuries.

Block Attacks

• Involves creating a strong security perimeter.
• Medieval castles blocked attacks with protective stone walls and moats.
• Data resides on personal computers attached to the network, so local security is crucial.

Update Defenses

• It is necessary to updating defensive hardware and software continuously to protect from new threats.

Minimize Losses

• Actions must be taken in advance to minimize losses from attacks that breach defenses.
• Actions to take include:
  • Make backup copies of data.
  • Institute business recovery policy.

Send Secure Information

• Establish a secure electronic link between sender and receiver.
• Encrypt the data so unauthorized information cannot be reached.

Summary of Security Awareness

• Information security attacks have grown exponentially, but are now difficult to defend against.
• Key protections when securing are: protecting the integrity, confidentiality, and availability of data.
• Goals of a secure system are: preventing data theft, identity theft, and cyberterrorism, also, avoid legal consequences and maintain productivity.
• Attackers fall into recognizable categories and have different motivations, targets, and skill levels.
• A comprehensive security strategy is comprised of these elements:
  • Block attacks.
  • Update defenses.
  • Minimize losses.
  • Send secure information.

Description

An introduction to information security that describes the difficulties associated with securing information. It defines information security and explains its importance. Common types of attackers and the process of building a security strategy are identified.