Chapter 8 - Cyber security threats

Question 1

What is cyber risk?

Answer 1

Cyber risk is the risk of financial loss, disruption, or damage to the reputation of an organisation caused by issues with information technology system it uses

Question 2

What are the three main forms of sensitive information that an organisation may hold?

Answer 2

Personal information
Business information
Classified information - held by government and could harm national security if discovered

Question 3

What are the cyber security objectives?

Answer 3

Availability
Confidentiality
Integrity of data
Intergrity of processing

Question 4

What is malware?

Answer 4

Term used to describe different types of malicious software, regardless of the purpose

Question 5

What is ransomware?

Answer 5

Software that prevents access to data until a ransom is paid

Question 6

What is botnets?

Answer 6

Network of infected computers that are under control of an attacker

Question 7

What is spyware?

Answer 7

Malware that is designed to spy on the victim and report back to attacker

Question 8

What is trojans?

Answer 8

Legitimate software that secretly contains and releases malicious software onto a system

Question 9

What is malvertising?

Answer 9

Online advertising that has malicious software written into its code

Question 10

What is a virus?

Answer 10

Malware that replicates itself and spreads through programs, files and data

Question 11

What are some common types of application attacks?

Answer 11

Denial of service attack
Distributed denial of service attack
SQL (Structured Query Language) injection
Cross-site scripting attacks
Man in the middle
Buffer overflow attack

Question 12

What is a denial of service attack?

Answer 12

Attempt to overwhelm an applications resources to prevent is from working

Question 13

What is distributed denial of service attack?

Answer 13

DDoS is where the source is from a number host machines, usually linked to Botnets under the control of an attacker

Question 14

What is Structured Query Language injection?

Answer 14

SQL is a request for something of a database

Question 15

What is cross-site scripting attacks?

Answer 15

Occurs when malicious code is transmitted from a website and can access the victims’ data

Question 16

What is the man in the middle?

Answer 16

When the application is compromised so that the users believe they are communicating directly as normal, but someone is intercepting the communications and potentially changing them

Question 17

What is buffer overflow attack?

Answer 17

Attack that overwhelms a systems resources.

Question 18

What is hacking?

Answer 18

Gaining of unauthorised access to a computer system

Question 19

What are unethical hackers?

Answer 19

Stereotypical hacker that accesses a system without permission with malicious intent

Question 20

What are ethical hackers?

Answer 20

Attempt to access an organisations systems with permission from the organisation to help them understand weaknesses

Question 21

What is social engineering?

Answer 21

Manipulation of people to make them perform specific actions or reveal confidential information

Question 22

What are the six principles that Dr Robert Cialdini identified to persuade or influence someone?

Answer 22

Reciprocity
Scarcity
Authority
Consistency
Liking
Consensus

Question 23

What is phishing?

Answer 23

Use of fradulent communications to steal sensitive information

Question 24

What is spear phishing?

Answer 24

Phishing attempt targeted at a specific individual who is deemed to have specific information or priveleged access to something

Question 25

What is business email compromise?

Answer 25

Involves impersonating an identity and asking for a particular action to happen

Question 26

What is domain fraud?

Answer 26

Where a phishing email comes from an email that looks to be legitimate, but the domain is actually fake

Question 27

What is the risks to organisations from social media?

Answer 27

Human error Productivity Data protection Hacking Reputation Inactivity Costs

Question 28

What are the social media risks to individuals?

Answer 28

Going viral Trolling Employment Legal sanction Physical theft Identity fraud Permanence

Question 29

What are the changeover method of how changing systems can be undertaken by organisations?

Answer 29

Direct Parallel Pilot Phased

Question 30

What is the direct changeover method?

Answer 30

Old system switched off and new system switched on Cheap but risky

Question 31

What is the parallel changeover method?

Answer 31

Old and new system run together for some time, until it is felt safe to switch off the old Costly but less risky

Question 32

What is the pilot changover method?

Answer 32

One part of the business change over first and then plans rolled out to the rests of the business

Question 33

What is the phased changeover method?

Answer 33

Introduce new system one part of the business at a time Less risky but takes longer

Question 34

What are some impacts of cyber breaches?

Answer 34

Downtime Customer flight Reputation damage Legal consequences