Information Assurance - Pointers

Question 1

• kind of electronic signatures but harder to obtain.
• They follow a specific protocol, called Public Key Infrastructure(PKI) and require a certificate issued by Certificate Authority(CA) that can prove the identities of signers and validate the signatures.
• hold higher levels of trustworthiness and authenticity than eSignatures. So they are often used for more significant transactions.

Answer 1

Digital signatures

Question 2

• named as online signatures are a broader concept than digital signatures.
• use digital symbols to give legal authorization or approval for online transactions and agreements, which are the virtual alternatives to ink-on-paper signatures.

Answer 2

Electronic signatures

Question 3

common cybersecurity threats

Answer 3

1. Malware Attacks
2. Phishing Scams
3. Data Breaches
4. Ransomware
5. Social Engineering

Question 4

can go undetected for a prolonged period, leading to continuous exploitation of the compromised system

Answer 4

Malware

Question 5

refers to any software intentionally designed to cause damage to a computer, server, client, or computer network

Answer 5

Malware

Question 6

Malware includes:

Answer 6

1. viruses,
2. worms,
3. Trojans,
4. ransomware,
5. spyware
6. adware

Question 7

Once malware enters a system, it can

Answer 7

1. corrupt files,
2. steal sensitive data,
3. gain unauthorized access to the system.

Question 8

The potential impact of a malware attack is significant

Answer 8

1. system damage
2. data loss
3. severe financial losses

Question 9

are fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication

Answer 9

Phishing Scams

Question 10

typically involves a fake email or website that mimics a reputable organisation.

Answer 10

Phishing Scams

Question 11

The potential impact of a successful phishing scam

Answer 11

1. identity theft,
2. financial loss
3. unauthorized access to systems

Question 12

Data breaches can lead to a wide range of damaging effects

Answer 12

1. financial loss,
2. brand reputation damage,
3. intellectual property loss,
4. potential legal penalties

Question 13

Ransomware can cause

Answer 13

1. halt operations until the issue is resolved
2. cost of the ransom demanded
3. severe financial losses

Question 14

tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data.

Answer 14

Social Engineering

Question 15

be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.

Answer 15

Social Engineering

Question 16

The impact of social engineering

Answer 16

1. data breaches,
2. financial loss,
3. compromise in personal or business integrity.

Question 17

Common Vulnerabilities that exists in Cybersecurity

Answer 17

1. Weak or stolen credentials
2. Lack of encryption
3. Misconfigurations
4. Out-of-date software
5. Zero day
6. Poor input sanitization
7. Insider threats
8. Unauthorized access
9. Vulnerable API

Question 18

• Many people fail to create strong and unique passwords for each of their accounts.
• They often resort to poor password habits, such as reusing the same passwords across multiple accounts and creating weak ones that are easy to remember.
• Cybercriminals take advantage of weak login credentials and launch cyber attacks like brute force attacks that can steal these weak passwords.

Answer 18

Weak or stolen credentials

Question 19

If an organization doesn’t adequately encrypt its data, cybercriminals can intercept transmitted data, steal it and possibly use it to gain unauthorized access or plant malicious code, such as ransomware.

Answer 19

Lack of encryption

Question 20

• occur when network assets have vulnerable settings or disparate security controls.
• Systems that require manual configuration can have errors and gaps if improperly configured.
• Cybercriminals look for these misconfigurations to exploit and gain unauthorized access

Answer 20

Misconfigurations

Question 21

• Cybercriminals look for any bugs or flaws within software.
• They can exploit these flaws to gain unauthorized access and steal any sensitive data.
• However, updating software regularly will patch most flaws or bugs, particularly known vulnerabilities that cybercriminals are most likely to exploit.
• If an organization is running out-of-date software, it is susceptible to cyber threats.

Answer 21

Out-of-date software

Question 22

• vulnerabilities are software vulnerabilities that organizations and software vendors don’t yet know exist; therefore, they haven’t been patched.
• dangerous because there is no defense against them until someone discovers them.
• That someone can be an ethical security researcher – or a threat actor.

Answer 22

Zero day

Question 23

• process of checking and filtering input data to ensure it does not contain malicious code that could damage a system.
• Cybercriminals look for systems with poor input sanitization to inject malicious code that grants them access.

Answer 23

Poor input sanitization

Question 24

When users fall for phishing attacks or practice poor password hygiene, cybercriminals can compromise their login credentials. After compromising a user’s login credentials, cybercriminals can gain unauthorized access to an organization’s network.

Answer 24

Human error

Question 25

* occur within an organization when current or former employees, partners, contractors or vendors either intentionally or unintentionally put sensitive data and systems at risk. * This can be the result of negligent insiders who practice poor cyber hygiene or malicious insiders who steal sensitive data for their own benefit.

Answer 25

Insider threats

Question 26

* Organizations give their employees privileged access to resources needed to perform their jobs. * accidentally give some employees more access and permissions than they need. * This can create security risks if an employee abuses these permissions or their account gets compromised by a threat actor.

Answer 26

Unauthorized access

Question 27

Best Practices to strengthen the cybersecurity measures

Answer 27

1. Use strong passwords and multi-factor authentication. 2. Security-Based Software 3. Wi-Fi Security 4. Firewalls and Content Filtering 5. Patch Updates 6. Staff Education 7. Control access to sensitive information. 8. Monitor third-party users and applications.

Question 28

* An Application Programming Interface (API) is a digital interface that enables applications to communicate with each other over the internet or a private network. * Since APIs are assets with public IP addresses, cybercriminals can target and exploit them if they are not properly secured.

Answer 28

Vulnerable API

Question 29

* Regular internet users might be familiar with password requirements such as using uppercase and lowercase letters, symbols, and numbers to create a strong password. * Company systems and tools tend to have similar requirements. Some organizations might even provide complicated passwords to users to ensure maximum security.

Answer 29

Use strong passwords and multi-factor authentication

Question 30

Applying security to a business’s Wi-Fi network prohibits unauthorized people not associated with the company from gaining access to the company’s website or its systems. Cybersecurity professionals can even take this one step further and hide the network from outside entities

Answer 30

Wi-Fi Security

Question 31

A security program like antivirus software provides an initial layer of defense that cybercriminals must penetrate to gain access to a system.

Answer 31

Security-Based Software

Question 32

Firewalls allow cybersecurity professionals to efficiently analyze their company’s network traffic. This could make it easier for them to spot unusual or suspicious behaviors.

Answer 32

Firewalls and Content Filtering

Question 33

* Periodic training of employees on topics such as how to spot potential phishing schemes and what the proper software configurations are can help mitigate the threats posed by individuals unwittingly exposing the company’s systems. * This can include education on work-from-home safety practices for businesses with employees who work remotely

Answer 33

Staff Education

Question 34

* In every organization, the IT team is responsible for managing who gets access to information, and that includes controlling access to security passwords, highly classified information, and more. * At times, only a handful of people can be entrusted with the company’s financial data and trade secrets. Most employees are granted the fewest access rights possible, and sometimes given access only upon request or during specific circumstances.

Answer 34

Control access to sensitive information

Question 35

* Regularly scheduling patches helps to keep a program optimized. * It also ensures that cybersecurity professionals regularly analyze the performance of the system or software to uncover any unexpected vulnerabilities.

Answer 35

Patch Updates

Question 36

* Third-party users with access to your organization’s systems and applications have the ability to steal your data, whether or not it is intentional. Either way, they can cause cybersecurity breaches. * By monitoring user activity, taking care to restrict access to sensitive information, and providing one-time passwords, you can detect malicious activity and prevent breaches from occurring.

Answer 36

Monitor third-party users and applications.