Untitled Deck Flashcards by Jenna Thorpe

How well did you know this?

Not at all

Perfectly

What are the four categories of security mechanisms?

Technical, Managerial, Operational, Physical

How well did you know this?

Not at all

Perfectly

What is a Technical security mechanism?

Hardware or software used to manage access to resources and systems

How well did you know this?

Not at all

Perfectly

Give an example of a Technical security mechanism.

Encryption, smart cards, passwords, biometrics, access control lists (ACLs), firewalls

How well did you know this?

Not at all

Perfectly

What does Managerial security focus on?

Policies and procedures defined by an organization’s security policy

How well did you know this?

Not at all

Perfectly

Provide an example of a Managerial security measure.

Policies, procedures, vendor management, hiring practices

How well did you know this?

Not at all

Perfectly

What is the purpose of Operational security measures?

Ensure day-to-day operations comply with overall security

How well did you know this?

Not at all

Perfectly

List two examples of Operational security procedures.

Backup and recovery procedures
Awareness training

How well did you know this?

Not at all

Perfectly

What does Physical security aim to protect?

The facility and real-world objects

How well did you know this?

Not at all

Perfectly

Name a type of Physical security mechanism.

Guards, mantraps, fences, lights, motion detectors

How well did you know this?

Not at all

Perfectly

What is a Preventive security control?

Deployed to prevent or stop unwanted or unauthorized activity

How well did you know this?

Not at all

Perfectly

Give an example of a Preventive security control.

Fences, locks, biometrics, alarm systems

How well did you know this?

Not at all

Perfectly

What is the purpose of Deterrent security controls?

Discourage violation of security policies

How well did you know this?

Not at all

Perfectly

List two Detective security controls.

Security guards
Intrusion detection systems

How well did you know this?

Not at all

Perfectly

What measures are included in Corrective security controls?

Fixing vulnerabilities or mitigating damage after incidents

How well did you know this?

Not at all

Perfectly

What is a Compensating security control?

Provides options to aid in enforcement of security policies

How well did you know this?

Not at all

Perfectly

What do Directive security controls aim to do?

Guide behavior and enforce compliance with security policies

How well did you know this?

Not at all

Perfectly

True or False: A single security control can be classified as multiple types.

True

How well did you know this?

Not at all

Perfectly

What does the CIA Triad stand for?

Confidentiality, Integrity, Availability

How well did you know this?

Not at all

Perfectly

Define Confidentiality in the context of security.

Ensures sensitive data is only accessible to authorized users

How well did you know this?

Not at all

Perfectly

What is one method to maintain Confidentiality?

Encryption, access controls, passwords

How well did you know this?

Not at all

Perfectly

What is the purpose of Availability in security?

Ensures systems and data are accessible to authorized users

How well did you know this?

Not at all

Perfectly

List two strategies to enhance Availability.

Backup and recovery
Redundant Internet connections

How well did you know this?

Not at all

Perfectly

What does Integrity ensure regarding information?

Keeps information correct and unaltered

How well did you know this?

Not at all

Perfectly

Give an example of a technique used to verify Integrity.

Checksums or digital signatures

What is Non-repudiation in security?

Ensures actions cannot be denied by the person or system performing them

Name a method that provides Non-repudiation.

Digital signatures, audit logs

Fill in the blank: _______ ensures that sensitive data is only accessible to authorized people.

Confidentiality

Fill in the blank: _______ involves measures taken to fix vulnerabilities after a security incident.

Corrective

Fill in the blank: _______ security mechanisms are focused on providing protection to physical facilities.

Physical

ZERO TRUST

An approach to security architecture in which no entity is trusted by default. Based on three principles:

Assume breach

Verify explicitly

Least privileged access

Also known as “never trusty

always verify” replacing the old concept of “trust by verify”

Addresses the limitations of the legacy network perimeter-based security model.

Assumes compromise / breach in verifying every request.

Nothing is trusted by default even inside the private “trusted network”

ACCESS POLICY ENFORCEMENT

Policy Enforcement Point (PEP)

Responsible for enabling

monitoring

Acts as the gateway that enforces access control policies.

When an access request occurs

the PEP evaluates the request against predefined policies and applies the necessary controls.

Policy Decision Point (PDP)

Where access decisions are made based on various factors such as user identity

device health

Evaluates the context of an access request and decides whether it should be allowed

denied

Considers the 5 W’s (who

what

In short

the PEP enforces policies at the connection level

CONTROL PLAN

DATA PLAN

Adaptive identity :

Changes the way the system asks a user to authenticate based on context of the request

Example: location

device

Implicit trust zones:

Part of traditional security approach which firewalls and other security devices formed a perimeter. Systems belonging to the org were placed inside this boundary

Threat scope reduction :

An end goal of ZTNA

which is to decrease risks to the organization.

subject/system:

Subject refers to the entity (e.g. user

device

user

device

System refers to the resource or service the subject is attempting to access.

Examples: database

cloud services

Policy-driven access control :

Controls based upon a user’s identity rather than simply their system’s location.

Policy enforcement point:

When a user or system requests access to resource

the PEP evaluates it against predefined policies and applies the necessary controls.

Example: NAC Solution

Cloud CASB

Policy administrator :

Responsible for communicating the decisions made by the policy engine

Policy engine :

Decides whether to grant access to a resource for a given subject

PA + PE = PDP

Drives the policy-based decision logic for zero trust

Enforces the decision defined in control plane

PHYSICAL SECURITY

Definition: physical security is the protection of physical assets

including hardware

Importance: strong physical security is crucial for information security as it prevents unauthorized access to sensitive data and infrastructure.

Key components:

Access control: implementing measures to restrict access to authorized personnel only

such as: Biometric authentication (fingerprint

Perimeter security: protecting the physical boundaries of the facility

such as: fences and barriers

Environmental controls: maintaining optimal environment conditions for hardware and data

including: climate control

BOLLARDS

Definition: bollards are sturdy

vertical posts installed to block vehicles or unauthorized personnel from accessing restricted areas.

Purpose: they prevent physical breaches

such as ramming attacks

Examples of Use: Protecting server rooms

data centers

Material: typically made of steel or reinforced concrete for durability and impact resistance.

Integration: often used alongside access control systems like gates or barriers for comprehensive perimeter security.

ACCESS CONTROL VESTIBULE

An access control vestibule refers to a mechanism or process that provides controlled entry to secure areas or systems. Here’s a brief explanation:

Intermediate access point: acts as a transitional space between an unsecured area and a secure one

like an airlock in physical security.

Verification layer: enforced multi-factor authentication

identity verification

Mitigation of tailgating or piggybacking: prevents unauthorized users from accessing secure areas by ensuring each subject undergoes individual verification.

Granular access control: limits access based on specific roles

policies

FENCES

Definition: fences are barriers designed to prevent unauthorized physical access to a specific area

typically around facilities

Purpose: they server as the first line of defense by creating a clear boundary between secure and public areas.

Deterrent: visible fences discourage intrusions and signal that the area is protected.

Types: fences can vary based on security needs

including chain-link

Integration: often paired with additional security measures like surveillance cameras

motion sensors

LIGHTING

Deterrence: well-lit areas discourage unauthorized access and criminal activities by increasing the risk of detection.

Visibility: enhances visibility for security personnel

CCTV cameras

Access control: illuminates entry points such as doors

gates

Safety: reduces accidents and hazards for authorized personnel by improving navigation in dark areas.

Strategic placement: critical in high-risk zones

such as perimeters

Integration with Technology: works in conjunction with motion sensors

CCTV

TYPES OF SENSORS

Infrared: detects heat signatures in the form of infrared radiation emitted by people

animals

Integrated into security cameras and alarm systems to improve detection capabilities.

Pressure: designed to detect changes in pressure on a surface or in a specific area

such as a person walking on a floor or stepping on a mat.

Used in access control systems to ensure that only authorized individuals can enter.

Microwave: uses microwave technology to detect movement within a specific area.

Often used with other types of sensors to reduce false alarms.

Ultrasonic: emits high-frequency sound waves and measure the time it takes for the sound waves to bounce back after hitting an object or surface.

Commonly used in parking assistance

robotic navigation

DECEPTION TECHNOLOGIES HONEYPOT & HONEYNET

Honeypot

Decoy systems designed to attract and trap attackers.

Mimic real vulnerabilities to lure cyber threats.

Used to study attackers’ techniques and tools.

Provide early warnings for emerging threats.

Help organizations improve security defense.

Honeynet

A network of interconnected honeypots.

Simulates an entire system environment for attackers.

Collects comprehensive data on cyber threats.

Deploys and distracts attackers from real assets.

Used in advanced threat intelligence and research.

HONEY FILES & HONEY TOKENS

Honey File

Decoy file designed to attract attackers.

Placed in strategic locations to monitor unauthorized access.

Triggers alerts when accessed and modified.

Honey Token

Decoy data (e.g. fake credentials

API keys).

Embedded in systems or documents to track misuse.

Generates alerts when used

indicating a breach.

CHANGE MANAGEMENT & CONFIGURATION MANAGEMENT

Change Management

A structured process to plan

evaluate

Ensures minimal disruption

proper documentation

Configuration Management

The process of maintaining and controlling the settings of IT systems.

Ensures consistency

traceability

CHANGE MANAGEMENT & CHANGE CONTROL

Change Control

A subset of change management focused on evaluating

approving

Ensures changes are assessed for risks and align with organizational policies.

Difference

Change Management: Broader process covering planning

communication

Change Control: A step within change management

ensuring each change is reviewed and approved before implementation.

BUSINESS PROCESSES IMPACTING SECURITY OPERATIONS

A change management program should address important business process issues

including:

Approval process

Ensures changes are reviewed and authorized to prevent unauthorized modifications.

Ownership

Clearly defines responsibility for implementing and managing changes securely.

Stakeholders

Involves relevant parties to address security

operational

Impact analysis

Assesses now changes affect security

systems

Test Results

Validates the security and functionality of changes before deployment.

Backout plan

Provides a strategy to revert changes if issues or risks arise.

Maintenance Window

Allocates a secure time frame to implement changes with minimal disruption.

Standard operating procedure (SOP)

Defines consistent

secure methods for executing changes.

TECHNICAL IMPLICATIONS

There are several technical implications that should be considered as part of the change management process.

Allow Lists/Deny Lists

Changes may require updates to security policies or firewall rules.

Impact: Modifications can affect system access or communication

potentially causing disruptions.

Restricted Activities

Specific activities may be limited to authorized personnel only.

Impact: can slow down change processes and affect efficiency.

Downtime

Changes may require planned downtime to prevent conflicts and ensure stability.

Impact: Downtime must be scheduled carefully to minimize business disruptions.

DOCUMENTATION

The process of documentation current state of and changes to the operating environment.

Records all aspects of the change process

including planning

Ensures traceability by documenting the reasons

risks

Facilitates accountability

allowing teams to review and analyze past changes.

Supports compliance by maintaining detailed logs for audits and regulatory requirements.

Helps in future planning by providing insights for similar changes.

VERSION CONTROL

Tracks changes to files

documents

Helps manage updates and ensures the integrity of configurations

software

Facilities collaboration

allowing multiple users to work on the same files without conflicts.

Enables rollback to previous versions in case of errors or security issues.

Critical for secure development by managing changes to sensitive files and maintaining audit trails.

PUBLIC KEY INFRASTRUCTURE (PKI)

PKI (Public Key Infrastructure) is a system used to manage digital keys and certificates for secure communication.

Purpose: Ensures that data transmitted over the internet is encrypted

secure

Components:

Public Key: shared key used for encryption.

Private Key: secret key used for decryption

kept secure.

Digital certificates: verify the identity of users and devices.

CA & CHAIN OF TRUST

CA (Certificate Authority)

A trusted organization that issues and manages digital certificates.

Verifies the identity of entities (e.g. users

websites) before issuing certificates to ensure secure communication.

Chain of Trust

A sequence of trusted certificates that starts from a root CA and ends at the end-entity certificate.

Ensures the validity of digital certificates by verifying each certificate’s authenticity in the chain.

If each link in the chain is trusted

the entire certificate is trusted.

CRL (Certificate Revocation List)

Definition: A list of digital certificates that have been revoked before their expiration.

Purpose: Allows systems to check if a certificate is still valid or has been compromised.

Managed by CA: The Certificate Authority maintains and updates the CRL.

Revocation Reasons: Certificates may be revoked due to compromise

expiration

Usage: Helps ensure trust by preventing the use of invalid or compromised certificates.

ONLINE CERTIFICATE STATUS PROTOCOL (OCSP) & CERTIFICATE SIGNING REQUEST

OCSP (Online Certificate Status Protocol)

A protocol used to check the status of a digital certificate in real-time.

Provides information on whether a certificate is valid

revoked

More efficient than checking certificates revocation lists (CRLs) as it reduces the need for large data downloads.

CSR (Certificate Signing Request)

A message sent to a Certificate Authority (CA) to request a digital certificate.

Contains information about the entity (e.g. domain name

public key) requesting the certificate.

Must be generated before obtaining an SSL/TLS certificate for securing communications.

CERTIFICATE TYPES

User Certificate: Authenticates an individual user’s identity for secure access.

Root Certificate: The foundation of a trust hierarchy

issued by a Certificate Authority (CA).

Domain Validation (DV) Certificate: Confirms ownership of a domain

providing basic encryption.

Extended Validation (EV) Certificate: Provides the highest level of trust by verifying the organization’s identity.

Wildcard Certificate: Secures a domain and all its subdomains under a single certificate.

Code Signing Certificate: Ensures software code integrity and authenticity.

Self-Signed Certificate: Created by the entity itself

not issued by a trusted CA

Machine/Computer Certificate: Used to identify and authenticate devices within network.

Email Certificate: Secures email communication with encryption and digital signatures.

Third-Party Certificate: Issued by an external CA to validate trust for non-affiliated entities.

Subject Alternative Name (SAN) Certificate: Secures multiple domain names and subdomains in a single certificate.

LEVELS OF ENCRYPTION

File Encryption: Protects individual files by encrypting their content

ensuring only authorized users with the correct decryption key can access them.

Example: Encrypting a document with a password.

Volume Encryption: Encrypts a specific logical storage space or partition

securing all data within that volume while leaving other parts of the disk accessible.

Example: Encrypting the “D:” drive in Windows.

Disk Encryption: Encrypts the entire storage device

including system and non-system files

Example: Full disk encryption with BitLocker.

DATA PROTECTION AT REST DRIVE ENCRYPTION

Full Disk Encryption (FDE): Encrypts the entire contents of a storage drive

including the operating system and user data

Example: BitLocker or FileVault.

Self-Encrypting Drive (SED): A hardware-based encryption method where the drive itself automatically encrypts and decrypts data using a built-in encryption module

providing seamless and fast encryption. Anything that is written to that drive is automatically stored in encrypted form.

Example: Samsung T7 SED.

DATA PROTECTION AT REST

Cloud Storage Encryption: Encrypts data stored in the cloud

at rest ensuring unauthorized access is prevented.

Example: AWS S3 server-side encryption.

Transparent Data Encryption (TDE): Encrypts database files automatically at the storage level

protecting data at rest while allowing authorized applications to access it seamlessly.

Example: Microsoft SQL Server TDE.

DATA PROTECTION IN TRANSIT

SSL (Secure Sockets Layer): Encrypts data transmitted between a user’s device and a server

preventing unauthorized access or interception during transit.

Example: Encrypting email communication.

HTTPS (Hypertext Transfer Protocol Secure): A secure version of HTTP that uses SSL/TLS to encrypt web traffic

ensuring secure communication between a browser and a website.

Example:Accessing a banking site via https://.

DATA PROTECTION IN USE

Protection of Data in Use (or During Processing): Refers to safeguarding data while it is being actively accessed

processed

How it is Done:

Secure Enclaves: Isolates sensitive computations in a hardware-protected (e.g. Intel SGX).

Homomorphic Encryption: Allows computations on encrypted data without decrypting it.

Access Controls: Restrict who or what can process the data to ensure only authorized entities access it.

SYMMETRIC VS ASYMMETRIC

Symmetric Encryption

Uses the same key (shared secret) for both encryption and decryption.

Fast and efficient.

Less scalable.

Requiring secure key sharing.

Example: AES (Advanced Encryption Standard)

Asymmetric Encryption

Uses a pair of keys - a public key & private key pair

Slower compared to Symmetric key encryption

Supports scalability and Key distribution

Viding secure key exchange but being slower.

Example: RSA (Rivest-Shamir-Adleman).

ASYMMETRIC KEYS USAGE

Key Sharing

Public keys are shard among communicating partners

Private keys are kept secret by each partner

Data Encryption

For encryption use the recipient’s public key

For decryption the recipient’s uses his/her own

Digital Signature

Use your own private key to sign a message

Use the sender’s public keys to validate the signature

USE CASES OF SYMMETRIC & ASYMMETRIC ALGORITHMS

Symmetric

Data at rest encryption: Used for bulk data encryption such as database and full disk encryption

VPN traffic encryption: Securing data transmitted through VPNs.

Example: Using AES for tunneling protocols like IPSec VPN.

Asymmetric

Secure Key Exchange: Exchanging symmetric keys securely over an untrusted network.

Example: RSA used in TLS handshakes. Use the sender’s public keys to validate the signature

Digital Signatures: Verifying the authenticity of a message or document.

Example: Signing an email using an RSA private key.

BLOCK AND STREAM CIPHERS

Block Ciphers:

Encrypts data in fixed-size blocks (e.g

128 bits).

Processes plaintext in chunks

applying the same encryption algorithm to each block.

Example: AES (Advanced Encryption Standard).

Slower but more secure for bulk data encryption.

Stream Ciphers:

Encrypts data one bit or byte at a time

continuously.

Typically faster and more efficient for real-time applications.

Example: RC4 (Rivest Cipher 4).

Often used in applications requiring high-speed encryption like audio and video streaming.

TRUSTED PLATFORM MODULE (TPM)

Definition: A dedicated microchip designed to secure hardware by storing cryptographic keys and other sensitive data.

Data Protection: Protects against unauthorized access and tampering by securely storing encryption keys

passwords

Secure Boot: Ensures only trusted software runs on a system during startup by verifying the integrity of the boot process.

Use Cases: Full disk encryption (e.g. bitlocker)

digital right management (DRM)

Compliance: helps meet security standards like GDPR and enhances enterprise security posture.

HARDWARE SECURITY MODULE (HSM)

Definition: A physical device used to generate

store

Purpose: Provides high-level protection for sensitive data

ensuring secure encryption and decryption operations.

Uses: common in industries like banking

government

Security: Resistant to tampering and physical attacks

ensuring data integrity and confidentiality.

Compliance: Often used to meet regulatory standards like FIPS 140-2 for cryptographic security.

KEY MANAGEMENT SYSTEM (KMS)

Centralized Management: Manages cryptographic keys for encryption

decryption

Security: Ensures secure generation

storage

Compliance: Helps organizations meet regulatory requirements (e.g.

PCI DSS

Automation: Automates key rotation

expiration

Integration: Often integrates with other security systems like encryption solutions and digital certificate authorities.

SECURE ENCLAVE

Isolated Environment: A hardware-based

isolated execution environment within a processor that protects sensitive data.

Encryption: Data processed inside the enclave is encrypted and never exposed to the rest of the system.

Integrity: Ensures data integrity and confidentiality even from privileged users or malware.

Use Cases: Commonly used for secure computations

cryptocurrency wallets

Example: Intel SGX (Software Guard Extensions) and Apple’s Secure Enclave.

STEGANOGRAPHY

Definition: The practice of concealing secret information within non-suspicious data (e.f. Images

audio

Purpose: Used to hide the existence of a message

making it undetectable to unauthorized users.

Techniques: Common methods include hiding data in the least significant bits of an image or audio file.

Applications: Employed for covert communication

digital watermarking

Difference from Encryption: Unlike encryption

which makes data unreadable

TOKENIZATION

Data Replacement: Replaces sensitive data (e.g.

credit card numbers) with unique

Security: Reduces the risk of data breaches by ensuring sensitive data is never stored or transmitted.

Irreversibility: Tokens cannot be reversed back to the original data without access to the secure tokenization system.

Compliance: Helps meet compliance requirements (e.g.

PCI DSS) by securing sensitive data.

Usage: Common in payment processing

healthcare

PSEUDONYMIZATION & ANONYMIZATION

Pseudonymization:

Replaces identifiable data with pseudonyms (e.g.

code numbers or aliases).

Allows re-identification if additional information is available.

Retains some data utility for processing while enhancing privacy.

Example: Replacing a name with a user ID.

Anonymization:

Removes all personally identifiable information (PII) from data

making re-identification possible.

Ensures data cannot be linked back to individuals under any circumstances.

Example: Removing names

addresses

Difference:

Pseudonymization allows re-identification if paired with additional data

while Anonymization makes re-identification impossible.

Pseudonymization provides more utility for analysis

whereas anonymization prioritizes privacy over data usability.

DATA MASKING

Definition: the process of obscuring sensitive data by replacing it with fictitious or scrambled values while retaining its original format.

Purpose: Protects sensitive information (e.g.

credit card numbers

Types: Static Data Masking (SDM) and Dynamic Data Masking (DDM).

Usage: Common in application development

testing

Benefits: Enhances data privacy

minimizes risk of exposure

HASHING VS ENCRYPTION

Hashing:

Converts data into a fixed-length string using a mathematical function.

One-way process; cannot be reversed to reveal original data.

Used for data integrity checks and password storage.

Example: SHA-256

MD5.

Encryption:

Transforms data into an unreadable format using a key

allowing reversal with the correct key.

Two-way process; original data can be retrieved.

Used for protecting data confidentiality during storage or transmission.

Example: AES

RSA.

USES OF DIFFERENT ALGORITHMS

Symmetric Encryption Uses:

Securing file storage (e.g.

AES for encrypted drives).

Encrypting database records (e.g.

credit card details).

Securing communication channels (e.g.

VPNs

Asymmetric Encryption Uses:

Secure key exchange (e.g.

TLS handshake).

Digital signatures to ensure authenticity (e.g.

signing emails).

Encrypting small amounts of data like passwords or keys.

Hash Function Uses:

Storing hashed passwords securely.

Verifying data integrity (e.g.

checksums for file transfers).

Digital signatures and certificates (e.g.

hashing documents before signing).

HASH FUNCTION REQUIREMENTS

Deterministic: The same input always produces the same hash output.

Fast Computation: Quickly generates a hash value for any given input.

Collision Resistance: Two different inputs should not produce the same hash output.

Pre-image Resistance: It should be computationally infeasible to reverse a hash to its original input.

Avalanche Effect: A small change in input should result in a significantly different hash.

SALTING

Definition: Adding a random value (salt) to data before hashing to enhance security.

Purpose: Protects against precomputed attacks like rainbow tables.

Uniqueness: Each salt is unique for every input

ensuring unique hash outputs even for identical inputs.

Storage: Salt is typically stored alongside the hashed value.

Use Case: Commonly used in password hashing for secure authentication systems.

DIGITAL SIGNATURE

Definition: A cryptographic method that uses asymmetric encryption to verify the authenticity and integrity of digital data.

How it Works: Created using the sender’s private key and verified with their public key.

Use Case:

Authentication: Positive identification of the data sender. Private key owner = Signer

Non-repudiation: The sender can’t deny sending the message because only he/she has the access to private key.

Integrity: Provide assurance that the data or message has not been altered in transit.

KEY STRETCHING

Definition: A technique to strengthen weak keys or passwords by applying a computationally intensive process multiple times.

Purpose: Increase the time required to crack passwords using brute force or dictionary attacks.

Methods: Uses algorithms like PBKDF2

bcrypt

How it Works: Iteratively hashes a password with added salt

making it computationally expensive to process.

Benefits: Enhances password security without requiring users to create longer passwords.

BLOCKCHAIN

Definition: A decentralized

distributed ledger that records transactions across multiple nodes securely and transparently.

Structure: Data is stored in blocks

linked together in chronological order to form a chain.

Immutability: Once recorded

data in a block cannot be altered without altering all subsequent blocks.

Consensus Mechanism: Ensures agreement among nodes

such as Proof of Work (POW) or Proof of Stake (PoS).

Use Cases: Cryptocurrencies (e.g.

Bitcoin)

BLOCKCHAIN VS OPEN PUBLIC LEDGER

Blockchain:

A type of distributed ledger that organizes data into linked

immutable blocks.

Uses cryptography and consensus mechanisms to ensure security and transparency.

Can be public

private

Example: Bitcoin blockchain.

Open Public Ledger:

A general term for any ledger that is publicly accessible and records transactions transparently.

May not necessarily use blockchain technology.

Focused on transparency and accessibility without needing cryptographic validation.

Example: Land ownership registries in some countries.

COMMON CRYPTOGRAPHIC CONCEPTS EXAM TIPS

Low Power Devices: Devices with limited battery or processing power need efficient encryption ECC

which provide strong security without draining resources.

Low latency requirements: For real-time applications like video calls

use fast encryption like stream ciphers (e.g.

Supporting Integrity: To check if data is unchanged

use hashing algorithms like SHA-256 or HMAC to verify data.

Supporting Authentication: To confirm identities

use digital signatures (e.g.

Supporting non-repudiation: to ensure someone cannot deny sending a message

use digital signatures combined with PKI to provide proof of origin.

CRYPTOGRAPHY LIMITATION

Speed: Cryptographic algorithms

especially asymmetric ones

Weak Keys: poorly chosen or short keys are vulnerable to brute-force attacks

undermining security.

Longevity: algorithms may become insecure as attackers find weaknesses

requiring frequent updates to cryptographic systems.

Predictability: poor implementation or predictable random number generators can make cryptographic systems easier to attack.

Reuse: Reusing keys or initialization vectors (IVs) compromises security by exposing patterns in encrypted data.

Entropy: Insufficient randomness (low entropy) in key generation weakens cryptographic strength

making it easier to crack.

THREAT ACTORS

Definition: threat actors are individuals

groups

Examples:

Nation State

Unskilled attacker

Hacktivist

Insider Threat

Organized Crime

Shadow IT

NATION-STATE

Definition: Government-sponsored attackers targeting specific organizations

nations

Motivation: Espionage

disrupting critical infrastructure

Skill Level: Highly skilled

employing advanced persistent threats (APTs).

Resources: Significant funding

access to zero-day vulnerabilities

Examples: Stuxnet attack

SolarWinds breach.

UNSKILLED ATTACKER (SCRIPT KIDDIE)

Definition: individuals with limited technical knowledge relying on pre-written scripts or tools.

Motivation: Curiosity

personal amusement

Skill Level: Low; lack deep understanding of security systems.

Resources: Publicly available hacking tools and resources.

Example: Using tools like LOIC (Low Orbit Ion Cannon) for basic DDoS attacks.

HACKTIVIST

Definition: Attackers driven by ideological or political goals to promote their agenda.

Motivation: Advocacy for social

political

Skill Level: Varies; can range from low (defacing websites) to highly skilled (data breaches).

Resources: Community-driven; relies on crowd-sourced tools and techniques.

Example: Anonymous targeting government or corporate websites.

INSIDER THREAT

Definition: Employees

contractors

Motivation: Financial gain

revenge

Skill Level: Moderate to high; depends on role and knowledge of internal systems.

Resources: Access to organizational systems

sensitive data

Examples: Edward Snowden’s disclosure of classified NSA data.

ORGANIZED CRIME

Definition: Criminal groups engaging in cybercrime for financial profit.

Motivation: Monetary gain through fraud

ransomware

Skill Level: High; often employs experts in hacking. Phishing

and malware development.

Resources: Well-funded operations with access to sophisticated tools.

Examples: Ransomware gangs like REvil or Conti.

SHADOW IT

Definition: Technology

devices

Motivation: Employees seek faster

more convenient tools to meet their needs.

Risks: Can lead to data breaches

compliance violations

Examples: Using personal cloud storage (e.g.

Google Drive) for work files without approval.

Mitigation: Implement policies

increase awareness

THREAT ACTORS MOTIVATION

Data exfiltration

Stealing sensitive or proprietary information

such as trade secrets or personal data.

Used to sell on the dark web

gain a competitive advantage

Espionage

Gaining unauthorized access to gather intelligence

often for strategic or geopolitical purposes.

Typically associated with nation-states targeting governments

corporations

Service disruption

Aiming to interrupt normal operations

such as disabling websites or critical infrastructure.

Methods include DDoS attacks or ransomware locking systems.

Blackmail

Threatening to release sensitive data or disrupt services unless a ransom or demand is met.

Often executed through ransomware or leaks of compromising information.

Financial gain

Primary motivation for cybercriminals targeting individuals or organizations for monetary profit.

Methods include phishing

ransomware

Philosophical/ Political beliefs

Motivated by ideology to make a statement or promote a cause.

Common with hacktivists targeting governments or corporations.

Ethical

Motivated by the desire to improve systems by identifying vulnerabilities (e.g.

ethical hacking).

Often involves reporting issues responsibly without malicious intent.

Revenge

Personal grievances leading to malicious actions against an individual or organization.

Common in insider threats or former employees seeking retribution.

Disruption/ Chaos

Creating disorder for amusement

notoriety

Often linked to unskilled attackers or cyber vandals.

War

Using cyberattacks as part of a nation-state’s warfare strategy.

Targets include critical infrastructure

communication networks

Threat Actor

Skill Level

Motivation

Nation-State

Highly skilled (APTs)

Espionage

disruption

Unskilled Attacker (Script Kiddie)

Low (Uses pre-written tools)

Curiosity

personal amusement

Hacktivist

Varies (low to high)

Philosophical/political beliefs

advocacy

Insider Threat

Moderate to high

Revenge

financial gain

Organized Crime

High

Financial gain

blackmail

ACTOR ATTRIBUTES

Threats from Internal vs. External Actors

Internal Threats:

Direct access to sensitive systems and data increases potential damage.

Difficult to detect due to legitimate access rights.

Examples: Data leaks

sabotage

External Threats:

Can exploit vulnerabilities in network defenses or social engineering.

Persistent and adaptable

often bypassing traditional security measures.

Examples: phishing attacks

ransomware

Threats Based on Resources/Funding

Low-Resource Threat Actors:

Can still cause significant harm by leveraging widely available tools or vulnerabilities.

Examples: Malware kits

brute-force attacks

Well-Funded Threat Actors:

Utilize advanced tools

zero-day vulnerabilities

Examples: Sophisticated espionage campaigns

ransomware-as-a-service (RaaS).

Threats Based on Level of Sophistication/Capability

Low Sophistication:

May rely on poorly configured systems or known vulnerabilities.

Less targeted but can exploit weak security practices.

High Sophistication:

Targeted attacks using advanced techniques

such as APTs or spear-phishing.

Capable of long-term infiltration and significant data compromise.

ATTACK SURFACE

Definition: The total number of points or path through which an attacker could try to access or exploit a system.

Examples:

External attack surface: Public-facing servers

websites

Internal attack surface: Vulnerabilities in internal software

misconfigured databases

Physical attack surface: Office doors

USB ports

THREAT VECTOR

Definition: Specific methods or pathways used by attackers to breach or compromise a system.

Examples:

Email phishing: Sending malicious links or attachments.

Malware delivery: Using infected software or USB drives.

Network-based attacks: Exploiting unpatched systems via open ports or weak firewalls.

Insider threats: Employees with malicious intent or careless actions.

THREAT VECTOR VS ATTACK SURFACE - AN ANALOGY

Think of your System or Network as a house:

The attack surface is like all the potential entry points into the house - front

door

Threat vectors are the ways a burglar might exploit those entry points - picking the lock

breaking a window

Relationship:

The attack surface represents the possible places an attack could occur

while threat vectors represent the techniques used to exploit those places. A house with more entry points (larger attack surface) offers a burglar more opportunities to choose a specific threat vector.

Untitled Deck Flashcards

(775 cards)