Lecture 1a Flashcards
(21 cards)
What is security?
To be free from danger which is the goal of security The process that achieves that freedom As security is increased convenience is often decreased The more secure something is the less convenient it may become to use
What does information security describe?
Information security describes the tasks of securing digital information whether it is manipulated by a microprocessor preserved on a storage device or transmitted over a network
What are the three types of information protection?
Confidentiality Only approved individuals may access information Integrity Ensures information is correct and unaltered Availability Ensures information is accessible to authorised users
What is Cybersecurity?
Cybersecurity protects computer systems networks and digital information from theft damage unauthorised access and other cyber threats It has become critical to ensuring information Confidentiality Integrity and Availability It is an evolving field due to the constant development of new technologies and cyber threats The aim is to create a secure digital environment that allows individuals organisations and governments to operate safely and protect sensitive information from unauthorised access or malicious activities
Who are threat actors?
A threat actor is an individual or entity responsible for cyber incidents against technology equipment Financial crime is divided into categories based on targets Individual users Enterprises Governments There are black hat hackers White hat hackers and Gray hat hackers Other hacker types include Blue hat Red hat Green hat and others
What are script kiddies?
Individuals who want to perform attacks yet lack the technical knowledge They use automated attack software downloaded freely
Who are hacktivists?
Individuals motivated by ideology who break into websites or disable online services as a political statement
What are insider threats?
Employees contractors and business partners who manipulate data from within the enterprise These attacks are harder to recognise and include theft sabotage and espionage
Who are state actors?
Governments employing attackers for cyberattacks often involved in multiyear campaigns targeting sensitive information This is called Advanced Persistent Threat or APT
What are some other threat actors?
Competitors Criminal syndicates Shadow IT Brokers Cyberterrorists
What is a vulnerability?
The state of being exposed to the possibility of being attacked or harmed Vulnerabilities include platforms configurations third parties patches and zero-day vulnerabilities
What is a weak configuration?
Settings that are not properly implemented such as default passwords open ports unsecured accounts open permissions unsecure protocols weak encryption and errors
What are third party vulnerabilities?
Risks from external entities used by businesses such as outsourced code development or data storage Connectivity with third parties is a weak link risk
What are patches?
Updates to software or firmware that can themselves create vulnerabilities due to delays or difficulty patching
What is a zero-day vulnerability?
A vulnerability exploited by attackers before anyone knows about it providing zero days warning and considered very serious
What is an attack vector?
A pathway a threat actor uses to penetrate a system including email wireless removable media direct access social media supply chain and cloud
What is social engineering?
A method of eliciting information by exploiting human weaknesses using trust confidence evasion and diversion
What are some social engineering techniques?
Impersonation Phishing (including spear phishing whaling vishing smishing) Redirection Spam Spim Hoaxes Watering hole attacks
What are some physical social engineering procedures?
Dumpster diving Tailgating Shoulder surfing
What are impacts of successful attacks?
Data loss Data exfiltration Data breach Identity theft Effects on organisation productivity financial loss and reputation
What are consequences of data attacks?
Data loss destroying data Data exfiltration stealing data Data breach disclosing data without authorisation Identity theft impersonating someone
