ISDS 705 Ch5 CyberSecurity, and Risk Management
Something or someone that may result in harm to an asset.
Threat
Two accepted models for IT governance are: __ (ERM) and __ for Information and Related Technology (COBIT)
enterprise risk management Control Objectives
Physical security refers to the protection of computer facilities and resources. This includes protecting physical property such as computers, data centers, software, manuals, and networks. It provides protection against most ___ as well as against __.
natural hazards some humans
__ is an automated method of verifying the identity of a person, based on physical or behavioral characteristics. Most biometric systems match some personal characteristic against a stored profile. The most common biometrics are a thumbprint or fingerprint, voice print, retinal scan, and signature.
A biometric control
__ (2012) took credit for knocking Combined Systems, Inc. offline and stealing personal data from its clients. Combined Systems Inc. (sells crowd control to law)
Anonymous
Encrypted text
Ciphertext
__ are available for hire or complete hack attacks can be bought. Organized crime groups quickly learned that cybercrimes have better payoffs than the drug trade and with almost no risk. __ is key to security.
Contract hackers PW mgmt
To help keep managers updated on the latest cyberthreats and prioritize defenses, KPMG publishes its ___. The __ describes the latest trends and statistics for data losses worldwide.
Data Loss Barometer annual report
Transforming data into scrambled code to protect them from being understood by unauthorized users.
Encryption
Tool or technique that takes advantage of a vulnerability.
Exploit
The Department of Homeland Security (DHS) ___(ICS-CERT) warned that attacks against __ are growing.
Industrial Control Systems Cyber Emergency Response Team critical infrastructure
__ is a hacker group and spin-off of the loosely organized hacking collective.
LulzSec
Worms, viruses, trojans, botnets, and keyloggers are types of: a. Spam b. Adware c. Malware d. Spyware e. Hideware
Malware
Readable text
Plaintext or clear text
Process of identifying, assessing, and reducing risk to an acceptable level.
Risk management
__malware so new their signatures are not yet known
Zero-day exploits
An audit is an important part of any control system. Auditing can be viewed as an __ or safeguards. It is considered as a deterrent to criminal actions, especially for insiders.
additional layer of controls
While the previously discussed general controls are technical in nature,__ deal with issuing guidelines and monitoring compliance with the guidelines.
administrative controls
Phishing messages include a link to a fraudulent phish website that looks like the real one. When the user clicks the link to the phish site, he or she is asked for a __,__, __ or password.
credit card number, social security number, account number
A business impact analysis (BIA) estimates the consequences of disruption of a business function and collects data to __. Potential loss scenarios are first identified during the risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries.
develop recovery strategies
Cybersecurity experts warn that battling __ and __ attacks has become part of everyday business for all organizations.
distributed denial-of-service (DDoS) and malware
U.S. government agencies are now imposing __, which are based on the assumption that devices will inevitably be compromised according to Mike Rogers, current chairman of the House Intelligence Committee. House members can bring only "clean" devices and forbidden from __ while abroad.
do-not-carry rules connecting to the government's network
Unintentional threats fall into three major categories: human error, __, and __.
environmental hazards computer system failures
Risk is the probability of a threat successfully __ a vulnerability and the estimated ___. For example, car insurance premiums are based on risk calculations that take into consideration the probability of an accident and the cost of the damage.
exploiting cost of the loss or damage.
Estimated cost, loss, or damage that can result if a threat exploits a vulnerability.
exposure
Exploit has more than one meaning. An exploit is a __ or __ used to break into a system, database, or device. An attack or action that takes __ is also called an exploit. Exploits themselves are not against the law, and several legitimate firms also sell them.
hacker tool or software program advantage of a vulnerability
Hactivist is short for __or someone who does hacking for a cause. Hacking, regardless of motive, is a crime.
hacker-activist
Social engineering aka __—tricking users into revealing their credentials and then using them to gain access to networks or accounts through manipulation of people's tendency to trust or simply follow their curiosity. Humans are easily hacked, making them and their social media posts ___.
human hacking high-risk attack vectors
Critical infrastructure is defined as systems and assets, physical or virtual, so vital to the United States that the __ of such systems and assets would have a debilitating impact on security, ___, or national public health.
incapacity or destruction national economic security
CIA triad are 3 key cybersecurity principles: confidentiality, __, and __.
integrity availability
APTs are designed for___. APTs collect and store files on the company's network; encrypt them; then send them in bursts to servers often in China or Russia. (ex of APT Operation Aurora).
long-term espionage
Experts believe the greatest cybersecurity dangers over the next few years will involve persistent threats, ___, and the use of social media for __.
mobile computing social engineering
A malware's __ refers to the actions that occur after a system has been infected. The __ carries out the purpose of the malware. Can cause damage that is visible or operate in stealth mode so as to remain undetected.
payload
appropriate physical security which includes: appropriate design of the data center. for example, the data center should be noncombustible and waterproof. shielding against electromagnetic fields. Good fire prevention, detection, and extinguishing systems, including a sprinkler system, water pumps, and adequate drainage facilities. emergency power shutoff and backup batteries, which must be maintained in operational condition. properly designed and maintained air-conditioning systems. motion detector alarms that detect physical intrusion.
physical controls
In the event of loss or theft of a device, a mobile kill switch or ___is needed as well as encryption. All major smartphone platforms have some kind of remote erase capability and encryption option.
remote wipe capability
Probability of a threat exploiting a vulnerability
risk
done using an app or spreadsheet: expected loss = P1*P2*L P1= probability of attack (estimate based on judgement) P2= probability of attack being successful L= loss of occuring of attack is successful
risk assessment
Most antivirus (AV) software relies on __ to identify and then block malware.
signatures
Examples of intentional threats include data theft; inappropriate use of data (e.g., manipulating inputs),__; theft of equipment and/or programs; __; labor strikes, and miscellaneous computer abuses and Internet fraud.
theft of mainframe computer time deliberate manipulation of programming data
A weakness that threatens the confidentiality, integrity, or availability (CIA) of an asset.
vulnerability
Risk management is not complete without a business continuity plan that has been tested to verify that it works. Business continuity refers to maintaining business functions or restoring them quickly __. The purpose of a business continuity plan is to keep the business running ___.
when there is a major disruption after a disaster occurs
Three objectives of data and information systems security: _1_: No unauthorized data disclosure. _2_: Data, documents, messages, and other files have not been altered in any unauthorized way. _3_: Data is accessible when needed by those authorized to do so.
1. Confidentiality 2. integrity 3. availability
Why are hackers they so successful? The Information Security Forum compiled a list of the top information problems and discovered that nine of the top ten incidents were the result of three factors: 1. Mistakes or human error 2. ___ 3. Misunderstanding the effects of adding ___ to an existing system
2. Malfunctioning systems incompatible software
There were more than __ incidents reported between October and May 2013, over half of the attacks were against the __.
200 brute-force cyberattack energy sector
Respondents to the __ indicated that security incidents increased __ despite implementation of security practices.
2013 U.S. State of Cybercrime Survey 33 percent
The number of malicious Android apps is growing at an alarming rate. According to the report Mobile Phone Biometric Security Analysis and Forecasts 2011-2015 (Egan, 2011), at least __ new malicious Android apps were found in the first quarter of 2012.
5,000
How big is the threat of malware? IT security researchers discover roughly __.
70,000 malicious programs every day
Since 2013 the number of data records stolen by hackers has increased at an alarm-ing rate. 2013 has been dubbed the "Year of the Breach" bc there were 2,164 reported data breaches that exposed an estimated __. Almost half of the 2013 breaches occurred in the __ where the largest number of records were exposed—more than 540 million data records or __.
823 million records United States 66 percent
The defense strategy and controls that should be used depend on what needs to be protected and a cost-benefit analysis. That is, companies should neither underinvest nor overinvest. The following are the major objectives of defense strategies__, Detection, Contain the damage, __, __, and awareness and compliance.
:Prevention and deterrence recovery correction
Security feature designed to restrict who has access to a network, IS, or data. Authentication method include: something only the user knows, such as a password something only the user has, a smart card or token something only the user is such as a signiture voice fingerprint or eye scan; implemented via biometric contorls, which can be physical or behavioral
Access control
Procedure of generating, recording, and reviewing a chronological record of system events to determine their accuracy.
Audit
Method (usually based on username and password) by which an IS validates or verifies that a user is really who he or she claims to be.
Authentication
Methods to identify a person based on a biological feature, such as a fingerprint or retina
Biometrics
Malware named __ is sold on the black market under the generic name Dump Memory Grabber by Ree for $1,800 or more. This malware designed to be installed on POS devices in order to record data from __ and __.
BlackPOS credit and debit cards
A network of hijacked computers that are controlled remotely— typically to launch spam or spyware. Also called software robots. Botnets are linked to a range of malicious activity, including identity theft and spam.
Botnet (short for Bot network)
__,__, websites, __, and patents are examples of assets. The greater the value of the asset to the comp and criminals, the greater the security needs to be. The smart strategy is to invest more to protect the company's most valuable assets.
Customer data networks proprietary information systems
July 2012 the hacker group __ published almost half a million e-mail addresses and passwords that allegedly had been stolen from Yahoo by exploiting a __ that had not yet been patched.
D33Ds Company common vulnerability
Botnets are used to send spam and phishing e-mails and launch __. Botnets are extremely dangerous because they scan for and compromise other computers, which then can be used for every type of crime and attack against computers, servers, and networks.
DDoS attacks
__ is a common means of attack that is overshadowed by other types of attacks. It refers to an attack during which someone enters __, or changes or deletes existing data. Data tampering is extremely serious because it may not be detected.
Data tampering false or fraudulent data into a computer
__ is a multilayered approach to information security. The basic principle is that when one defense layer fails, another layer provides protection.( ex if a wireless network's security was compromised, then having encrypted data would still protect the data).
Defense-in-depth
The ability of an IS to continue to operate when a failure occurs, but usually for a limited time or at a reduced level.
Fault tolerance
Software or hardware device that controls access to a private network from a public network (Internet) by analyzing data packets entering or exiting it
Firewall
A defense strategy is also going to require several controls. __ are established to protect the system regardless of the specific application. For example, protecting hardware and controlling access to the data center are independent of the specific application. __ are safe-guards that are intended to protect specific applications.
General controls Application controls
Since malware and botnets use many attack methods and strategies, multiple tools are needed to detect them and/or neutralize their effects. Three essential defenses are the following:__, __ and antivirus SW
Intrusion Detection Systems (IDSs) Intrusion Prevention Systems (IPSs):
A defense tool used to monitor network traffic (packets) and provide alerts when there is suspicious traffic, or to quarantine suspicious traffic.
Intrusion detection systems (IDS)
During the Arab Spring (street revolutions of 2013), hacktivists __ and __ showed how vulnerable anyone's online presence was. One of LulzSec's specialties is finding websites with __, and then stealing and posting information from them online. Some of their attacks may seem more like __ than serious cyberwarfare, but still illegal.
LulzSec and Anonymous poor security Internet pranks
Several experts believe that point of sale (POS) malware was responsible for the Target credit card hack in Dec 2013. __, short for malicious software, are ___whose code causes disruption, destruction, or other devious action.
Malware computer programs
When a host computer is infected, attempts to remove the malware may fail—and the malware may reinfect the host for these two reasons: 1. ___ 2. Malware infects removable media.
Malware is captured in backups or archives.
The internal control environment is the work atmosphere that a company sets for its employees. Internal control (IC) is a process designed to achieve: Reliability of financial reporting to protect investors, __,Compliance with laws, regulations, and policies, and__.
Operational efficiency Safeguarding of assets
Industry groups imposed their own standards to protect their customer. One example is the __ created by Visa, MasterCard, American Express, and Discover. it is required for all members, merchants, or service providers that store, process, or transmit __. It's purpose of the PCI DSS is to improve __ in e-commerce. Penalties for retailers noncompliance are severe.
Payment Card Industry Data Security Standard (PCI DSS) cardholder data customers' trust
__ is a deceptive method of stealing confidential information by pretending to be a legitimate organization, such as PayPal, a bank, credit card company, or other trusted source.
Phishing
Organizations need to put in place strong policies and processes that make responsibilities and accountabilities clear to all employees. An __ explains what management has decided are acceptable and unacceptable activities, and the consequences of noncompliance.
acceptable use policy (AUP)
Storm worm, which is spread via spam, is a __ embedded inside over 25 million computers. It's power has been compared to the processing might of a supercomputer, and Storm-organized attacks are capable of crippling any website.
botnet agent
Users bringing their personal mobile devices and their own mobile apps to work and connecting them to the corporate network is part of the larger __ trend.
consumerization of information technology (COIT)
IT monitoring and control also demonstrate that the company has implemented effective __ and __. Regulators look favorably on companies that can demonstrate best practices in corporate gover-nance and operational risk management.
corporate governance and fraud prevention measures
In 2013 __ were at the top of US intelligence reports for the first time and are now the __ facing the United States.
cyberthreats number one type of danger
Threats from employees, referred to as internal threats, can be minimized with a layered __ consisting of security procedures, __ and technology controls.
defense-in-depth strategy acceptable use policies
Laws and industry regulations mandate that enterprises invest in cybersecurity __, __, __ to help secure unauthorized transactions such as money laundering.
defenses, audits, and internal controls
Occupational fraud refers to the ___ of one's employer for personal gain. Internal audits and internal controls are essential to the prevention and detection of occupation frauds.
deliberate misuse of the assets
February 2012 Anonymous launched a __ that forced the CIA website offline. Within 10 days, the group also went after___, American Nazi groups, antivirus firm Symantec, and the __.
denial of service (DoS) attack Chinese electronics manufacturer Foxconn office of Syria's president
Another type of defense is rogue app monitoring to __ malicious apps in the wild. Several vendors offer 24/7 monitoring and detection services to monitor major app stores and shut down rogue apps to minimize exposure and damage.
detect and destroy
Human error can occur in the design of the hardware or info system, __, testing, or data entry. Not changing __on a firewall or failing to manage patches creates security holes. Human errors contribute to the__and information security problems.
during programming default passwords majority of internal control
Hackers, hactivists, crime syndicates, the military, militant groups, industrial spies, disgruntled employees, fraudsters, and hostile governments will continue to attack networks for profit, __, revenge, or an ideology; to wage __, terrorism, or an antiterrorism campaign; or to __ their target.
fame warfare disable
The consequences of lax cybersecurity include damaged reputations, __, federal and state government fines, lost market share, __, and consumer backlash.The main cause of a data breach is hacking, but the reason hacking is so successful is __ —management not doing enough to defend against cyber-threats.
financial penalties falling share prices negligence
Most workers use their laptops and mobiles for both work and leisure. These habits make them a weak link in an organization's otherwise solid security efforts. These threats can be classified as __ or __.
intentional or unintentional
COBIT is an __ IT governance and control framework for aligning IT with __, delivering value, and managing associated risks. It provides a reference for management, users, and IS audit, control, and security practitioners.
internationally accepted business objectives
According to Cowen Group's note to investors, criminals were able to hack into Target's database due to a __, which might have been a result of underinvestment by senior management.Target's was warned to review the security of its payment card system at least two months before the breach. At the time of the warning, Target was updating the payment terminals, which makes them ___, in preparation for the holiday season. Data security was not a top priority.
lack of security more vulnerable to attack
A botnet is a collection of bots, which are __. Those infected computers, called zombies can be controlled and organized into a network of zombies on the command of a remote botmaster (also called bot herder). Zombies can be commanded to monitor and steal personal or financial data—acting as__.
malware-infected computers spyware
Fraud is __ because instead of a gun or knife, fraudsters use deception, confidence, and trickery.
nonviolent crime
When new vulnerabilities are found in operating systems, applications, or wired and wireless networks, __ are released by the vendor or security organization. This is are software programs that users download and install to fix a __. Microsoft, for example, releases patches that it calls __ to update and fix vulnerabilities in its operating systems, including Vista.
patches vulnerability service packs
Corporate and government secrets are currently being stolen by APTs. Most APT attacks are launched through __. Typically, this type of attack begins with some reconnaissance on the part of attackers. The research is then used to create __. A successful attack could give the attacker access to the enterprise's network.
phishing targeted phishing e-mail messages
Computer systems failures can occur as the result of __, __, and outdated/ poorly maintained networks. Unintentional malfunctions can also happen from lack of experience to inadequate testing.
poor manufacturing, defective materials
A vector is the specific method that malware uses to __ to other machines or devices. Malware may also make copies of itself.
propagate or spread
Strong passwords contain a combination of upper- and lowercase letters, __, and numbers, and are at least __ characters long.
punctuation marks 8
Minimum security defenses for mobile devices are mobile biometrics, __,__, and encryption. For travelers, do-not-carry rules may be a necessary defense.
rogue app monitoring, remote wipe capability
Now it is easier to steal information remotely, mostly because of __ and __. Hackers' preferred modus operandi is to break into employees' mobile devices and leapfrog into__, stealing secrets without a trace.
smartphones and the BYOD trend employers' networks
Advanced persistent threat (APT) attackers want to remain unnoticed so they can continue to steal data, as described in IT at Work 5.2. Profit-motivated cyber-criminals often operate in __. In contrast, hackers and hacktivists with personal agendas carry out__.
stealth mode (secretly) high-profile attacks
IT security defense-in-depth model begins with commitment for senior mgmt and consists of 4 steps: Step 1: Senior management commitment and support. Step 2: _________ Step 3: _________ Step 4: HW and SW
step 2: Acceptable use policies and IT security training. step 3: IT security procedures and reinforcement
Black smartphone, released in 2014, is an Android phone manufactured as a sealed device, with both epoxy around the casing and screws with __. The phone encrypts __ and __ and, if tampered with, self-destructs. designed for use by government agencies and contractors who need to secure their communication and data.
tamper-proof covering voice and data communication
ERM is a risk-based approach to managing an enterprise that integrates internal control, __, and strategic planning. ERM is intended to be part of __ rather than a separate initiative.
the Sarbanes-Oxley Act mandates routine planning processes
A __ is something or someone that can damage, disrupt, or destroy an asset. Vulnerabilities are gaps, holes, weaknesses, or flaws in corporate networks.It threaten the confidentiality, integrity, or availability (CIA) of __. These vulnerabilities are __ or entry points for malware, hackers, hactivists, and organized crime.
threat data and information systems. attack vectors
The success of any type of IT project depends on the commitment and involvement of executive management, also referred to as the__.
tone at the top
A distributed denial-of-service (DDoS) attack bombards a network or website with __ (ex. requests for service) to __ it and leave it vulnerable to other threats.
traffic crash
Viruses, worms, __, __, backdoors, botnets, and keyloggers are types of malware. Technically, malware is a computer program or code that can infect anything ___and is able to process the code. Most __,__, and __ are activated when an attachment is opened or a link is clicked.
trojans rootkits attached to the Internet viruses, trojans, and worms
Remote-access trojans (RATS) create an __ into a system through which a hacker can remotely control that system. This provides easy access to a system by eliminating the need to authenticate with a ___. Whenever you store your username and password, you create a backdoor to that account.
unprotected backdoor username and password
Another more recent vulnerability is bring your own device (BYOD). The BYOD trend is driven by employees ___ for business purposes bc they are more powerful than the company's devices,__, __, or bc they are working from home.
using their own devices they provide better mobility, limit multiple device use
Mobile biometrics such as __ and __, can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.
voice and fingerprint biometrics
An overriding reason why networks and services increase exposure to risk is the time-to-exploitation of today's sophisticated spyware and mobile viruses. Time-to-exploitation is the elapsed time between when ___ and __.
vulnerability is discovered and when it is exploited.