Cybersecurity

Question 1

What are the reasons for a system attack? 1

Answer 1

• Fun/Challenge.
• Industrial espionage.
• Financial gain.
• Personal attack/revenge.
• Disruption.
• Data and information theft.

Question 2

What are the main external threats to data security? 2

Answer 2

• Hacking/Malware.
• DOS attacks.
• Phishing/Pharming.
• Social engineering/Shoulder surfing.
• Man-in-the-middle attacks.

Question 3

What are the main internal threats to data security? 3

Answer 3

• Untrustworthy sites/downloads.
• Unintended/Intended data discloure/leaking.
• Overriding of security.
• Portable storage.

Question 4

What are the system impacts of a security breach? 4

Answer 4

• Data may not be recoverable.
• Future profits, finances may be affected.
• Digital system downtime.

Question 5

What are the social/employee impacts of security breach? 5

Answer 5

• Damage to reputation.
• Reduced staff productivity.
• Legal action and fines against them.

Question 6

What are the benefits and drawbacks of physical security measures? 6

Answer 6

\+Difficult to remove locks.
\+Digital locks record user access.
-Keys/cards can be lost or copied.
-Expensive.
-Portable devices cannot be protected this way.

Question 7

What are the benefits and drawbacks of password security measures? 7

Answer 7

+Simple and cheap.

• Complex can be hard to remember.
• Do not protect from social engineering.
• Specialist software can deduce passwords.

Question 8

What are the benefits and drawbacks of biometric security measures? 8

Answer 8

+No need to remember.
+Unique to the individual.
-Expensive.
-Can be spoofed.

Question 9

What are the benefits and drawbacks of user access restrictions? 9

Answer 9

+Users can view without being allowed edits.

• Complex to set up and manage.
• Must be set to the correct level for everyone.

Question 10

What are the benefits and drawbacks of 2FA? 10

Answer 10

+Higher security level.
+Only need to remember password.
-Required additional hardware and software.

Question 11

What are the benefits and drawbacks of firewalls? 11

Answer 11

+Blocks malicious data.
+Easy to install, can be configured.
-Can be expensive and complex.
-Can block genuine traffic.

Question 12

What are the benefits and drawbacks of password remembering software? 12

Answer 12

+Protects against shoulder surfing.
+No need to remember passwords.
+Speeds up logins.
-Stolen devices become a huge security risk.

Question 13

What are the benefits and drawbacks of antivirus software? 13

Answer 13

+Protects well against known malware.

-Must be regularly updated for new signatures.

Question 14

What are the benefits and drawbacks of device hardening? 14

Answer 14

+Protects from a range of attacks.

-Requires up to date skilled technical staff.

Question 15

How can you harden a device? 15

Answer 15

• Restrict user access.
• Install firewall/security patches/antivirus.
• Remove old software and accounts.
• Use strong passwords, change default ones.

Question 16

What should a backup procedure include? 16

Answer 16

• Weekly/Daily?
• Automatic/Manual?
• Physical backups should be in a fireproof box, offsite.
• Recovery procedure for reinstating backups.

Question 17

What is encryption, what are its downsides? 17

Answer 17

• Sensitive data (files or whole disk) is scrambled.
• Data is lost if key is lost.
• Can be stolen if encryption is weak.

Question 18

What are the types of hacker? 18

Answer 18

• Black hat commits crimes for their own good.
• Grey hat commits crimes but not for personal gain.
• White hats are endorsed by companies and hack for a living to find security weaknesses.

Question 19

What are the benefits and drawbacks of pen testing? 19

Answer 19

\+Uses hacker methods, realistic insight.
\+Vulnerabilities can be fixed.
-Not always fully accurate.
-Expensive.
-Needs to be done regularly.

Question 20

What is covered by company security policies? 20

Answer 20

• Internet/Email usage.
• External and personal devices.
• Passwords.
• Software.
• Backup/Hardening.
• Disposal of equipment/data.

Question 21

What should a strong password policy advise? 21

Answer 21

\+Long passwords.
\+Letters/Mixed cases/Symbols/Numbers.
\+Change regularly.
-Single word, especially names.
-Write it down/share it.

Question 22

What are the issues with installing non-approved software? How can software rules be enforced? 22

Answer 22

• Licensing issues/cost. Malware infection risk. IT support issues and incompatability.
• Prevent installation, deny admin rights, white list allowed software.

Question 23

What types of disaster cause data loss? What should a disaster recovery policy cover? 23

Answer 23

• Cyberattack, data loss, equipment failure, natural disaster or terrorist attack.
• Back up process and frequency, where to operate from, recovery timeline.

Question 24

What do you do after an attack? 24

Answer 24

• INVESTIGATE: Type/Severity.
• RESPOND: Inform stakeholders/authorities.
• MANAGE: Contain the attack.
• RECOVER: Disinfect and restore.
• ANALYSE: Identify source, modify procedures.