IST 4780 Exam 2 Study Guide

A predictive model of insider threat detection is trained by a training dataset and then its performance is evaluated on a test dataset. The following Python code partitions the datasets X (predictors) and y (outcome) into their training and test datasets. from sklearn.model_selection import train_test_splittrain_y,test_y,train_X,test_X = train_test_split(y, X, test_size=0.3, random_state=40) How many data points will be included in the training datasets?

70%

If the test_size=0.2, how much of the data is used for training?

80%

Which of the following best describes shoulder surfing?

A human approach

Based on Prospect Theory, people assess the subjective value of their loss and gain in different manners.

Framing effects

Which bias does the following example(s) represent? - When risk is framed as possible losses, people tend to take a risk-taking strategy - When risk is framed as possible gains, people tend to take a risk-aversion strategy.

Framing effects

A framework explaining factors leading to fraud or unethical behavior

Fraud Triangle Theory

A physical type of attack where the attacker follows an authorized person to enter into a secured area WITH the consent of the authorized person.

Piggybacking

Which of the following is NOT a valid challenge for automatic insider threat detection?

Predictive analytics methods are hard to implement.

What are the three components of the Fraud Triangle Theory?

Pressure, Rationalization, and Opportunity

An attacker creates a story to convince a victim to perform actions or divulge confidential information.

Pretexting

When conditions X,Y,Z are satisfied, something happens.

Rule-based system

What are the two technical solutions to detect insider threats?

Rule-based system and ML

Which of the following Python package is for machine learning?

Scikit learn

What are the two components of the Intent dimension?

Accidental and Intentional

A company uses an automatic insider threat detection system that sends alerts if an employee visits Wikileaks website from a corporate workstation after work hours. Which of the following best describes this insider threat detection system?

A rule-based approach

A mental shortcut that allows people to make decisions based on affect (feeling) rather than on rational deliberation

Affect heuristic

People tend to judge the likelihood of an event based on how easily they can recall example of the event. The more recent, emotional, or vivid an event is, the more likely we'll overestimate its likelihood

Availability heuristic

A malware-infected storage medium is left for victims to find.

Baiting

An attacker plants a malware-infected CD-Rom or USB flash disc in a location where a curious employee will find and try to read its content.Which best describes the above attack scenario?

Baiting

Which of the following is NOT a social engineering attack?

Biometric spoofing

People are less likely to respond to emergency when other people are at present.

Bystander effect

Which bias does the following example(s) represent? - People in large groups may feel less responsible for security - People tend to not take necessary security measures since they expect others to do so

Bystander effect

Which of the following theory best described the phenomenon that users in large groups may feel less responsible for cybersecurity?

Bystander effect

A person's tendency to process/view information from a particular perspective, which prevents the person from being objective, open-minded, and impartial. It usually happens automatically, without people realizing it.

Cognitive bias

Insiders whose credentials are compromised and used by attackers

Compromised Insiders

Which of the following is NOT a component of the social engineering cycle? - Exploitation - Confirmation - Information Gathering - Developing Relationship - Execution

Confirmation

Tendency to search for, interpret, favor, and recall information in a way that confirms or supports one's prior beliefs or values.

Confirmation bias

Which bias does the following example(s) represent? - People's initial opinion on cybersecurity is hard to change - A security analyst finding a perceived pattern of threat tends to seek confirming evidence for his hypothesis, ignoring other explanations - A user initially having over-confidence on system security may refuse to change their risk perceptions

Confirmation bias

Which of the following is NOT a component of the Fraud Triangle Theory? - Rationalization - Opportunity - Consequence - Pressure

Consequence

Tendency of people to believe that they can control outcomes that they clearly cannot

Control bias

Which bias does the following example(s) represent? - Since people think their actions on their computers are under their control, they tend to perceive threats less risky and less likely to take protective measures.

Control bias

What is the maplotlib package used for?

Creating simple visualizations

Which of the following is NOT one of the four dimensions of cybersecurity threats? - Source - Criminal - Consequence - Intent - Perpetrator

Criminal

What are the four components of the Consequence dimension?

Disclosure, Modification, Destruction, and Denial of Service

What are the technical mitigations against insider threats?

Encryption, Access Control, Least Privilege, Monitoring, Auditing, Reporting, and Proactive threat detection

What are the non-technical mitigations against insider threats?

Enforce baseline security policies and procedures; Conduct ongoing employee background checks and vetting; Implement focused risk assessment; Institute periodic security awareness training

A simple rule inherent in human nature or learned to reduce cognitive load. It explains how people make decisions when dealing with complex problems or incomplete information.

Heuristics

Which of the following is NOT a component of risk assessment of cybersecurity?

How do people perceive risks?

What are the two components of the Perpetrator dimension?

Human and Non-human

Since people think their actions on their computers are under their control, they tend to perceive threats less risky and less likely to take protective measures.Which of the following theory best described the above phenomenon?

Illusion of control

What are the components of the social engineering cycle?

Information Gathering, Developing Relationship, Exploitation, and Execution

A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

Insider threat

What are the two components of the Source dimension?

Internal and External

Which of the following is NOT a popular channel of social engineering attacks?

Letter

Which of the following is NOT a motivation for an insider threat? - Financial gain - Revenge - Love - IP theft - Curiosity

Love

Gives computers the ability to learn without being explicitly programmed

Machine learning (ML)

What is the scikit learn package used for?

Machine learning algorithms

Insiders that intentionally take advantage of their access to harm organizations

Malicious Insiders

What are the three different types of insiders?

Malicious, Negligent, and Compromised

Which of the following Python package is for data visualization?

Matplotlib

Insiders that unintentionally cause damage due to their errors or policy violations

Negligent Insiders

Most people do not believe that they are personally at risk; instead, people tend to believe that negative outcomes are more likely to happen to others.

Optimism bias

Which bias does the following example(s) represent? - Hackers do not value the information on their computers and networks - They are not potential targets - Computer systems will give them warning if they are vulnerable - Their actions or inactions will not result in a security breach

Optimism bias

The following table presents the performance of two predictive models for insider threat detection. SVM: Accuracy = 0.92; AUC = 0.86 Random Forest: Accuracy = 0.95; AUC = 0.88 Which model should be chosen to detect insider threats?

Random forest

Which of the following is NOT an effective defense against social engineering?

Replacing symmetric cryptography by asymmetric cryptography

Type of social engineering attack where the victim approaches the attacker.

Reverse social engineering

An attacker creates a situation in which the victim requires help. Then the attacker poses as someone who can help and is allowed to get privileged information from the victim. Which best describes the above attack scenario?

Reverse social-engineering

People tend to adjust their behaviors in response to the comparison between target and perceived levels of risk.

Risk Compensation Theory

Concept that looks into three main categories: - What are the vulnerabilities? - What is the likelihood that vulnerability is exploited? - What is the impact of each risk?

Risk assessment

Which of the following theory best described the phenomenon that bikers tend to take more risky actions when they are wearing helmets?

Risk compensation theory

Physical, human-type attack where someone simply looks over someone's shoulder as they enter in login credentials, a PIN, etc.

Shoulder surfing

Any act that influences a person to take an action that may or may not be in their best interest.

Social engineering

The psychological manipulation of people into performing actions or divulging confidential information.

Social engineering

The four dimensions of cybersecurity threats that can be used to categorize various cybersecurity threats.

Source, Intent, Consequence, Perpetrator

Which of the following is NOT a method used for identity theft?

Spamming

Phishing attacks targeted to specific individuals or organizations. It requires information gathering on intended victims.

Spear-phishing

People tend to not change an established behavior unless there is a compelling incentive to do so

Status quo bias

A physical type of attack where the attacker follows an authorized person to enter into a secured area WITHOUT the consent of the authorized person.

Tailgating

Which of the following statement is NOT true about the "penetrate and patch" strategy used by security companies?

The strategy provides a systematic way to solve all cybersecurity problems.

What are the four common defenses used against social engineering type attacks?

User education/awareness training, Phishing blacklists, Spam filtering, and Security policies/procedures

What is the pandas package used for?

Using data frames

An attacker guesses or observes which websites an organization often uses and infects one or more of them with malware.

Water-holing

An attacker plants malware into websites that are likely to be visited by victims.Which best describes the above attack scenario?

Water-holing

Phishing attacks targeted to high-profile employees in organizations.

Whaling

Logic bombs are most likely planted in an information system by ________.

disgruntled-IT employees

User training and awareness programs are effective to prevent ________.

phishing

Dumpster diving is considered as a ________ approach of social engineering attacks.

physical

Phishing is considered as a ________ approach of social engineering attacks.

social-technical