CIS 377 Midterm

List and describe the steps in the Risk Management Process.

1. Identify risk 2. Analyze risk 3. Evaluate risk 4. Treat risk 5. Monitor and review risk

Describe the steps in an Incident Response Plan.

1. Incident response planning 2. Incident detection 3. Incident response 4. Preventive countermeasures 5. Recovery (cycle repeats)

One of the first components of risk identification is identification, inventory, and categorization of assets. List at different types of assets.

1. People comprised of employees and non-employees 2. Procedures fall into 2 categories: IT & business standard procedures, IT & business sensitive procedures 3. Data components account for the management of information in all its states: transmission, processing, and storage. 4. Software components assigned to one of three categories: applications, operating systems, security components. 5. Hardware assigned to one of two categories: usual systems device and peripherals, and devices part of information security control systems 6. Hardware components separated into two categories: devices and peripherals, and networks.

There are 12 general categories of threat to an organization's people, information, and systems. List all and identify at least one example of those listed.

1. Physical damage - water damage 2. Natural events - earthquake 3. Loss of essential services - power outage 4.

Describe the steps in the Cyber Kill Chain.

1. Reconnaissance - harvesting email addresses, conference information, etc. 2. Weaponization - coupling exploit with backdoor into deliverable payload. 3. Delivery - delivering weaponized bundle to victim via email, usb, etc. 4. Exploitation - exploiting a vulnerability to execute code on a victim's system 5. Installation - installing malware on the asset 6. Command and control (C2) - command chanel for remote manipulation of victim. 7. Actions on objectives - With hands on keyboard access, intruders accomplish their original goals.

List at strategies for controlling risk.

1. Risk avoidance 2. Risk transference 3. Risk mitigation 4. Risk acceptance

Describe insider threat.

A malicious threat to an organization that comes from within the organization: it's employees, former employees, contractors, business associates, etc.

Describe defense in depth.

An approach to cyber security in which a series of defense mechanisms are layered to protect data.

Give examples of critical infrastructure systems.

Chemical, communications, commercial facilities, critical manufacturing.

What are the three components of the C.I.A. triad? What are they used for?

Confidentiality - ensures the wrong people cannot gain access to sensitive information while the right people can. Availability - guarantees reliable and constant access to sensitive data. Integrity - ensures that sensitive data is trustworthy and accurate.

__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.

DR (disaster relief)

Why are employees one of the greatest threats to information security?

Employee mistakes can easily lead to revelation of classified data, erroneous data entry, accidental modification of data...they are only human.

Computer security is generally considered to be the responsibility of...?

Everyone in the organization

A worm requires that another program is running before it can begin functioning.

False

In the U.S. no providers of critical infrastructures have sustained a cyber attack.

False

Information security can be an absolute.

False

Most computer criminals are not really "criminals".

False

The Health Insurance Portability and Accountability Act of 1996 requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans.

False

True/False Digital evidence is not volatile.

False

When electronic information is stolen, the crime is readily apparent.

False

____________ is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system

Hardware

Why is the Energy Sector a uniquely critical infrastructure?

It provides an "enabling function" among all critical infrastructure sectors and fuels the economy of the 21st century.

Why is "think like an adversary" an important security strategy?

Organizations face a vast variety of cyber threats, so this provides a strategic advantage.

What is the difference between quantitative and qualitative risk analysis?

Qualitative risk analysis measures impact of potential risks against a pre-defined scale, while quantitative numerically evaluates effect of potential risks.

A type of malicious code that takes control of the information on a system and demands payment to release it is called ______________ Some attackers will encrypt the data on the system and demand money to decrypt it.

Ransomware

____________________ involves three major undertakings: risk identification, risk assessment, and risk control.

Risk management

What country implemented a multi-layered attack against the US power system in 2017?

Russia

Describe advanced persistent threat.

Series of advanced cyber attacks that continue over a long period of time. Usually a nation state or state sponsored group.

______________ is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.

Shoulder surfing

____ is any technology that aids in gathering information about a person or organization without their knowledge.

Spyware

In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.

TCP hijacking/man-in-the-middle

The weakest link in a security chain is:

The people of an organization

____________________ are malware programs that hide their true nature and reveal their designed behavior only when activated.

Trojan horse

A firewall can be configured to disallow certain types of incoming traffic that may be attacking.

True

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

True

As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown.

True

Blocking ICMP packets may help prevent denial-of-service attacks.

True

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.

True

Experts consider Romania the country with the strictest cybercrime laws.

True

Frequently the first responder to a computer crime is the network administrator.

True

In the attack on the US Power grid in 2017, malware was planted, fake resumes with tainted attachments were used.

True

In the early years of computing, if security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers.

True

Malware is a generic term for software that has a malicious purpose.

True

One form of e-mail attack that is also a DoS attack is called a mail bomb, in which an attacker overwhelms the receiver with excessive quantities of e-mail.

True

Power grids are a major target for foreign actors.

True

Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level.

True

To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.

True

To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.

True

To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.

True

List at least three methods to defend against cyberattacks.

Use strong passwords and change them periodically, install anti-virus, install anti-spyware and anti-malware, perform daily scans.

What is the difference between vulnerability and exposure?

Vulnerability is a fault within the system, for example software package flaws, unlocked doors, or unprotected system ports. Exposure is a single instance when a system is open to damage.

An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.

asset

A(n) ____________________ is an act against an asset that could result in a loss.

attack

____________________ enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.

availability

These individuals hack for malicious reasons or personal gain. They do not have permission from the entity.

blackhat hacker

Of various approaches to information security implementation, the ___________ approach has a higher probability of success.

bottom-up

Of the various types of mitigation plans, the ____________________ plan is the most strategic and long-term, as it focuses on the steps to ensure the continuation of the organization

business continuity

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

chain of custody

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

chief information security office (CISO)

A ____ site provides only rudimentary services and facilities.

cold

When unauthorized individuals or systems can view information, _________________________ is breached.

confidentiality

Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.

controls

Software code known as a(n) _________ can allow an attacker to track a victim's activity on Web sites.

cookie

____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.

cyber terrorism

The most valuable organizational asset is ____________.

data

In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.

denial of service (dos)

A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

distributed denial of service (ddos)

A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.

expectancy

A technique used to compromise a system is known as a(n) ___________.

exploit

Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.

forensics

These individuals hack without permission but not for malicious reasons.

greyhat hacker

One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency

hacktivist

A(n) _____________ system is the entire set of people, procedures, and technology that enable business to use information.

hardware

A(n) ____________________ site is a fully configured computer facility with all services, communications links, and physical plant operations provided, including heating and air conditioning.

hot

The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization.

incident response

Risk management helps you do all of the following except:

insurance premiums

Information has ____________________ when it is whole, complete, and uncorrupted.

integrity

The ____________ virus infects the key operating system files located in a computer's start-up sector.

macro

What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and ...

mitigating damage

An organization may hire a ________ hacker to find all the vulnerabilities in their system so that it can be patched before someone takes advantage of it

penetration tester

The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as __________.

pharming

The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.

physical security

A(n) ____________ threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures

polymorphic threat

To investigate allegations of digital malfeasance.

purpose of digital forensics

The first phase of risk management is _________.

risk identification

A _________ assigns a status level to employees to designate the maximum level of classified data they may access.

security clearance

In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.

social engineering

What is an example of Personal Identifiable Information (PII)?

social security number

A device (or a software program on a computer) that can monitor data traveling on a network is known as a _________ sniffer.

socket

When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.

standards of due care

According to NIST SP 800-14's security principles, security should ________.

support the mission of the organization, require comprehensive and integrated approach, and be cost effective.

A(n) ____________________ is a potential risk to an information asset.

threat

Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) ​_________.

threat

A potential weakness in an asset or its defensive control system(s) is known as a(n) ​_________.

vulnerability

A(n) ____________________ is a potential weakness in an asset or its defensive control(s).

vulnerability

A(n) ____________________ is a malicious program that replicates itself constantly without requiring another program environment.

worm