CIS 377 Midterm
List and describe the steps in the Risk Management Process.
1. Identify risk 2. Analyze risk 3. Evaluate risk 4. Treat risk 5. Monitor and review risk
Describe the steps in an Incident Response Plan.
1. Incident response planning 2. Incident detection 3. Incident response 4. Preventive countermeasures 5. Recovery (cycle repeats)
One of the first components of risk identification is identification, inventory, and categorization of assets. List at different types of assets.
1. People comprised of employees and non-employees 2. Procedures fall into 2 categories: IT & business standard procedures, IT & business sensitive procedures 3. Data components account for the management of information in all its states: transmission, processing, and storage. 4. Software components assigned to one of three categories: applications, operating systems, security components. 5. Hardware assigned to one of two categories: usual systems device and peripherals, and devices part of information security control systems 6. Hardware components separated into two categories: devices and peripherals, and networks.
There are 12 general categories of threat to an organization's people, information, and systems. List all and identify at least one example of those listed.
1. Physical damage - water damage 2. Natural events - earthquake 3. Loss of essential services - power outage 4.
Describe the steps in the Cyber Kill Chain.
1. Reconnaissance - harvesting email addresses, conference information, etc. 2. Weaponization - coupling exploit with backdoor into deliverable payload. 3. Delivery - delivering weaponized bundle to victim via email, usb, etc. 4. Exploitation - exploiting a vulnerability to execute code on a victim's system 5. Installation - installing malware on the asset 6. Command and control (C2) - command chanel for remote manipulation of victim. 7. Actions on objectives - With hands on keyboard access, intruders accomplish their original goals.
List at strategies for controlling risk.
1. Risk avoidance 2. Risk transference 3. Risk mitigation 4. Risk acceptance
Describe insider threat.
A malicious threat to an organization that comes from within the organization: it's employees, former employees, contractors, business associates, etc.
Describe defense in depth.
An approach to cyber security in which a series of defense mechanisms are layered to protect data.
Give examples of critical infrastructure systems.
Chemical, communications, commercial facilities, critical manufacturing.
What are the three components of the C.I.A. triad? What are they used for?
Confidentiality - ensures the wrong people cannot gain access to sensitive information while the right people can. Availability - guarantees reliable and constant access to sensitive data. Integrity - ensures that sensitive data is trustworthy and accurate.
__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.
DR (disaster relief)
Why are employees one of the greatest threats to information security?
Employee mistakes can easily lead to revelation of classified data, erroneous data entry, accidental modification of data...they are only human.
Computer security is generally considered to be the responsibility of...?
Everyone in the organization
A worm requires that another program is running before it can begin functioning.
False
In the U.S. no providers of critical infrastructures have sustained a cyber attack.
False
Information security can be an absolute.
False
Most computer criminals are not really "criminals".
False
The Health Insurance Portability and Accountability Act of 1996 requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans.
False
True/False Digital evidence is not volatile.
False
When electronic information is stolen, the crime is readily apparent.
False
____________ is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system
Hardware
Why is the Energy Sector a uniquely critical infrastructure?
It provides an "enabling function" among all critical infrastructure sectors and fuels the economy of the 21st century.
Why is "think like an adversary" an important security strategy?
Organizations face a vast variety of cyber threats, so this provides a strategic advantage.
What is the difference between quantitative and qualitative risk analysis?
Qualitative risk analysis measures impact of potential risks against a pre-defined scale, while quantitative numerically evaluates effect of potential risks.
A type of malicious code that takes control of the information on a system and demands payment to release it is called ______________ Some attackers will encrypt the data on the system and demand money to decrypt it.
Ransomware
____________________ involves three major undertakings: risk identification, risk assessment, and risk control.
Risk management
What country implemented a multi-layered attack against the US power system in 2017?
Russia
Describe advanced persistent threat.
Series of advanced cyber attacks that continue over a long period of time. Usually a nation state or state sponsored group.
______________ is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.
Shoulder surfing
____ is any technology that aids in gathering information about a person or organization without their knowledge.
Spyware
In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
TCP hijacking/man-in-the-middle
The weakest link in a security chain is:
The people of an organization
____________________ are malware programs that hide their true nature and reveal their designed behavior only when activated.
Trojan horse
A firewall can be configured to disallow certain types of incoming traffic that may be attacking.
True
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
True
As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown.
True
Blocking ICMP packets may help prevent denial-of-service attacks.
True
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
True
Experts consider Romania the country with the strictest cybercrime laws.
True
Frequently the first responder to a computer crime is the network administrator.
True
In the attack on the US Power grid in 2017, malware was planted, fake resumes with tainted attachments were used.
True
In the early years of computing, if security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers.
True
Malware is a generic term for software that has a malicious purpose.
True
One form of e-mail attack that is also a DoS attack is called a mail bomb, in which an attacker overwhelms the receiver with excessive quantities of e-mail.
True
Power grids are a major target for foreign actors.
True
Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level.
True
To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.
True
To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.
True
To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.
True
List at least three methods to defend against cyberattacks.
Use strong passwords and change them periodically, install anti-virus, install anti-spyware and anti-malware, perform daily scans.
What is the difference between vulnerability and exposure?
Vulnerability is a fault within the system, for example software package flaws, unlocked doors, or unprotected system ports. Exposure is a single instance when a system is open to damage.
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.
asset
A(n) ____________________ is an act against an asset that could result in a loss.
attack
____________________ enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.
availability
These individuals hack for malicious reasons or personal gain. They do not have permission from the entity.
blackhat hacker
Of various approaches to information security implementation, the ___________ approach has a higher probability of success.
bottom-up
Of the various types of mitigation plans, the ____________________ plan is the most strategic and long-term, as it focuses on the steps to ensure the continuation of the organization
business continuity
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
chain of custody
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
chief information security office (CISO)
A ____ site provides only rudimentary services and facilities.
cold
When unauthorized individuals or systems can view information, _________________________ is breached.
confidentiality
Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.
controls
Software code known as a(n) _________ can allow an attacker to track a victim's activity on Web sites.
cookie
____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.
cyber terrorism
The most valuable organizational asset is ____________.
data
In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.
denial of service (dos)
A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
distributed denial of service (ddos)
A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.
expectancy
A technique used to compromise a system is known as a(n) ___________.
exploit
Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.
forensics
These individuals hack without permission but not for malicious reasons.
greyhat hacker
One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency
hacktivist
A(n) _____________ system is the entire set of people, procedures, and technology that enable business to use information.
hardware
A(n) ____________________ site is a fully configured computer facility with all services, communications links, and physical plant operations provided, including heating and air conditioning.
hot
The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization.
incident response
Risk management helps you do all of the following except:
insurance premiums
Information has ____________________ when it is whole, complete, and uncorrupted.
integrity
The ____________ virus infects the key operating system files located in a computer's start-up sector.
macro
What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and ...
mitigating damage
An organization may hire a ________ hacker to find all the vulnerabilities in their system so that it can be patched before someone takes advantage of it
penetration tester
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as __________.
pharming
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
physical security
A(n) ____________ threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures
polymorphic threat
To investigate allegations of digital malfeasance.
purpose of digital forensics
The first phase of risk management is _________.
risk identification
A _________ assigns a status level to employees to designate the maximum level of classified data they may access.
security clearance
In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
social engineering
What is an example of Personal Identifiable Information (PII)?
social security number
A device (or a software program on a computer) that can monitor data traveling on a network is known as a _________ sniffer.
socket
When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.
standards of due care
According to NIST SP 800-14's security principles, security should ________.
support the mission of the organization, require comprehensive and integrated approach, and be cost effective.
A(n) ____________________ is a potential risk to an information asset.
threat
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) _________.
threat
A potential weakness in an asset or its defensive control system(s) is known as a(n) _________.
vulnerability
A(n) ____________________ is a potential weakness in an asset or its defensive control(s).
vulnerability
A(n) ____________________ is a malicious program that replicates itself constantly without requiring another program environment.
worm