ISQS Exam 3 Quizlet (Primary)

What are the security best-practices the article mentions?

A solid security awareness training program. Look out for the seven red flags. Don't click! Inform the IT team or MSP There are a few best practices around strong passwords, including the length being at least eight characters, containing letters and special characters, and staying away from obvious information such as names and birthdays. Additionally, it's wise to think about changing and/or updating their passwords every six months or so. only use trusted network connections or secure the connection using appropriate VPN settings. Users should always be mindful of which websites they're visiting, which apps they're installing and which links they're clicking on. Lock your device before you leave your desk. Store documents in a locked cabinet. Properly discard information.

What are the parts of a successful cyber security approach and what does it involve?

A successful cybersecurity approach has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe. In an organization, the people, processes, and technology must all complement one another to create an effective defense from cybersecurity attacks. It involves people, processes, and technology.

1. What are the main aims of cyber attacks?

Accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

3. What are some tools to help prevent cyber attacks? Are they sufficient to help prevent the modern cyber attack? Why or why not? If not, what else can help?

Anti-virus software, firewall. Not as effective as they once were. Threat landscape is changing. Zero-day vulnerabilities in brute-force hacking are still active but they're no longer as prevalent. They've been displaced by a cheaper more effective style of attack 50% success rate. People are the new perimeter. Attacks are global and more severe and frequent, humans are the new attack vector. Layered defense model. Next gen security software, application aware fireballs, big data analytics are all also a good start. Education, training, and awareness are most important measures to take.

What is cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

5. What is cyber self-defence, what are its tactics (understand the specifics here), and what is the cyber self-defense golden rule? Trust but verify.

Definition: Next generation skills to safeguard your information in the digital world. Tactics: 1. Stop clicking 2. Stop clicking 3. Use strong passwords - easily remembered but long phrase, length over complexity. 4. Don't re-use passwords - check out a password manager (LastPass & Dashline) 5. Two Factor Authentication - use a one time passcode. 6. Patch yourself - antivirus, windows updates, and good security hygiene.

Technology

Essential to giving organizations and individuals the computer security tools needed to protect themselves from cyber attacks. Three main entities must be protected: endpoint devices like computers, smart devices, and routers; networks; and the cloud. Common technology used to protect these entities include next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions.

2. Determine the most common sources for cyber attacks?

Hacktivists, crime syndicates, nation states

1. According to the article, what has become a major weak point for an organization's information security, and what number backs this up?

Human error. Almost 90 percent of cyber attacks are caused by human error or behavior.

4. What is social engineering, and what tactics do hackers use when attempting a social engineering attack?

Most prevalent attack, modus operandi of modern hackers. Focuses on gaining your trust through opaque information, recon, theme can be generalized. Phishing (emails) - most common and successful - take some sort of action, malware. Key stroke logging programs, real time screenshots, turn on webcam, turn computer into a weapon. Credential Harvesting - action is follow link to reference document, equal opportunity for windows and mac users Phone Phishing - attackers compel you over the phone to install malware, claiming to be big tech companies.

1. According to the video, what are some of the statistics for cyber attacks and data breaches?

Only 50 percent of cyber attacks are successful. Not only do 50% of all attack targets fall victim but they do so in the first hour. Average cost of a data breach: 3.79 million dollars in 2015 (23% growth in last two years) Ashley Madison 32 million emails passwords credit cards.

Processes

Organizations must have a framework for how they deal with both attempted and successful cyber attacks.

What should a solid security awareness training program cover?

Phishing and Social Engineering Access, Passwords and Connection Device Security Physical Security

1. Why are phishing and social engineer attacks so successful?

they're disguised to look like they come from credible, trustworthy sources—forcing a sense of falsified trust.

People

Users must understand and comply with basic data security principles like choosing strong passwords, being wary of attachments in email, and backing up data.