Understanding Security Principles

Questions and Answers

A security team is evaluating measures to protect sensitive data. Which principle of security aims to prevent unauthorized disclosure of information?

• Accounting
• Availability
• Integrity
• Confidentiality (correct)

An organization wants to ensure that its data remains accurate and complete. Which security principle is most relevant to this goal?

• Confidentiality
• Availability
• Integrity (correct)
• Authentication

A hospital needs to ensure that patient records are accessible to doctors at all times, especially during emergencies. Which security principle is paramount in this scenario?

• Availability (correct)
• Integrity
• Authentication
• Confidentiality

An IT auditor is reviewing access logs to identify who accessed a sensitive file, what changes they made, and when they disconnected from the network. Which security principle supports this audit process?

Accounting (B)

A company implements multi-factor authentication (MFA) to enhance its security posture. What type of security control does MFA represent?

Compensating control (A)

After a successful ransomware attack, a company restores its systems from backups. What type of security control is represented by restoring from backups?

Corrective control (A)

An organization implements security cameras around its perimeter. What type of security control is represented by security cameras?

Deterrent control (B)

A company mandates the use of strong passwords and regular password changes for all employees. What type of security control do these password policies represent?

Preventive control (C)

What is the primary focus of information security within an organization?

Protecting processed data (A)

How does cybersecurity differ from information security?

Cybersecurity focuses on data protection in electronic form, while information security is broader. (B)

In the context of information security, what is the significance of 'policies and procedures'?

They form a foundational layer for protecting information. (A)

A company discovers that an employee has been using unauthorized cloud storage services to share sensitive documents. Which category of threat actor does this situation exemplify?

Shadow IT (C)

A group of activists defaces a company's website to protest its environmental policies. Which type of threat actor is most likely responsible for this action?

Hacktivist (B)

Which of the following threat actors is primarily motivated by financial gain through cyberattacks?

Organized crime (A)

An employee is disgruntled and decides to sabotage a company's database. What type of threat does this scenario represent?

Insider threat (B)

A nation launches a cyberattack on another country's critical infrastructure. What type of threat actor is responsible?

Nation-state actors (C)

New exploits are being sold on the dark web to the highest bidder. What type of threat actor does this describe?

Brokers (D)

A competitor launches an attack against another company's system to steal classified information. What is the threat actor?

Competitors (D)

Unskilled attackers often rely on readily available tools to carry out their attacks. What is their primary motivation?

Data exfiltration or service disruption (D)

What is the process of ensuring a user's credentials are authentic?

Authentication (B)

What is the purpose of authorization?

Granting permission for a user to take a particular action (C)

Attack surface can be considered mainstream. Which of the following is an example of an attack surface?

Login page of an online banking site (C)

Which of the following is a common communication tool targeted for exploitation?

Message-based (A)

What is meant by a supply chain infection?

Injecting malware during product manufacturing, storage, and distribution (B)

In open-source software, how do threat actors exploit the code?

By adding malicious code to an open-source project (C)

Which category of vulnerability is exploited by attackers before anyone else knows it exists?

Zero-day vulnerability (A)

What is a potential impact of a successful attack on an organization?

Financial loss due to lost productivity (A)

What is 'data exfiltration' in the context of cybersecurity attacks?

Stealing data to distribute it to other parties (B)

Which of the following data impacts involves stealing data to disclose it in an unauthorized fashion?

Data breach (A)

Which type of external cybersecurity resource provides a series of documented processes used to define policies and procedures for the implementation and management of security controls in an enterprise environment?

Frameworks (C)

Which of the following are the three basic parts which NIST Frameworks are divided into?

Framework core, implementation tiers, profiles (B)

What is the process of adhering to regulations called?

Regulatory compliance (D)

What do benchmarks or secure configuration guides primarily serve as?

Guidelines for configuring devices or software to resist attacks (B)

What is the common name used for external cybersecurity resources which are documented "white papers" that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?

RFCs (A)

An organization identifies a new type of malware through a continually maintained database. What type of cybersecurity resource is the organization utilizing?

Data feeds (C)

A cybersecurity professional is using a database that describes the behavior of threat actors and how they manage attacks. What is the name of this database?

TTP (A)

What is an example of Authentication?

Both A and C (B)

=

=

Flashcards

Security

The state of being free from danger.

Confidentiality

Ensures information is protected from unauthorized access.

Integrity

Ensures information is correct and unaltered.

Availability

Ensures information is accessible to authorized users.

Authentication

Ensuring a user's credentials are authentic.

Authorization

Grants permission to a user to take a particular action.

Accounting

Creates a record of who accessed the network, resources accessed and when they disconnected.

Security Control

A safeguard that is employed within an enterprise to protect the CIA of information.

Cybersecurity

Cybersecurity includes practices, processes, and technologies to protect digital devices and networks.

Information Security

Information Security protects essential 'processed data' in an enterprise.

Threat Actor

An individual or entity responsible for attacks.

Financial crime targets

Financial crime based on targets: individual users, enterprises, and governments.

Unskilled Attackers

Individuals who lack technical knowledge to perform sophisticated attacks.

Shadow IT

Bypassing approval for technology purchases.

Organized Crime

A group engaging in illegal activities for financial gain.

Insider Threats

Employees, contractors, or business partners who pose a security risk.

Hacktivists Attacks

Breaking into a website and changing content as a political statement.

Nation-State Actors

State-sponsored attackers launching cyberattacks against their foes.

Competitors (Threat Actor)

Attack opponent’s system to steal classified information

Brokers (Threat Actor)

Selling knowledge of a weakness to other attackers or governments.

Cyberterrorists

Individuals who attack a nation’s network aiming mass disruption and panic among citizens

Attack Surface

A digital platform that hackers target for their exploits.

Supply Chain Infections

Malware inserted during manufacturing, storage, and distribution.

Open-Source Software

Software attack where the source code is available to be freely used.

Vulnerability

The state of being exposed to being attacked or harmed.

Zero-Day Vulnerabilities

Vulnerabilities exploited before anybody is aware of its existence creating a surprise attack.

Data Loss

Destruction of data leading to an unrecoverable loss.

Standard

Framework or standard offering guidelines, rules, or other characteristics.

Study Notes

Understanding Security

• Security means being free from danger and the goal of security is safety.
• It involves measures taken to ensure safety, which makes it the process of security.
• As security increases, convenience often decreases.

Principles of Security

• There are three types of security protections: CIA, which stands for Confidentiality, Integrity, and Availability.
  • Confidentiality ensures information is available only to authorized individuals.
  • Integrity guarantees information accuracy and completeness.
  • Availability ensures information is accessible to authorized users.
• Security involves controlling access to information.
  • Authentication confirms user credentials.
  • Authorization grants permission for specific actions.
  • Accounting creates a record of network access, resource usage, and disconnection times.
• Security controls are safeguards within an enterprise protecting the CIA triad, including Deterrent, Preventive, Detective, Compensating Corrective, and Directive controls.
  • Deterrent controls can include measures such as a security camera
  • Preventive controls can include stronger passwords
  • Detective controls can include alarm systems
  • Compensating controls can include multi factor authentication
  • Corrective controls can include things like backups
  • Directive controls can include policies

Cybersecurity versus Information Security

• Information security protects "processed data" that is essential in an enterprise environment.
• Cybersecurity involves practices, processes and technologies that protect devices, networks, and programs which process and store data electronically

Defining Information Security

• Information Security includes all policies and procedures required to keep data secure: whether transmitted, processed, stored, people or products

Knowledge Check Activity 1-1

• Confidentiality ensures only authorized parties can view protected information.

Threat Actors and Motivations

• A threat actor, also known as an attacker, is responsible for attacks.
• Financial crime targets individuals, enterprises, and governments.
• Categories of threat actors:
  • Unskilled attackers
  • Shadow IT
  • Organized crime
  • Insiders
  • Hacktivists
  • Nation-state actors
  • Competitors
  • Brokers
  • Cyberterrorists

Unskilled Attackers

• Unskilled attackers lack technical knowledge but want to perform attacks.
• They use freely available or low-cost, easy-to-use tools for attacks.
• Their motivation is usually data exfiltration or service disruption.

Shadow IT

• Shadow IT is bypassing corporate approval for technology purchases
• Employee motivations are often ethical but can weaken security.

Organized Crime

• A close-knit tightly controlled group set up to engage in illegal activities
• Recently organized crime moved into cyberattacks.
• Cyberattacks are considered less risky and more rewarding than traditional crime
• Motivation is generally financial gain

Insider Threats

• Insiders can be employees, contractors, and business partners within a company.
• Motivation could include revenge or blackmail.
• Attacks are hard to recognize.

Hacktivists

• Groups or individuals strongly motivated by ideology are called hacktivists.
• Their attacks often involve website intrusion and content changes for political statements.
• Some of their attacks are retaliatory, such as disabling a bank's website, if the bank does not support groups that the hacktivists support.
• Motivation is to cause disruption/chaos.

Nation-State Actors

• Governments are increasingly using state-sponsored attackers for cyberattacks against foes.
• Nation-state actors are often involved in multiyear intrusion campaigns targeting highly sensitive economic, proprietary, or national security information.
• A new class of attacks uses advanced persistent threat-APT to extract data silently for extended periods of time.

Other Threat Actors

• Competitors will launch attacks against opponent systems and attempt to steal classified information.
• Brokers will sell their knowledge of a weakness to other attackers or governments.
• Cyberterrorists attack a nation's network of computer infrastructure, with the intent of disruption and panic amongst citizens.

Knowledge Check Activity 1-2

• The motivation of an employee engaging in shadow IT is considered ethical but weakens security.

Threat Vectors and Attack Surfaces

• An attack surface, or threat vector, is a digital platform targeted by threat actors.
• Attack surfaces are found in all technology settings.
• The primary targets of threat actors still are things like Login pages of online banking sites.
• Common communication tools like Email, texts, instant messages, and voice calls, are common communication tools are message based such as phishing
• A supply chain is a network that moves a product from creation to the end user
• Each link is a potential threat vector and it is possible that malware can be injected into the product during its manufacturing, storage, and distribution, which is called supply chain infection.
• Software supply chains have recently been the target of attackers due to the fact that open source code allows threat actors to add malicious code.

Categories of Vulnerabilities

• A vulnerability means being open to attack or being harmed.
• Cybersecurity vulnerabilities can be categorized into software, hardware, misconfigurations,and zero-day.
• Software vulnerabilities are predominantely within software, with OS software being the chief culprit.
  • Can come in the form of a malicious update
• Hardware vulnerabilities can include the difficulty patching firmware, legacy platforms, and end-of-life hardware
• Misconfigurations settings are often not properly deployed causing misconfigurations that result in vulnerabilities.
• Zero-day vulnerabilities can be exploited before anyone knows they exist and do not give a warning.

Impacts of Attacks

• A successful attack results in several negative impacts, including data impact and overall affects.
• Overall affects include inaccessibility of systems aka availability loss, which results in lost productivity, aka financial loss.
• Attacks may also affect the public perception of the enterprise, effecting its reputation.
• Types of attacks include:
  • Data Loss: The destruction of data so that it cannot be recovered
  • Data exfiltration: Stealing data to distribute it to other parties
  • Data breach: Stealing data to disclose it in an unauthorized fashion
  • Identity theft: Taking personally identifiable information to impersonate someone

Information Security Resources

• These are resources to defend from any potential cyber attacks. They include:
  • Frameworks
  • Regulations
  • Legislation
  • Standards
  • Benchmarks/secure configuration guides
  • Information sources

Frameworks

• An information security framework documents processes to define policies and procedures for implementing and managing security controls in an enterprise.
• The National Institute of Standards and Technology (NIST) frameworks have three parts:
  • Framework Core, which is a set of activities and outcomes related to cyber security.
  • Implementation tiers levels of security maturity
  • Profiles which outline customized approaches based on specific needs.

Regulations

• Adhering to regulations is regulatory compliance.
• Most organizations must follow multiple regulations from different regulatory bodies like broadly applicable, industry specific, U.S. state regulation, and international regulations.

Legislation

• Governing bodies can enact legislation or laws to provide information security resources which would include
  • National Laws
  • Territorial Laws
  • State Laws

Standards

• A standard is a document approved through concensus for a recognized standardization body.
• Standards provide frameworks, rules, guidelines, or characteristics for products and production methods.
• The Payment Card Industry Data Security Standard (PCI DSS) is one information security compliance standard.

Benchmarks/Secure Configuration Guides

• Hardware manufacturers and software developers distribute benchmarks and secure configuration guides
• These serve as guidelines for configuring a device or software for resilience against attacks.
• These guides are usually platform-/vendor-specific and apply to specific products.

Information Sources

• Requests for comments (RFCs) are like "white papers" authored by technology bodies with experts who employ specialist engineers and scientists.
• Data feeds are continually maintained databases compiling the latest cybersecurity incidents.
• Common cybersecurity data feeds, include vulnerability feeds that provide current information on vulnerabilities.
• The adversary tactics, techniques, and procedures (TTP) is a database of how threat actors manage attacks.