Week 2
The 8 CISSP Security Domains
1. Security and Risk Management 2. Asset Security 3. Security Architecture and Engineering 4. Communication and Network Security 5.Identity and Access Management 6. Security Assessment and Testing 7. Security Operations 8. Software Development Security
What is ransomware?
A malicious attack where threat actors encrypt an organizations data and demand payment to restore access.
What is spear phishing?
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source.
What is a social engineering attack and which domain does it fall under?
A manipulation technique that exploits human error to gain private information, access, or valuables. Examples: Phishing, Smishing, Vishing, Spear Phishing, Whaling, Social Media Phishing, Business Email Compromise, , ect. This attack falls under the Security and Risk Management Domain.
What is social engineering?
A manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It is the threat actors mission, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
What is a physical attack and which domain does it fall under?
A security incident that affects not only the digital but also the physical environments where the incident was deployed. Examples: Malicious USB cable, flash drive, card closing, and skimming. This attack falls under the Asset Security Domain.
What is malware?
A software designed to harm devices or networks. Primary purpose is to obtain money or an intelligence advantage that can be used against a person, organization, or territory.
What is the business email compromise (BEC)?
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.
What are three threat actor types?
Advanced Persistent Threats (APTs), Insider Threats, and Hacktivist.
What are authorized hackers?
Also known as ethical hackers. These hackers follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
What are unauthorized hackers?
Also known as unethical hackers. These hackers are a malicious threat who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.
What is a password attack and which domain does it fall under?
An attempt to access password secured devices, systems, networks, or data. Examples: Brute force and Rainbow Table. This attack falls under the Communication and Network Security Domain.
What is a hacker?
Any person who uses computers to gain access to computer systems, networks, or data. They can be a beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories: authorized, semi authorized, and unauthorized.
What is a threat actor?
Any person/group presenting as a security risk.
Which domain involves security digital and physical assets as well as managing the storage, maintenance, retention, and destruction of data?
Asset Security
Which domain involves keeping data secure by ensuring users follow established policies to control and manage.
Identity and Access Management
The Morris Worm
In 1988 Robert M. developed a program to assess the size of the internet. The program crawled the web and installed itself onto other computer to tally the number of computers that were connected to the internet. The program failed to keep track of the computers it had already compromised and continued to re-install itself until the computers ran out of memory and crashed. About 6000 computers were affected, which represented 10% of the internet at the time. This attack cost millions of dollars in damages due to business disruptions and the efforts required to remove the worm. After the worm, computer emergnecy response teams (CERTs) were established to respond to computer security incidents.
The Equifax Breach
In 2017, attackers successfully infiltrated the credit reporting agency. This resulted in one of largest known data breaches of sensitive information. Over 143 million customer records were stolen and the breach affected approximately 40% of all Americans. The records included PII: SSN, DOB, drivers license numbers, home addresses, and credit card numbers. From a security standpoint, the breach occurred due to multiple failures on the agencies part. There were more than one vulnerability attackers took advantage of. The company failed to take action needed to fix multiple known vulnerabilities in the months leading up to the data breach. In the end, the agency settled with the US government and paid over $575 million dollars to resolve customer complaints and cover required fines. The large settlement with the US government changed companies to the financial impact of a breach and the need to implement preventative measures.
The Love Letter Attack
In the year 2000, Onel De Guzman created this malware to steal internet login credentials. This attack spread quickly and took advantage of people who had not developed a healthy suspicion for unsolicited emails. Users received an email with the subject line, "I love you". Each email contacted an attachment labeled, "love letter for you". When the attachment was opened, the malware scanned a user address book. Then it automatically sent itself to each person on the list and installed a program to collect user information and passwords. Recipients would think they were receiving emails from a friend, but it was actually a malware. This attack ended up infecting 45 million computers globally and is believed to have caused $10 billion in damages. This attack is the first example of Social Engineering.
The Brain Virus
Intended to track illegal copies of medical software and prevent pirated licenses, but once a person used a pirated copy of the software, the virus infected the computer. Any disk that was put into the computer was also infected. The virus spread to a new computer every time someone used one of the infected disks. Undetected, the virus also spread globally within a couple of months. This virus slowed down productivity and significantly impacted business.
As security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?
Security Architecture and Engineering
Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risk, threats, and vulnerabilities?
Security Assessment and Testing
Which domain involves conducting investigations and implementing preventative measures?
Security Operations
You receive an alert that an unknown device has been connected to your companys internal network. You follow company policies and procedures to stop the potential threat. Which security domain is this scenario related to?
Security Operations Domain. This is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop potential threat is an example of taking a preventative measure.
Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?
Security and Risk Management
___________ is a manipulation technique that exploits human error to gain private information, access, or valuables.
Social engineering.
Which attack led to the development of computer response teams?
The Morris Worm Attack
Your supervisor asks you to audit the HR management systems at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current HR administrators. Which security domain is this audit related to?
The Security Assessment and Testing Domain. This involves regular audits of user permissions to make sure employees and teams have the correct level of access.
What is vishing?
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
What historical event used a malware attachment to steal user info and passwords?
The love letter attack.
Smishing
The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
What are hacktivists?
There are threats that are driven by political agenda. They abuse digital technology to accomplish their goals, which may include: demonstrations, propaganda, social change campaigns, and fame.
What are insider threats?
These are threats that abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include: sabotage, corruption, espionage, and unauthorized data access or leaks.
What are semi authorized hackers?
These hackers are also known as researchers. They search for vulnerabilities but they do not take advantage of the vulnerabilities they find.
What are advanced persistent threats?
These threats have significant expertise accessing an organizations network without authorization. They tend to research their target in advance and can remain undetected for an extended period of time. Their intentions and motivations can include: damaging critical infrastructure such as the power grid and natural resources and gaining access to intellectual property, such as trade secrets or patents.
What is the cryptographic attack and which domain does it fall under?
This attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are birthdays, collision, and downgrade. These attacks fall under the Communication and Network Security domain.
What is the supply chain attack and which domain does it fall under?
This attack targets systems, applications, hardware, and or software to locate a vulnerability where malware can be deployed. Every item sold undergoes a process that involves third parties, which means that the security breach can occur at any point in the supply chain. These are costly attacks because they can affect the multiple organizations and individuals who work for them. These attacks can fall under several domains including but not limited to, Security and Risk Management, Security Architecture and Engineering, and Security Operations domain.
Security Operations Domain
This domain conducts investigations and implementing preventative measure
Security Assessment and Testing Domain
This domain focuses on conducting security control testing, collecting, and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. Analysts in this domain may conduct regular audits of user permissions to make sure that users have the correct level of access. For example, access to payroll being limited to certain employees so analysts may be asked to regularly audit permissions to ensure no unauthorized person can view employee salaries.
Security and Risk Management Domain
This domain focuses on defining security goals and objectives, risk mitigations, compliance, business continuity, and the law. For example, analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as HIPAA.
Identity and Access Management Domain
This domain focuses on keeping data secure by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets such as networks and application. Validating the identities of employees and documenting access roles are essential to maintaining the organizations physical and digital security. For example, analysts would be tasked with setting up the employees card access to buildings.
Communication and Network Security Domain
This domain focuses on managing and securing physical networks and wireless communications. As an analyst in this domain, you may be asked to analyze user behavior within your organization.
Security Architecture and Engineering Domain
This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As an analyst in this domain, you may be tasked with configuring a firewall. Setting up a firewall correctly helps prevent attacks that could affect productivity
Asset Security Domain
This domain focuses on securing digital and physical assets. Its' also related to the storage, maintenance, retention, and destruction of data. When working within this domain, analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.
Software Development Security Domain
This domain uses secure coding practices, which are a set of recommended guidelines used to create secure applications and services. Analysts in this domain may with with software development teams to ensure security practices are incorporated into the software development life cycle.
What is a water hole attack?
Threat actors attack a website frequently visited by a specific group of users.
What is social media phishing?
Threat actors collect detailed information about their target from social media sites and then initiate an attack.
What is physical social engineering?
Threat actors impersonate an employee, customer, or vendor to obtain unauthorized access to a physical location.
What is USB baiting?
Threat actors strategically leave a malware USB stick for an employee to find and install, to unknowingly infect a network.
A computer ______ is a malicious code that interferes with computer operations and causes damage.
Virus
Worm
a computer virus that can duplicate and spread on its own without human involvement.
Virus
a malicious code written to interfere with computer operations and cause damage to data and software. They attach themselves to programs or documents on a computer which then spreads and infects one or more computers in a network. Also known as malware.
What is whaling?
a special type of phishing that targets a single power user, such as a Chief Executive Officer (CEO) to gain access to sensitive data.
What is Adversarial Artificial Intelligence attack and which domain does it fall under?
a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. This attack falls under both the Communication and Network Security as well as the Identity and Access Management Domains.
What is spyware?
a type of malware used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voices, and image recordings, and locations.
Malware
software designed to harm devices or networks
What is phishing?
the use of digital communication to trick people into revealing their sensitive data or deploying malicious software.
