INFOSEC-1.docx - CIA Triad & Cyber Security

**WEEK 1** **CIA Triad** - is a foundational concept in information security, representing the three key principles that guide the protection of data and systems. - The **CIA Triad** is a critical framework used by cybersecurity professionals to **assess** risks, **design** security strategies, and **implement** policies to safeguard information systems. Balancing all three components is essential for robust security. **Confidentiality** - **Definition**: Ensures that information is not disclosed to unauthorized individuals, entities, or processes. Only those with the proper permissions should have access to sensitive data. - **Techniques**: Encryption, access control, and authentication used to maintain confidentiality. - **Examples of threats**: Phishing, insider threats, weak passwords, data breaches. - ***Why It Matters**: Prevents unauthorized access to sensitive data, such as personal, financial, or proprietary information.* - ***Consequences of Failure**: Breaches of confidentiality can lead to identity theft, financial losses, reputational damage, and legal consequences.* - ***Real-Life Relevance**: Imagine a data breach exposing millions of users\' personal details---this represents a failure in maintaining confidentiality.* **Integrity** - **Definition**: Ensures the accuracy and completeness of data over its lifecycle. It prevents unauthorized alterations to information, whether accidental or malicious. - **Techniques**: Hashing, digital signatures, and version control. - **Examples of threats:** Data tampering, man-in-the-middle attacks (MitM), accidental modifications. - ***Why It Matters**: Ensures that data remains accurate, consistent, and trustworthy. Any alteration---whether intentional or accidental---can undermine decision-making and operations.* - ***Consequences of Failure**: Compromised integrity could lead to corrupted databases, incorrect financial transactions, or falsified medical records.* - ***Real-Life Relevance**: Consider a banking system that processes incorrect account balances due to data tampering. This would erode trust and harm operations.* **Availability** - **Definition**: Ensures that information and systems are accessible to authorized users when needed. Downtime or disruptions can hinder operations and compromise availability. - **Techniques**: Redundancy, load balancing, backups, and robust disaster recovery plans. - **Examples of threats:** DDoS attacks, hardware failures, natural disasters. - **Why it matters:** Availability is critical for operational continuity. - **Consequences of Failure**: Downtime or denial of service can halt business processes, lead to financial losses, and compromise customer trust. - **Real-Life Relevance**: A denial-of-service (DoS) attack that shuts down an e-commerce site during peak sales is an example of an availability failure. **WEEK 2** **Introduction to Cyber Security Threats in Information System** **Information Security** - protection of information and information system from unauthorized access, use, disclosure, disruption, modification or destruction. - This process involves the implementation of appropriate technical, administrative and physical controls to ensure confidentiality, integrity and availability of information **Information Assurance** - is the process of protecting information and information system from unauthorized access, modification, theft or destruction while ensuring confidentiality, integrity and availability. - This process involves assessment of potential risks and vulnerabilities, the development and implementation of appropriate controls and counter measures, and the monitoring and evaluation of their effectiveness. - *Importance:* Because information is a valuable ASSET that individuals, organization or government should PROTECT from potential harm **Frameworks and Models for Information Assurance** 1. **ITIL (Information Technology Infrastructure Library)** - Frameworks Purpose: ITIL is a framework for IT Service Management (ITSM) that focuses on aligning IT services with business needs. It provides best practices for delivering value to customers through IT services. - Key Focus Areas: - Service strategy - Service design - Service transition - Service operation - Continual service improvement 2. **NIST (National Institute of Standards and Technology)** - Frameworks Purpose: NIST develops a variety of standards and guidelines for information security. The NIST Cybersecurity Framework (CSF) and NIST SP 800-53 are widely used frameworks for cybersecurity risk management. Key Focus Areas: - Identify (risk management) - Protect (safeguards) - Detect (incident detection) - Respond (response planning) - Recover (restore operations) 3. **ISO/IEC 27001 Purpose: ISO/IEC 27001** - is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information. - Key Focus Areas: - Establishing, implementing, maintaining, and continually improving an ISMS. - Addressing information security risks and controls **Information Security** - protection of information and information system from unauthorized access, use, disclosure, disruption, modification or destruction. - This process involves the implementation of appropriate technical, administrative and physical controls to ensure confidentiality, integrity and availability of information **Best Practice for Information Security** 1. **Conducting a Risk Assessment** - Helps identify potential risk and vulnerabilities to information and information systems. This assessment involves analyzing the likelihood and impact of potential threats and develop appropriate controls to mitigate the risks 2. **Developing Policies and Procedures** - Provide guide and direction for the implementation of information security controls. These policies and procedure should be reviewed and updated regularly to ensure they remain relevant and effective 3. **Implementing Access Controls** - Access controls are designed to limit access to information and information systems to authorized personnel. These controls may include user authentication, **role based access control** (based on a user\'s role within an organization), and **physical access controls** (access to buildings, rooms, and equipment) 4. **Training and Awareness** - Help employees understand the importance of information security and their role in protecting it. These programs may include security awareness training, phishing simulations and incident response training. 5. **Monitoring and Logging** - Enable organizations to detect and respond to security incidents in a timely manner. These controls may include intrusion detection and prevention systems, security information and event management systems and log management tools 6. **Incident Response Planning (**Conducting a Risk Assessment) - Helps organization prepare for and respond to security incidents. This planning involves developing a plan for detecting, reporting and responding to incidents and identifying the roles and responsibilities of personnel involved in incident response **Cyber Security Threats** - Acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or disrupt computing systems **Types of Cyber Security Threats** 1. **Malware Attacks** - Malware is an abbreviation of \"malicious software\" - viruses, worms, trojans, spyware, and ransomware, - is the **most common type of cyberattack**. - Malware infiltrates a system, usually via a link on an untrusted website or email or an unwanted software download. - It deploys on the target system, collects sensitive data, manipulates and blocks access to network components, and may destroy data or shut down the system altogether. 1. Viruses - a piece of code injects itself into an application. When the application runs, the malicious code executes 2. Worms - malware that exploits software vulnerabilities and backdoors to gain access to an operating system. Once installed in the network, the worm can carry out attacks such as Distributed Denial of Service (DDoS). 3. Trojans - malicious code or software that poses as an innocent program, hiding in apps, games or email attachments. An unsuspecting user downloads the trojan, allowing it to gain control of their device 4. Ransomware - a user or organization is denied access to their own systems or data via encryption. - The attacker typically demands a ransom be paid in exchange for a decryption key to restore access, but there is no guarantee that paying the ransom will actually restore full access or functionality. 5. Crypto jacking - attackers deploy software on a victim\'s device, and begin using their computing resources to generate cryptocurrency, without their knowledge. Affected systems can become slow and cryptojacking kits can affect system stability 6. Spyware - a malicious actor gains access to an unsuspecting user\'s data, including sensitive information such as passwords and payment details. Spyware can affect desktop browsers, mobile phones and desktop applications. 7. Adware - a user\'s browsing activity is tracked to determine behavior patterns and interests, allowing advertisers to send the user targeted advertising. Adware is related to spyware but does not involve installing software on the user\'s device and is not necessarily used for malicious purposes, but it can be used without the user\'s consent and compromise their privacy 8. Fileless malware - no software is installed on the operating system. Native files like WMI and PowerShell are edited to enable malicious functions. This stealthy, form of attack is difficult to detect (antivirus can\'t identify it), because the compromised files are recognized as legitimate 9. Rootkits - software is injected into applications, firmware, operating system kerels or hypervisors, providing remote administrative access to a computer. - The attacker can start the operating system within a compromised environment, gain complete control of the computer and deliver additional malware. **Common Sources of Cyber Threats** 1. Nation States - hostile countries can launch cyber-attacks against local companies and institutions, aiming to interfere with communications, cause disorder, and inflict damage 2. Cyber Terrorism - terrorists conduct cyber-attacks aimed at destroying or abusing critical infrastructure, threaten national security, disrupt economies, and cause bodily harm to citizens 3. Criminal Groups - organized groups of hackers aim to break into computing systems for economic benefit. These groups use phishing, spam, spyware and malware for extortion, theft of private information, and online scams. 4. Malicious Insiders - an employee who has legitimate access to company assets and abuses their privileges to steal information or damage computing systems for economic or personal gain. Insiders may be employees, contractors, suppliers, or partners of the target organization. - They can also be outsiders with have compromised a privileged account and are impersonating its owner 5. Hackers - Individual hackers target organizations using a variety of attack techniques. They are usually motivated by personal gain, revenge, financial gain, or political activity. - Hackers often develop new threats, to advance their criminal ability and improve their personal standing in the hacker community **WEEK 3** **Hackers and Crackers** The popular press uses the word hacker to refer to people who break into computer systems and steal or corrupt data, but this is not quite the exact definition. Perhaps it helps to distinguish between hackers and crackers, although the term cracker has never caught on with the general public. **HACKERS** - Considering the second kind of hacker, those who break into computers for relatively benign reasons 1. Thrill-seeker hackers: - Thrill-seeker hackers are hackers who illegally access computer systems simply for the challenge of it. - Although they penetrate computers and networks illegally, they don't do any damage or steal anything; their reward is the achievement of breaking in. 2. White-hat hackers: - White-hat hackers are usually computer professionals who break into computer systems and networks with the knowledge of their owners to expose security flaws that can then be fixed. - (The term "white hat" refers to the hero in old Western movies, who often wore a white hat, as opposed to the villain, who usually wore a black hat. HACKERS - **Intent:** Help organizations and improve cybersecurity. - **Methods**: Use legal and authorized methods to test security systems. - **Goal:** Strengthen security by identifying vulnerabilities before malicious hackers exploit them. White hat hackers follow ethical guidelines and work in a lawful manner, often for companies or government agencies. - **Example**: Certified ethical hackers (CEHs), penetration testers. 3. Gray Hat Hackers - **Intent:** Often a mix of both ethical and unethical actions. - **Methods**: May hack systems without permission, but typically report vulnerabilities to the owner afterward. - **Goal:** Sometimes done to help improve security, but the hacking itself is unauthorized. - Gray hat hackers operate in the middle ground between white and black hats, hacking systems without permission but without malicious intent. - **Example**: A hacker who discovers a security flaw and reports it to the company without authorization, sometimes seeking a reward. 4. **Red Hat Hackers** - **Intent:** Actively combat black hat hackers. - **Methods**: Use aggressive or retaliatory tactics against malicious hackers. - **Goal**: Protect systems by taking down black hat hackers, sometimes using illegal methods. - Red hat hackers are like vigilantes of the hacker world. While their intention is to stop black hats, they sometimes use destructive techniques, like launching counter-attacks or destroying the malicious hacker's infrastructure. - **Example**: A hacker who retaliates against cybercriminals by hacking their systems and shutting them down. 5. Blue Hat Hackers - **Intent**: Often driven by revenge or to harm a particular target. **Methods**: Target individuals or organizations without in-depth knowledge of hacking. - **Goal**: Cause harm or embarrassment to a personal enemy. - Blue hat hackers are typically outsiders, not interested in widespread cybercrime but motivated by personal vendettas. They are not professional hackers and may use pre-made tools or basic attacks. - **Example**: Someone hacking a competitor's website out of revenge 6. Green Hat Hackers - **Intent**: Learning and experimenting with hacking techniques. - **Methods**: Use basic scripts and tools to practice hacking. - **Goal**: Gain knowledge and experience in hacking. Green hat hackers are beginners or \"newbies\" in the hacker community, often referred to as \"noobs\" or \"script kiddies.\" They are eager to learn and may experiment with hacking, sometimes unintentionally causing harm. - **Example:** A novice hacker practicing their skills on weak systems or vulnerable websites. 7. Purple Hat Hackers - **Intent**: A combination of red and blue team roles in cybersecurity. - **Methods**: Use both offensive and defensive hacking techniques. - **Goal**: Improve overall security by understanding both attack and defense strategies. - Purple hats are often professionals who understand both attacking systems (like red team members) and defending them (like blue team members). They simulate attacks to improve security. - **Example**: A cybersecurity expert involved in both penetration testing and defensive measures. **CRACKERS** - As opposed to hackers, who do break-ins for more or less positive reasons, crackers are malicious hackers, people who break into computers for malicious purposes---to obtain information for financial gain, shut down hardware, pirate software, steal people's credit information, or alter or destroy data. 1. **Hacktivist** - is a hacker who uses their skills to promote a political or social cause. The term is a combination of \"hacker\" and \"activist.\" - Hacktivists carry out cyber-attacks to protest, raise awareness, or disrupt activities of governments, organizations, or individuals that they oppose, often with the aim of influencing public opinion or sparking change. - **Motivation:** Hacktivists are motivated by political, social, or ideological reasons rather than personal financial gain. They may target entities they believe are engaged in unethical or harmful practices, such as government surveillance, corporate misconduct, environmental degradation, or censorship. - **Methods**: Hacktivists use various cyber techniques to disrupt or damage their targets, including: - Defacing websites to display protest messages. - Leaking sensitive information (e.g., government or corporate documents) to expose wrongdoing. - Data breaches to reveal hidden or classified information. - Social media hijacking to spread their message. - **Goals**: Hacktivists aim to draw attention to their cause or disrupt the operations of those they oppose. Their actions often have a dual goal of raising public awareness and embarrassing or damaging the reputation of their targets. 2. Black Hat Hackers (Malicious Hackers) - **Intent**: Cause harm, exploit systems, or steal information. - **Methods**: Use illegal tactics like hacking into systems without permission, creating malware, or conducting phishing attacks. - **Goal**: Financial gain, theft, sabotage, or personal satisfaction. - Black hat hackers break laws and ethical standards, often with the intention of exploiting vulnerabilities for malicious purposes. - **Example**: Cybercriminals who steal credit card information or launch ransomware attacks 3. Cyberterrorists - are individuals or groups that use cyberattacks to cause significant disruption, fear, or harm, often for ideological, political, or religious reasons. - Their attacks target critical infrastructures, governmental institutions, or large organizations with the aim of creating chaos, intimidation, or advancing their specific agenda. - Unlike typical hackers who may be motivated by profit, cyberterrorists aim to achieve the same objectives as traditional terrorism---spreading fear and coercing governments or societies---but through digital means. **Social Engineering Attacks** - Social engineering involves tricking users into providing an entry point for malware. The victim provides sensitive information or unwittingly installs malware on their device, because the attacker poses as a legitimate actor - Tactics: - Exploiting human psychology, trust, and emotions. - Deceiving victims through communication channels like email, phone, or social media. **Types of Social Engineering Attacks** 1. **Baiting** - the attacker lures a user into a social engineering trap, usually with a promise of something attractive like a free gift card. The victim provides sensitive information such as credentials to the attacker. 2. **Pre-Texting** - Pretexting-similar to baiting, the attacker pressures the target into giving up information under false pretenses. - This typically involves impersonating someone with authority, for example an IRS or police officer, whose position will compel the victim to comply 3. **Phishing** - The attacker sends emails pretending to come from a trusted source. - Phishing often involves sending fraudulent emails to as many users as possible, but can also be more targeted. - For example, \"spear phishing\" personalizes the email to target a specific user, while \"whaling\" takes this a step further by targeting high-value individuals such as CEOs 4. **Vishing (voice phishing)** - the imposter uses the phone to trick the target into disclosing sensitive data or grant access to the target system. - Vishing typically targets older individuals but can be employed against anyone 5. **Smishing (SMS phishing)** - the attacker uses text messages as the means of deceiving the victim. 6. **Piggybacking** - an authorized user provides physical access to another individual who \"piggybacks\" off the user\'s credentials. For example, an employee may grant access to someone posing as a new employee who misplaced their credential card 7. **Tailgating** - an unauthorized individual follows an authorized user into a location, for example by quickly slipping in through a protected door after the authorized user has opened it. This technique is similar to piggybacking except that the person being tailgated is unaware that they are being used by another individual **Supply Chain Attacks** - Supply chain attacks are a new type of threat to software developers and vendors. - Its purpose is to infect legitimate applications and distribute malware via source code, build processes or software update mechanisms. - Attackers are looking for non-secure network protocols, server infrastructure, and coding techniques, and use them to compromise build and update process, modify source code and hide malicious content. - Supply chain attacks are especially severe because the applications being compromised by attackers are signed and certified by trusted vendors, In a software supply chain attack, the software vendor is not aware that its applications or updates are infected with malware. - Malicious code runs with the same trust and privileges as the compromised application. **Types of Supply Chain Attacks** - Compromise of build tools or development pipelines - Compromise of code signing procedures or developer accounts - Malicious code sent as automated updates to hardware or firmware components - Malicious code pre-installed on physical devices 1. Man-in-the-Middle Attack - A Man-in-the-Middle (MitM) attack involves intercepting the communication between two endpoints, such as a user and an application. The attacker can eavesdrop on the communication, steal sensitive data, and impersonate each party participating in the communication Examples of Man in the Middle Attacks a. **Wi-Fi Eavesdropping** an attacker sets up a Wi-Fi connection, posing as a legitimate actor, such as a business, that users may connect to. The fraudulent Wi-Fi allows the attacker to monitor the activity of connected users and intercept data such as payment card details and login credentials b. **Email hijacking** an attacker spoofs the email address of a legitimate organization, such as a bank, and uses it to trick users into giving up sensitive information or transferring money to the attacker. The user follows instructions they think come from the bank but are actually from the attacker c. **DNS spoofing ** a Domain Name Server (DNS) is spoofed, directing a user to a malicious website posing as a legitimate site. The attacker may divert traffic from the legitimate site or steal the user\'s credentials d. **IP spoofing ** an Internet Protocol (IP) address connects users to a specific website. An attacker can spoof an IP address to pose as a website and deceive users into thinking they are interacting with that website e. **HTTPS spoofing ** HTTPS is generally considered the more secure version of HTTP, but can also be used to trick the browser into thinking that a malicious website is safe. The attacker uses \"HTTPS\" in the URL to conceal the malicious nature of the website. 2. **Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks** DoS and DDoS attacks aim to disrupt the normal functioning of a targeted computer or network by overwhelming it with traffic, making it inaccessible to legitimate users. - **DoS:** Involves a single source flooding the target with traffic. - **DDoS:** Utilizes multiple compromised systems (often a botnet) to launch the attack simultaneously, making it harder to mitigate. **Common Types of DDoS Attacks:** 1. **HTTP Flood:** - **How it works:** Overwhelms the target server with a massive number of HTTP requests, consuming server resources and preventing legitimate users from accessing the website. - **Impact:** Slows down website performance, increases latency, and can ultimately make the site unavailable. 2. **SYN Flood:** - **How it works:** Exploits the three-way handshake in TCP connections. The attacker sends a SYN (synchronize) packet, but never responds to the SYN-ACK, leaving the server waiting for the final acknowledgment. This consumes server resources and prevents legitimate connections from being established. - **Impact:** Severely impacts server performance, especially for services that rely heavily on TCP connections. 3. **UDP Flood:** - **How it works:** Sends a large volume of UDP packets to the target, consuming server resources and potentially crashing the server. UDP is connectionless, making it easier for attackers to send large amounts of traffic. - **Impact:** Can cause server instability, packet loss, and service disruption. 4. **ICMP Flood:** - **How it works:** Overloads the target with ICMP (Internet Control Message Protocol) packets, such as ping requests or error messages. - **Impact:** Can consume significant bandwidth and disrupt network communication. 5. **NTP Amplification:** - **How it works:** Exploits the Network Time Protocol (NTP) to amplify the attack traffic. Attackers send small queries to vulnerable NTP servers, which respond with much larger packets to the target. - **Impact:** Can generate massive amounts of traffic, overwhelming the target with amplified responses. **Mitigating DDoS Attacks:** - **Traffic Filtering:** Implementing traffic filtering rules to block malicious traffic at the network perimeter. - **Rate Limiting:** Limiting the number of requests per second from a single IP address or source. - **Intrusion Detection and Prevention Systems (IDPS):** Deploying IDPS to detect and block malicious traffic patterns. - **Cloud-Based DDoS Protection:** Utilizing cloud-based services that provide advanced DDoS mitigation capabilities. 3. **Injection Attacks** Injection attacks exploit a variety of vulnerabilities to directly insert malicious input into the code of a web application. Successful attacks may expose sensitive information, execute a DoS attack or compromise the entire system. f. **SQL Injection** - An attacker enters an SQL (Structured Query Language) query into an end user input channel, such as a web form or comment field. - A vulnerable application will send the attacker\'s data to the database, and will execute any SQL commands that have been injected into the query. Most web applications use databases based on SQL (Structured Query Language), making them vulnerable to SQL injection. A new variant on this attack is NoSQL attacks, targeted against databases that do not use a relational data structure g. **Code injection** - an attacker can inject code into an application if its vulnerable. The web server executes the malicious code as if it were part of the application h. **OS (Operating System) Command Injection** - an attacker can exploit a command injection vulnerability to input commands for the operating system to execute. This allows the attack to exfiltrate OS data or take over the system i. **LDAP Injection** - an attacker inputs characters to alter Lightweight Directory Access Protocol (LDAP) queries. A system is vulnerable if it uses unsanitized LDAP queries. These attacks are very severe because LDAP servers may store user accounts and credentials for an entire organization j. **XML eXternal Entities (XXE) Injection** - an attack is carried out using specially-constructed Extensible Markup Language (XML) documents. This differs from other attack vectors because it exploits inherent vulnerabilities in legacy XML parsers rather than unvalidated user inputs. Extensible Markup Language (XML) documents can be used to traverse paths, execute code remotely and execute server-side request forgery (SSRF). k. **Cross-Site Scripting (XSS)** - an attacker inputs a string of text containing malicious JavaScript. The target\'s browser executes the code, enabling the attacker to redirect users to a malicious website or steal session cookies to hijack a user\'s session. An application is vulnerable to XSS if it doesn\'t sanitize user inputs to remove JavaScript code **Programs, Operating System, and Database Security and Integrity** - In today\'s digital age, data is considered as the new oil, and it is the most valuable asset for businesses and organizations. Data could be personal data, financial records, trade secrets, or any other sensitive information. Therefore, the security and integrity of programs, operating systems, and databases are crucial to safeguard against cyber threats and data breaches **Operating System** - An operating system (OS) is the most critical software that runs on a computer system. It manages the system resources, including the hardware, software, and user data, and provides a platform for running other applications. Examples of operating systems include Microsoft Windows, Apple macOS, and Linux. **Steps to Secure the Operating System** 1. **Keep the operating system updated:** - One of the most critical steps to securing the operating system is to keep it updated with the latest security patches and updates. Software vendors regularly release updates to fix security vulnerabilities and bugs in their products. Users should apply these updates as soon as possible to prevent vulnerabilities from being exploited by cybercriminals 2. **Use antivirus software:** - Installing antivirus software is an essential step in securing the operating system. Antivirus software is designed to detect and remove malware from a computer. It scans files, email attachments, and downloads for known malware signatures and behaviors and blocks them from running or deletes them from the system 3. **Use a firewall:** - A firewall is a security program that monitors and controls incoming and outgoing network traffic. It can prevent unauthorized access to the system and protect it from network-based attacks. Users should ensure that the firewall is turned on and configured correctly to prevent unauthorized access 4. **Implement access controls:** - Access controls limit access to the operating system and data, ensuring that only authorized users can access sensitive information. Users should only be granted access to the operating system and data they need to perform their job functions, and access should be revoked when it is no longer necessary 5. **Use strong passwords:** - Using strong passwords is essential to securing the operating system. Passwords should be at least eight characters long and should include a combination of letters, numbers, and special characters. Users should avoid using common words or phrases, and they should change their passwords regularly 6. **Disable unnecessary services:** - Operating systems come with many services and features that are not needed for everyday use. Disabling unnecessary services can reduce the attack surface of the system, making it more difficult for attackers to exploit vulnerabilities 7. **Enable encryption:** - Encryption can be used to protect data from unauthorized access. Operating systems that handle sensitive data should encrypt the data both at rest and in transit to prevent it from being accessed by unauthorized parties. Encryption uses complex algorithms to scramble the data, making it unreadable to anyone who does not have the key to decrypt it ![](media/image2.jpg)  **Which of the following principles of the CIA Triad focuses on ensuring that data remains accurate and trustworthy?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** b) Integrity  **Encrypting data while it is being transmitted over a network primarily addresses which CIA principle?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** a) Confidentiality  **Implementing a system of backups and failover mechanisms primarily addresses which CIA principle?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** c) Availability  **Granting users only the necessary permissions to perform their job duties is a key aspect of which security principle?** a) Least Privilege b) Data Loss Prevention c) Risk Assessment d) Vulnerability Scanning **Answer:** a) Least Privilege  **Which of the following techniques can be used to prevent unauthorized access to sensitive data?** a) Data Masking b) Digital Signatures c) Access Control Lists (ACLs) d) Load Balancing **Answer:** c) Access Control Lists (ACLs)  **A company\'s financial records are altered by a hacker. Which CIA principle is primarily violated in this scenario?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** b) Integrity  **A power outage causes a hospital\'s computer systems to crash, preventing doctors from accessing patient records. Which CIA principle is primarily violated in this scenario?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** c) Availability  **Which of the following techniques can be used to ensure the authenticity of data?** a) Encryption b) Digital Signatures c) Data Masking d) Access Control Lists (ACLs) **Answer:** b) Digital Signatures  **A company implements a policy requiring employees to use strong passwords and change them regularly. This primarily addresses which CIA principle?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** a) Confidentiality  **Which of the following is NOT a key aspect of ensuring data confidentiality?** a) Preventing data breaches b) Maintaining data accuracy c) Protecting data from unauthorized disclosure d) Maintaining privacy **Answer:** b) Maintaining data accuracy  **Which of the following techniques can be used to prevent data loss in case of a disaster?** a) Encryption b) Data Masking c) Data Backups d) Access Control Lists (ACLs) **Answer:** c) Data Backups  **A malicious insider downloads sensitive customer data and sells it to a competitor. Which CIA principles are violated in this scenario?** a) Confidentiality only b) Integrity only c) Confidentiality and Integrity d) Availability and Integrity **Answer:** c) Confidentiality and Integrity  **A ransomware attack encrypts a company\'s critical files, demanding a ransom payment to restore access. Which CIA principles are violated in this scenario?** a) Confidentiality only b) Availability only c) Confidentiality and Availability d) Integrity and Availability **Answer:** c) Confidentiality and Availability  **Which of the following is NOT a key aspect of ensuring data integrity?** a) Preventing data modification b) Ensuring data authenticity c) Maintaining data availability d) Maintaining data consistency **Answer:** c) Maintaining data availability  **A software bug causes a system to generate incorrect financial reports. Which CIA principle is primarily violated in this scenario?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** b) Integrity  **Which of the following is a key aspect of ensuring data availability?** a) Preventing data breaches b) Minimizing system downtime c) Ensuring data accuracy d) Protecting data from unauthorized disclosure **Answer:** b) Minimizing system downtime  **Implementing firewalls and intrusion detection systems primarily addresses which CIA principle?** a) Confidentiality b) Integrity c) Availability d) Authenticity **Answer:** a) Confidentiality  **Regular security audits and vulnerability assessments are important for:** a) Ensuring data confidentiality b) Ensuring data integrity c) Ensuring data availability d) All of the above **Answer:** d) All of the above  **Which of the following is a technique for protecting data at rest?** a) HTTPS b) VPNs c) Full Disk Encryption (FDE) d) Access Control Lists (ACLs) **Answer:** c) Full Disk Encryption (FDE)  **Which of the following is a technique for protecting data in transit?** a) HTTPS b) Full Disk Encryption (FDE) c) Data Masking d) Access Control Lists (ACLs) **Answer:** a) HTTPS  **Which of the following is NOT a benefit of implementing multi-factor authentication (MFA)?** a) Enhanced data confidentiality b) Improved system performance c) Reduced risk of unauthorized access d) Increased security **Answer:** b) Improved system performance  **Educating employees about security best practices, such as recognizing phishing attempts, is a key component of:** a) Physical security b) Data encryption c) Access control d) Security awareness training **Answer:** d) Security awareness training  **Which of the following is an example of a physical security measure?** a) Encryption b) Data masking c) Access control lists (ACLs) d) Surveillance cameras **Answer:** d) Surveillance cameras  **Which of the following is a key principle of the CIA Triad?** a) Accuracy b) Authenticity c) Availability d) All of the above **Answer:** c) Availability  **Which of the following is a key principle of the CIA Triad?** a) Accuracy b) Authenticity c) Confidentiality d) All of the above **Answer:** c) Confidentiality  **Which of the following is a key principle of the CIA Triad?** a) Accuracy b) Authenticity c) Integrity d) All of the above **Answer:** c) Integrity  **Which of the following is NOT a goal of implementing security measures?** a) Protect sensitive information b) Ensure data accuracy c) Increase system performance d) Maintain data availability **Answer:** c) Increase system performance  **Which of the following is a benefit of implementing strong access controls?** a) Improved system performance b) Reduced risk of data breaches c) Increased system complexity d) Decreased user productivity **Answer:** b) Reduced risk of data breaches  **Which of the following is a common method for implementing access control?** a) Data encryption b) Data masking c) Role-Based Access Control (RBAC) d) Load balancing **Answer:** c) Role-Based Access Control (RBAC)  **Which of the following is a key component of a comprehensive security strategy?** a) Regular security assessments b) Implementing a single security control c) Relying solely on technology d) Ignoring employee training **Answer:** a) Regular security assessments  **Which of the following is a benefit of implementing data masking?** a) Improved system performance b) Reduced risk of data breaches c) Enhanced data availability d) Enabling data to be used for testing and training purposes without compromising confidentiality **Answer:** d) Enabling data to be used for testing and training purposes without compromising confidentiality  **Which of the following is a key aspect of maintaining data integrity?** a) Preventing data modification b) Ensuring data availability c) Implementing strong passwords d) Using public Wi-Fi networks **Answer:** a) Preventing data modification  **Which of the following is a key aspect of maintaining data confidentiality?** a) Ensuring data availability b) Preventing data modification c) Protecting data from unauthorized disclosure d) Implementing strong passwords **Answer:** c) Protecting data from unauthorized disclosure  **Which of the following is a key aspect of maintaining data availability?** a) Protecting data from unauthorized disclosure b) Ensuring data accuracy c) Minimizing system downtime d) Implementing strong passwords **Answer:** c) Minimizing system downtime 

INFOSEC-1.docx - CIA Triad & Cyber Security

Document Details

Tags

Related

Summary

Full Transcript