P3 - 8. Cybersecurity Risk

Question 1

What are the 3 drivers of the importance of security of data?

Answer 1

1. Commercial sensitivity
2. Competitive advantage
3. Legal duty to protect personal information

Question 2

What are the 4 objectives of cybersecurity?

Answer 2

1. Availability
2. Confidentiality
3. Integrity of data
4. Integrity of processing

Question 3

What are 4 of the biggest technology factors that impact of cyber security risk?

Answer 3

1. Outsourcing of IT
2. Use of mobile devices
3. Network structure
4. Dependence on emerging technologies

Question 4

What are 4 of the biggest organisational factors that impact of cyber security risk?

Answer 4

1. Structure and size of IT department
2. Types of user group
3. Geographic location (+ legal issues)
4. Organisational structure

Question 5

What is malware?

Answer 5

Software specifically designed to disrupt, damage or gain unauthorised access to a computer system

Question 6

What are the 5 main types of malware?

Answer 6

1. Virus
2. Worm
3. Trojan
4. Spyware
5. Ransomware

Question 7

What are the 3 main defences against malware?

Answer 7

1. Antivirus software
2. Regular updates
3. User vigilance

Question 8

What are application attakcs?

Answer 8

Targeting websites to alter their functionality and presentation or extract sensitive information

Question 9

What are the 4 main types of application attack?

Answer 9

1. Bot
2. Distributed Denial of Service
3. Cross site scripting
4. SQL injection

Question 10

What are the 3 main defences against application attacks?

Answer 10

1. Anti-bot software
2. Firewalls
3. Data validation fields

Question 11

What is a hacker?

Answer 11

A skilled computer programmer who circumvents and organisation’s security systems to access sensitive information

Question 12

What 2 factors are most likely to make an individual more susceptible to a social engineering attack?

Answer 12

1. Level of access
2. Routine

Question 13

What are the 3 aims of a cybersecurity policy?

Answer 13

1. Protect
2. Detect
3. Respond

Question 14

What 4 elements of governance can an organisation implement to help strengthen cybersecurity?

Answer 14

1. Establishing and communicating ethical values
2. Board oversight and commitment
3. Establishing accountability
4. Hiring and developing qualified personnel

Question 15

What 4 ways can an organisation ensure communication of their cyber security objectives?

Answer 15

1. Training and awareness programmes
2. Policy and procedures manual
3. Code of conduct
4. Promotion of whistle-blower hotlines

Question 16

What are the 4 main security control types?

Answer 16

1. Policies and procedures
2. Software updates
3. Configuration controls
4. Specialist software (e.g. firewall/anti-virus)

Question 17

What 3 areas could be monitored within a cyber security programme?

Answer 17

1. Monitor network traffic
2. Monitor user activity
3. Monitor all systems e.g. wireless systems

Question 18

What is Business Continuity Planning?

Answer 18

A proactive approach that allows the organisation to continue to operate while a cybersecurity threat is resolved

Question 19

What is disaster recovery planning?

Answer 19

A reactive approach that focuses on solely taking action to restore the organisation to its original position

Question 20

What is forensic analysis?

Answer 20

Detailed examination of systems relating to a particular breach or attempted breach

Question 21

What are the 2 types of malware analysis?

Answer 21

1. Reverse engineering (break down into parts)
2. Decompilation and disassembly (forensic analysis of parts)

Question 22

What is penetration testing?

Answer 22

Seeking out potential weaknesses in a system

Question 23

What are the 3 stages of penetration testing?

Answer 23

1. Network discovery
2. Vulnerability probing
3. Exploiting volunerabilities

Question 24

What are the 3 levels of software security?

Answer 24

1. Block
2. Alert
3. Protect sensitive data