Organizational Data

Question 1

details relating to buying and selling, production activities and basic organizational operations such as any information used to make employment decisions.

Answer 1

Transactional data

Question 2

patents, trademarks and new product plans, which allows an organization to gain economic advantage over its competitors. This information is often considered a trade secret and losing it could prove

Answer 2

Intellectual property

Question 3

income statements, balance sheets and cash flow statements, which provide insight into the health of a company.

Answer 3

Financial data

Question 4

a large network of physical objects, such as sensors, software and other equipment. All of these ‘things’ are connected to the Internet, with the ability to collect and share data. And given that storage options are expanding through the cloud and virtualization, it’s no surprise that the emergence of IoT has led to an exponential growth in data, creating a new area of interest in technology and business called ‘Big Data.’

Answer 4

IoT

Question 5

a model framework created in 1991 to help organizations establish and evaluate information security initiatives by considering all of the related factors that impact them. This security model has three dimensions

Answer 5

The McCumber Cube

Question 6

The McCumber Cube security model has three dimensions:

Answer 6

1. The foundational principles for protecting information systems.
2. The protection of information in each of its possible states.
3. The security measures used to protect data.

Question 7

a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure this include data encryption, identity proofing and two factor authentication.

Answer 7

Confidentiality

Question 8

ensures that system information or processes are protected from intentional or accidental modification. One way to ensure integrity is to use a hash function or checksum.

Answer 8

Integrity

Question 9

authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups.

Answer 9

Availability

Question 10

data that is being used to perform an operation such as updating a database record (data in process).

Answer 10

Processing

Question 11

data stored in memory or on a permanent storage device such as a hard drive, solid-state drive or USB drive (data at rest).

Answer 11

Storage

Question 12

data traveling between information systems (data in transit).

Answer 12

Transmission

Question 13

the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems.

Answer 13

Awareness, training and education

Question 14

the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents.

Answer 14

Technology

Question 15

the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines.

Answer 15

Policy and procedure

Question 16

a group of linked servers providing data storage, databases, networking, and software through the Internet

Answer 16

cloud cluster

Question 17

an incident that results in unauthorized access to data, applications, services or devices, exposing private information that attackers can use for financial gain or other advantages.

Answer 17

security breach

Question 18

individuals or groups who attempt to exploit vulnerability for personal or financial gain

Answer 18

Attackers

Question 19

3 categories of attackers

Answer 19

1. White hat
2. Gray hat
3. Black hat

Question 20

amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks

Answer 20

script kiddies

Question 21

This group of attackers break into computer systems or networks to gain access

Answer 21

hackers

Question 22

break into networks or computer systems to identify any weaknesses so that the security of a system or network can be improved. These break-ins are done with prior permission and any results are reported back to the owner.

Answer 22

White hat attackers

Question 23

set out to find vulnerabilities in a system but they will only report their findings to the owners of a system if doing so coincides with their agenda. Or they might even publish details about the vulnerability on the internet so that other attackers can exploit it.

Answer 23

Gray hat attackers

Question 24

take advantage of any vulnerability for illegal personal, financial or political gain.

Answer 24

Black hat attackers

Question 25

These attackers include organizations of cyber criminals, hacktivists, terrorists and state-sponsored hackers. They are usually highly sophisticated and organized, and may even provide cybercrime as a service to other criminals.

Answer 25

Organized hackers

Question 26

make political statements to create awareness about issues that are important to them.

Answer 26

Hacktivists

Question 27

gather intelligence or commit sabotage on behalf of their government. They are usually highly trained and well-funded and their attacks are focused on specific goals that are beneficial to their government.

Answer 27

State-sponsored attackers

Question 28

the use of technology to penetrate and attack another nation’s computer systems and networks in an effort to cause damage or disrupt services, such as shutting down a power grid.

Answer 28

Cyberwarfare

Question 29

primarily spreads via USB sticks. Non-internet connected systems that then propagate by escalating privilege levels through zero day exploits. Notable for the fact that true zeros are special and they're only valuable for a short period of time. Very expensive, very hard to come by.

Answer 29

non-trivial distribution

Question 30

This is an intelligent worm initially targeting Windows computers, where it even installs its own drivers using a stolen, but legitimate certificate. The offending certificate gets revoked, of course, but then another one gets added within 24 hours

Answer 30

Sophistication

Question 31

This thing can get new tires while still on the road and multiple control servers. Now more including peer-to-peer. When two run into each other, they compare versions and make sure that they're both updated.

Answer 31

modular coding

Question 32

PLC

Answer 32

programmable logic controller

Question 33

These are small embedded condustrial control systems that run all sorts of automated processes. will leverage a vulnerability in the controller software to reach in and change very specific bits of data. Shut things off.

Answer 33

unique targeting