Midterm

Question 1

List and describe the four pillars of Cybersecurity. How does the fourth pillar pertain to the other three pillars and what does a company risk by not focusing enough attention on the fourth pillar?

Answer 1

Confidentiality- the protection of information/systems/devices from unauthorized access or disclosure

Integrity- the protection of information/systems/devices from unauthorized modification

Availability- ensures the timely and reliable access to and use of information/systems/devices

Proof- the monitoring of all activity and the evidence that due care is taken

If companies don’t focus on the proof pillar then there may be new ways hackers can breach and companies wouldn’t know about it

Question 2

Why is successful Cybersecurity so hard? Four responses.

Answer 2

1) The struggle to keep up
2) Persistent and evolving threats
3) Rapidly changing technology
4) Changing and inconsistent regulations

Question 3

List and describe five approaches to defensive cyber security.

Answer 3

1) Brand/reputation protection
Reduced valuation, loss of clients or opportunities
2) National defense
National stability, international influence
3) Public trust
National stability, political influence
4) Due care
Mitigate the impact of fines and lawsuits in the event of a breach
5) Safety
Prevent loss of life or injury

Question 4

What are the requirements for cyber risk to exist?

Answer 4

Assets + Threats + Vulnerabilities = Risk

Question 5

What are the three components of Identity and Access Management (IAM) and how do they work together as a control?

Answer 5

Authentication Authorization and Accountability. The first two support integrity and accountability is proof.

Question 6

How does the Role Based Access Control Model (RBAC) work?

Answer 6

People with certain roles only have access to certain things based on their role.

Question 7

Describe four social engineering attacks?

Answer 7

1) Phone texting attacks
 Like a text message from your bank
2) Phone Phishing Attacks
 Phony Microsoft support calls
3) Flash drive drop
 Malware left on flash drive attacks your curiosity
4) Email attacks
 Can send malicious links and stuff to get you to provide sensitive information

Question 8

What are the six stages of the breach attack chain, what activities occur within each stage and why is so much emphasis placed on detecting these activities?

Answer 8

1) Reconnaissance and Planning
Public Information and Social Engineering
2) Initial compromise
Phishing
3) Command and Control
Establish foothold and install backdoors
4) Lateral Movement
Credential acquisition and vulnerability exploitation
5) Target Identification and Access
Staging systems
6) Exfiltration, Corruption and Disruption
Data theft, data or system modification, or system disruption

Question 9

Compare/contrast dropper and script malware?

Answer 9

Droppers have light weight code used as entry and to drop other code
Script are larger chunks of code that execute as soon as interacted with

Question 10

What are the fundamental differences between EU (GDPR) law and U.S. privacy law?

Answer 10

US has state and Federal Laws where as GDPR has international laws

Question 11

Describe the difference between sensitive and non-sensitive PII (U.S. standard). Provide examples of standalone and paired PII.

Answer 11

Sensitive PII can harm a person if the information is released, non-sensitive is information that is publicly available and not harmful.

Question 12

What are the safety concerns with signing onto public Wi-Fi networks, who are the threat actors, and what are some potential threat vectors that would be relevant in this case?

Answer 12

Information sent over the network isn’t secure, threat actors can be criminals or hackers and the vectors can be creating phony Wi-Fi points i.e. hotel pool WiFi

Question 13

What is meant by the “least privileged” principle?

Answer 13

Limiting access rights for users to the bare minimum permissions they need to perform their work.

Question 14

What is Due Care and how is it achieved?

Answer 14

Doing everything you can to protect your information I.e. updating antivirus software regularly and making secure passwords

Question 15

What factors (4 each) can increase or decrease the cost of a breach and why?

Answer 15

Increasing:

1) Use of Consultants
2) Rush to notify
3) Lost or Stolen devices
4) Third Party involvement

Reduction:

1) IR Teams
2) Employee training
3) Insurance Protection
4) Provisions for ID protection

Question 16

What are four threats to network data in transit and how do they map to CIAP? Give an example of each.

Answer 16

1) Interception (Confidentiality)
2) Fabrication (Integrity)
3) Modification (Integrity)
4) Interruption (Availability)

Question 17

Why is human safety within cyber security a concern?

Answer 17

They play the biggest role in cyber attacks and can be harmed easily due to loss of their data.

Question 18

Briefly describe how PKI works and what are the security benefits?

Answer 18

It enables secure e-commerce and other services through the integration of digital signatures and certificates to ensure CIA, non-repudiation and access control

Question 19

What is the castle and moat strategy and why is it no longer relevant?

Answer 19

Firewalls protect internal network but once broken into everything was accessible.
Not relevant anymore because data is everywhere now and doesn’t address insider threats.

Question 20

If control classes are categorized by People, Process, Technology & Physical, what are the four control types used in risk management? Provide an example of each.

Answer 20

1) Detective
 Controls that detect activity
2) Preventive
 Controls that prevent activity remediate a vulnerability
3) Response
 Control to respond to bad events
4) Administrative
 Policies

Question 21

Why is key distribution hard with symmetric encryption and easy with asymmetric encryption?

Answer 21

Symmetric is hard because key distribution makes it difficult especially on a large scale, which is something asymmetric can do better

Question 22

What privacy concerns should an individual research before accepting the privacy terms of a website?

Answer 22

How the company uses their data, see how they track your data, etc.

Question 23

What control functions does a firewall perform?

Answer 23

Firewalls detect discrepancies in network traffic and can stop them