Chp 9: Cybersecurity processes Flashcards
What are the three principles that cybersecurity policies should be based on according to AICPA?
- Protection - determining what to portect and the contorls required to protect them
- Detection - implementing systems for monitoring, recording and escalating threats once identified
- Response - both proactive and reactive measures, including specialist teams
What should an organisation’s cybersecurity policy consider?
5 items
- Hiring and developing personnale to manage the risks, including a Chief Information Officer
- The connection between cybersecurity and the organisations integrity and ethical values
- How the board is able to oversee cybersecurity risks
- Monitoring and reporting of performance by the board to ensure it is successful (someone must be accountable)
- A connection between cybersecurity risks and other risks within the organisation
What are three startegies to consider to help avoid being hacked?
- Reconnaissance - being aware of how you appear to others outside your organisation, do you appear vulnerable?
- Simulation - assume you will be hacked at some point and prepare for it
- Digital identity - find ways of identifying everyone and everything that interacts with you digitally
What do Transport Layer Security (TLS) certificates do?
Authenticate messages or transactions
Protects form the ‘Man in the Middle’, when two organisations are communciating but the messages are being intercepted
What are the following four types of encryption?
Digital Signature
Digital Envelope
Authentication
Dial-back security
- Digital Signature - encyrption by using private keys, ensuring th esneder is who they claim to be
- Digital Envelope - sending the key sperately to the encrypted message
- Authentication - adds an extra field to a record, ysing an algorithim that has been pre-agreed between the parties
- Dial-back security - requires someone to dial into a network and identify themselves, the sytem then dials them back in on an authorised number
What are the four business continuity arrangements that organisations should consider for their cybersecurity disaster planning?
- Hot back-up sites - duplicated versinos of hardware and software which are called into action as soon as disaster occurs (very expensive)
- Warm back-up sites - similar to hot ones but take longer to implement
- Cold back-up sites - provide locations for business continuity but take longer than wamr sites (cheapest)
- Mirror sites - a duplicate website used when there is excessive traffic or in response to a disaster (very expensive)
What are the four controls present in an information system?
- General controls - software and hardward: personnel controls, passwords etc.
- Application controls - Input controls (checking data entry), processing controls (reconciliations and control totals) and output controls (audit trails, suspense accounts and exception reports)
- Software controls - controls over the use of unauthorised software (buying from reputable suppliers, inspecting software)
- Network controls - protection from risks acorss any network (firewalls, encryption etc.)
What are the six steps recommended in ISO 27001 as best practice for organisations cybersecurity response?
- Methodology is agreed a cross the organisation to ensure consistency
- Assessment of all data risk is carried out
- A record of the treatment of risks (TARA)
- A report covering all results is produced
- The report is accredited by an auditor (a security profile showing all controls and their status)
- A risk treatment plan is compiled (what needs to be done, by who and when?)
What are seven potential outputs form cybersecurity monitoring systems?
- Informing regulators
- Identification of responsible staff
- Weaknesses in systems
- Consistent trends in events
- Trianing needs
- Policy changes needed
- Analysis of audit trails could also indicate a root cause
