Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

DRM TERMS > Unit 5 Attacks, Defence and Risk Based Digital Risk Management > Flashcards

Unit 5 Attacks, Defence and Risk Based Digital Risk Management Flashcards

(37 cards)

Start Studying
1
Q

Five defences in U.K. Cyber Essentials framework

A 
Use a firewall
Secure settings for devices and software
Control access to data and services
Protect from viruses and other malware
Keep devices and software up to date
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

14 point framework for defence

A
  1. Executive support
  2. Reduce attack surface
  3. Security architecture
  4. Classify information assets
  5. Zone the attack surface
  6. Remove low value data
  7. Use next-gen anti-malware
  8. Strong user access controls
  9. Dual authentication
  10. Patch promptly
  11. Other technical counter measures
  12. Set security settings high
  13. Educate users
  14. Ensure security requirements included and tested
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

7 root causes of Sony 2014 data breach

A

Not prepared for breach of this magnitude
Gaps in the defence layers
Patches not up to date
Non existent record retention and destruction procedures for emails increased impact
Information classification processes not in place
Disaffected employee????
No single point of accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

8 threat actors?

A 
Nation states
Terrorist groups
Organised criminal groups
Hactivist communities
Skilled professional hackers
Disaffected or opportunistic insiders
Amateur hackers and journalists
Anyone
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

2 ways to asses a threat actor?

A

Motivation and capability?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3 stages in risk management process,

A

Identify,
Evaluate and prioritise,
Manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

5 stages of typical cybersecurity approach?

A 
Identify
Protect
Detect
Respond
Recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

4TS

A

Tolerate,
treat,
transfer,
terminate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

3 key ingredients of cyber risk frameworks

A 
Ownership
	Who is accountable?
Lifecycle
	Identified, investigating, analyzing, treating, 
        monitoring, closed
Risk information
	Probability and impact
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

5 ways to treat a risk

A 
Prevention
Reduction
Acceptance
Contingency
Transfer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Six step risk based approach to cybersecurity management

A

Identify highest-value information targets first
Identify the digital assets that information needs to flow through and onto
Verify the business case for how and where information is needed
Consider the threats to the organization and the probability of them occurring
Minimise the footprint of any sensitive data, based on a business case
Then efficiently add the appropriate security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is phishing?

A

Using an electronic communication eg an email; to get information or install malware.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is spear phishing?

A

Targeted phishing pretending to come from a trusted source.

Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is polymorphic malware?

A

Malicious software that can change its attributes to help avoid detection. Mutation process can be automated so function of software continues but method of operation , location and other attributes change. Used in Sony data breach.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is SSL?

A

Secure Sockets Layer method for providing encrypted communication between two points in a digital landscape.
Cybersecurity for beginners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is drive by download?

Study These Flashcards
A

The unintended receipt of malicious software onto a device through an internet page electronic service or link. Victim is usually unaware.
Cybersecurity for beginners

17
Q

What do we mean by secure configuration?

Study These Flashcards
A

Ensuring that when settings applied to any item (device or Software) appropriate steps are taken to ensure default accounts are removed or disabled, shared accounts are not used and all protective and defensive controls use the strongest appropriate setting.
Cybersecurity for beginners

18
Q

What are default accounts?

Study These Flashcards
A

Generic user and password permissions often with administrative access that is provided as standard for some software applications and hardware for use during initial set up.
Cybersecurity for beginners

19
Q

What are access controls?

Study These Flashcards
A

Rules and techniques used to manage and restrict entry to or exit from a physical, virtual or digital area through use of permissions eg passwords, fingerprints, eye scans, physical tokens.
Cybersecurity for beginners

20
Q

What is patch management?

Study These Flashcards
A

Controlled process used to deploy critical interim updates to software. Patches are often released to remove flaws or gaps in a software’s security.
Cybersecurity for beginners

21
Q

What is two factor or multi factor authentication?

Study These Flashcards
A

Means using more than one form of proof to confirm the identity of person requesting access. In digital banking this is standard practice for instance you may need to put in a password but also receive a call on your mobile and are then asked to input another code. Methods can include something you know eg a password, something you have eg an access card or something you are eg fingerprint or facial recognition . Two or dual factor authentication would require proof from at least two categories.
Cybersecurity for beginners

22
Q

What is a honeypot?

Study These Flashcards
A

An electronic device or a collection of data which is designed to trap attackers. They are designed to look like the rest of our network or attack surface but contain nothing of value but will contain tools to help us identify the attackers, isolate and trace any intrusion.
Cybersecurity for beginners

23
Q

What is a honey network?

Study These Flashcards
A

A cluster of honeypots that operate together to detect intrusions to network.
Cybersecurity for beginners

24
Q

What is the dark web?

Study These Flashcards
A

Web sites that hide their server locations which makes it difficult to determine which organisations are behind the sites but they are publicly accessible and enable criminal elements to exchange information across the web without being detected.
Cybersecurity for beginners

25
What is a stacked risk?
Separate risks which accumulate to cause risks on one digital landscape to accumulate so that the overall impact is much larger than the individual components suggest. Mega data breaches such as the Sony data breach usually result from stacked risks in combination with a motivated attacker. Cybersecurity for beginners
26
What is MDM Mobile Device Management
Technology used to securely control operation of mobile devices eg able to wipe information from mobile device remotely or control what application can run. Cybersecurity for beginners
27
What is a closed application?
Collection of applications, systems and devices that can only communicate with each other. No connection to any component outside trusted group is permitted. Cybersecurity for beginners
28
What is a worm?
A form of malware that seeks to find other locations to which it can replicate . Protects the malware from removal and increase the area of the attack surface that is compromised. Cybersecurity for beginners
29
What is a micromort?
A unit of risk – one in a million chance of death used to measure risk of daily activities. Cybersecurity for beginners
30
What is hactivism?
An amalgamation of hacker and activism act of seeking unauthorised access to a device or network in order to promote a social or political agenda usually try to cause disruption and gain publicity. Cybersecurity for beginners
31
What is a hactivist?
An amalgamation of hacker and activist an individual who participates in hactivism, Cybersecurity for beginners
32
What is the threatscape?
Amalgamation of threat and landscape. An umbrella term to describe expected vectors/ methods and types of cyber attackers through or by which an organisation or individual may be attacked. Cybersecurity for beginners
33
What is the internet of things?
The incorporation of the internet into everyday things to allow them to network (communicate) with other network capable devices eg smart tvs, smart ovens, security cameras. Cybersecurity for beginners
34
What is materiality?
To have a level of significance or magnitude to be of concern. Cybersecurity for beginners
35
What is a risk register?
A central repository that contains entries for each significant loss or damage exposure, Used to track risks until impact has been managed. Cybersecurity for beginners
36
What is a risk assessment?
A systematic process for the detection of potential hazards or gaps in an existing or planned activity, asset, service, application, system or product. Cybersecurity for beginners
37
What do we mean by risk based?
An approach that considers the financial impact of failure along with its probability and proximity, to determine its comparative significance and priority for treatment. Cybersecurity for beginners

DRM TERMS (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions