Week 1: Team 2 Assignment

¡Supera tus tareas y exámenes ahora con Quizwiz!

The role of cyber security frameworks and standards in reducing vulnerabilities

1. All software will be vulnerable at some point in time in its lifecycle 2. the vulnerabilities will be exploited by malignant actors

Incident Response Framework

Prepare, detect and analyze, contain, eradicate, and recover

Cyber attacks

DDoS (Distributed Denial of Service), Data breaches, ransomware attacks, MitM (Man in the middle) attacks, SQL injection attacks, Brute force attacks, cryptojacking attacks

Malware

Common cyberattack and compromises security by stealing information Malware is short for malicious software: a software that is installed on a computer without the user's content and performs malicious actions The attack vectors occur typically through email, text, or compromised websites. But, they can extend further through physical media such as a USB or CD.

Cyber Attacks

Deliberate actions or activities carried out with the intention of exploiting vulnerabilities in information systems or networks, causing harm or compromise Ex: DDoS, Data Breach, Ransomware Attack, MitM Attack, and Social engineering

Foundational Actions

Develop incident response plan and training

Consequences of Cyber Attacks

For individuals and orgs: criminal charges, imprisonment, lawsuits, fines, and reputation damage Cyber retaliation: potential counterattacks with similar motivations Responsibility of ethical hackers: ethical hacking involves responsibility, knowledge, documentation, confidentiality and trustworthiness

legal frameworks and regulations

General data protection and regulation (GDPR), Computer fraud and abuse act (CFAA) , Budapest convention, Health insurance portability and accountability act (HIPPA), Payment card industry data security standard (PCI DSS), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)

the impact of cyber threats, attacks, and vulnerabilities

It can cause big problems: Individuals face privacy breaches and financial loss. Organizations suffer data breaches, damage to their reputation, and financial harm. Society experiences compromised infrastructure and national security threats.

Phishing

Phishing, a form of social engineering, tricks users into downloading malware and sharing sensitive information by masquerading as a person or organization the victim may trust. - The most common attack vector is email and these emails deliver ransomware to organizations and individuals which later cause data breaches

Strategies to mitigate cyber threats, attacks, and vulnerabilities

Planning and implementing strategies to mitigate is paramount to safeguarding confidential information, critical structure, and personal privacy

Cyber Threats

Potential dangers or malicious activities that can exploit vulnerabilities in computer systems, networks, or digital information, aiming to compromise the confidentiality, integrity, or availability of data or resources Ex: Malware, phising, insider threats, and advanced persistent threats

Ethical considerations

Privacy violation, har to innocent parties, exploitation of vulnerabilities, motivations and intentions

Phishing Threats

Spear phishing, whaling (targeting high-profile individuals), vishing (voice phising), and smishing (SMS phishing)

Social Engineering

The tactic of manipulating, influencing, or deceiving the victim in order to gain control over a computer system and differs from other cyber attack techniques as it relies heavily on psychological manipulation Examples of attack techniques: - Pretexting: A pretext is a made-up scenario developed by actors for the purpose of stealing a victim's personal data - Quid pro quo: Something for something which means that a social engineer offers a service, such as tech support, in exchange for sensitive information

Malware Threats

Viruses, worms, trojans, ransomware, spyware, adware

The importance of regular vulnerability assessments and patch management

Vulnerability assessments are like security check ups (they identify weaknesses) Patch management is about keeping your computer's software updated with the latest security fixes By regularly conducting these assessments, you can minimize the risk of unauthorized access, data breaches, and cyber-attacks

Vulnerabilities

Weaknesses, flaws, or gaps in the security of a system, network, or application that can be exploited by cyber attackers to facilitate an attack Ex: Software vulnerability, weak passwords, unpatched systems, misconfigured settings, insider threats

SQL injection attacks

a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database

weak passwords

easily guessable or common passwords that provide entry points for attackers

unpatched systems

failing to apply security patches, leaving systems vulnerable

hardware vulnerabilities

flaws in computer hardware, such as microprocessor vulnerabilities

Software vulnerabilities

flaws in operating systems and applications that can be exploited

backdoors

hidden or intentionally created access points in software or hardware

misconfigured settings

inadequate security settings or open ports that provide attack opportunities

Insider threats

malicious insiders, negligent insiders


Conjuntos de estudio relacionados

ASVAB Mechanical Comprehension 2020

View Set

Solving Systems of Linear Equations: Graphing

View Set

MED/SURG FINAL (Lewis Chapters 14-16, 23-24, 41-50, 63-65)

View Set

AP CSP PRACTICE TEST WRONG ANSWERS

View Set