Introducing Cybersecurity History & Standards Flashcards
To understand the origins, evolution, and key frameworks of cybersecurity. This deck helps you memorize historical milestones, foundational terminology, and major security standards that shape the cybersecurity landscape today. (21 cards)
What is the origin of the term “cybersecurity”?
It stems from “cybernetics,” used in the 1980s to describe protection of computing systems.
What major event in the 1980s led to greater awareness of cybersecurity threats?
The Morris Worm incident in 1988.
What does NIST stand for?
National Institute of Standards and Technology
What is the purpose of the NIST Cybersecurity Framework?
To provide a standardized approach to managing cybersecurity risk.
What are the 5 core functions of the NIST Cybersecurity Framework?
Identify, Protect, Detect, Respond, Recover
What is the CIA Triad?
Confidentiality, Integrity, Availability
How can you define hacking?
Hacking is the act of working within the confines of a system to produce unintended behavior.
What is malware short for?
Malicious Software
When did malware emerge?
Maleware emerged around 1983 during the public panic around The Cold War
What was the Morris Worm?
It was a significant malware that was developed in late 80’s and was originally created to map the size of the internet
What are Script Kiddies?
Script Kiddies are individuals who download a piece of code and run it without having to write any code themselves
What does APT stand for?
Advanced Persistent Threats
Why are APTs important?
APTs are capable of running entire cyber-campaigns, attempting to infiltrate their target across multiple domains simultaneously
What’s Cybercrime?
It’s any crime that uses or targets a computer.
What are the different types of cybercrime? How are they defined?
Extortion: Often in the form of ransomware
Fraud: This is a broad category & includes ID theft, scams retail fraud, phishing, etc.
Theft: Overall this is defined as stealing during a data breach, theft of services & resources, such as using other folks comps to mine cryptocurrency
What’s Digital Forensics?
It’s the process of gathering evidence of a cybercrime in a way that the evidence can be used in a court of law.
What are the different types of Specializations? What do they each deal with?
Disk Forensics: Investigates storage media (i.e., hard drives)
Memory Forensics: Investigates the live memory on a digital device
Network Forensics: Investigates network traffic
Mobile Forensics: Investigates mobile devices
Cloud Forensics: Investigates cloud environments
What’s the Computer Fraud & Abuse Act?
Is a law that’s used to prosecute cybercrime. Overall, the act makes it illegal to intentionally access a computer without authorization/to access a computer in a way that exceeds authorization that’s been granted.
What cybercrimes does the Computer Fraud & Abuse Act prosecute?
- Intrusion into networks & systems
- Malware attacks
- Theft of data & trade secrets
- Denial of service attacks (need to look into this. Have 0 idea what this is)
What are the different types of standard regulations for organizations?
HIPPA (Health Insurance Portability & Accountability Act)
GLBA (Gramm-Leach-Bliley Act)
PCI DSS (Payment Card Industry Data Security Standard)
Explain each NIST Framework
- ID: ID & understand the threats & risks the org is likely to face
- Protect: Protect the org’s assets from those threats & risks
- Detect: Detect incidents (i.e., cyberattacks/other major events)
- Respond: Respond to incidents, preventing further damage
- Recover: Recover from incidents, evaluating how to prevent reoccurence cleaning up any damage that’s occurred
