Chapter 1
Exploit
A procedure, piece of software, or a sequence of commands that takes advantage of a vulnerability to actually carry out an attack. Example: There is an enabled USB on the customer database and a disgruntled employee. The employee uses a USB drive to steal the customer information from the database.
Proliferation of Attack Software
A wide variety of attacks tools are available on the internet, allowing anyone with a moderate level of technical knowledge to download the tools and run an attack.
Assets
An asset is something that simply has value to an individual or organization. Can be a physical device such as an iPad or it can be electronic such as a pdf document or server.
Vulnerability
An opening or weakness in the system that allows threat agents to carry around a threat. Example: 1) disgruntled internal employee who is an information security professional with elevated access to a server system. 2) Enabled USB port
Sophisticated Attacks
Complex making them difficult to detect and thwart. Use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic. Vary their behavior, making the same attack appear differently each time.
CIA
Confidentiality, Integrity, Availability These are often identified as the three main goals of security.
Script kiddies
Download and run attacks available on the internet, but generally are not technically savvy enough to create their own attacking code or script.
Threat Agent: Employee
Employees can be the most overlooked yet most dangerous threat agent because they have greater access to information assets than anyone on the outside trying to break in. They are known as internal threats. Reasons: 1) becoming disgruntled with their employer 2) be bribed by a competitor 3) be an unintentional participant in an attack 4) accidentally delete or cause data corruption
Confidentiality
Ensures that data is not disclosed to unintended persons. This is provided though encryption, which converts the data into a form that makes it less likely to useable by an unintended recipient.
Integrity
Ensures that data is not modified or tampered with. This is provided through hashing.
Cyber Terrorists
Generally use the internet to carry out terrorist activities such as disrupting network dependent institutions.
Threat Agent: Hacker
Hacker is a threat agent who uses their technical knowledge to bypass security mechanisms to exploit a vulnerability to access information.
Threat Agent: Spy
Spied can be employed in corporate espionage to obtain information about competitors for commercial purposes. Reasons: 1) A spy applied for a job with a commercial competitor and then exploits internal vulnerabilities to steal information and return it to their client. 2) A spy attacks an organization from the outside by exploiting external vulnerabilities and then returns the information to their client.
Threat Agent
The actual person or entity that carries out a threat. Threat agents can be internal or external or they can have little funding or a massive amount of funding. Sometimes threat agents can have a specific purpose for attacking another person or they can just be attacking because they have found a vulnerability in the system. Examples include: 1) an organized crime syndicate trying to steal credit card information 2) a nation state trying to steal classified information. 3) Business competitors that steal company secrets in order to gain an economic edge.
Security
The degree of protection against danger, damage, loss, and criminal activity.
Attack Scale and Velocity
The scale and velocity of an attack can grow to millions of computers in a matter of minutes or days due to its ability to proliferate on the internet. Because modern attacks are not limited to user interactions, such as using a floppy disk, to spread an attack from machine to machine, the attacks often affect very large numbers of computers in a relatively short amount of time.
Threats
Threats represent anything that has the potential to cause the loss of an asset. Examples include a virus, trojan, an external hacker, or an internal employee.
By definition, which security concept uses the ability to prove that a sender sent an encrypted message a) Privacy b) Non-repudiation c) Authentication d) Integrity
b) Non-repudiation
What is the greatest threat to the confidentiality of data in most secure organizations? a) hacker intrusion b) USB devices c) Operator Error d) Malaware
b) USB devices
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket which of the following security risks is most pressing?? a) Non-Repudiation b) Availability c) Confidentiality d) Integrity
c) Confidentiality
By definition, which security concept ensures that only authorized parties can access data? a) Non-Repudiation b) Authentication c) Confidentiality d) Integrity
c) Confidentiality
Smart phones with camera and internet capabilities post a risk to which security concept? a) Non-Repudiation b) Availability c) Confidentiality d) Integrity
c) Confidentiality
Which of the following is an example of a vulnerability? a) Unauthorized access to confidential resources b) Denial of Service Attack c) Virus Infection d) A misconfigured server
d) A misconfigured server
Which of the following is an example of an internal threat? a) a water pipe in the server room breaks b) A delivery man is able to walk into a controlled area and steal a laptop c) a server back door allows an attacker on the internet to gain access to the intranet site d) A user accidentally deletes the new product designs.
d) A user accidentally deletes the new product designs.
Which of the following is the correct definition of a threat? a) instance of exposure to losses from an attacker b) Absence or weakness of a safeguard that could be exploited c) The likelihood of an attack taking advantage of a vulnerability d) Any potential danger to the confidentiality, integrity, or availability of information or systems.
d) Any potential danger to the confidentiality, integrity, or availability of information or systems.
Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide? a) Non-Repudiation b) Availability c) Confidentiality d) Integrity
d) Integrity
Which of the following is not a valid concept to associate with integrity? a) ensure that your systems record the real information when collecting data b) Protect your environment so it maintains the highest score of truth c) prevent the unauthorized change of data d) control access to resources to prevent unwanted access
d) control access to resources to prevent unwanted access
Availability
ensures the uptime of the system so that data is available when needed
Non-repudiation
provides validation of message's origin. For example, if a user sends a digitally signed email, they cannot claim later that the email was not sent. Non-repudiation is enforced by digital signatures.
Risk Management
the process of identifying security issues and deciding which countermeasures to take in reducing risk to an acceptable level. The main objective to reduce risk for an organization to a level that is deemed acceptable by senior management.
Users and Administrators
which are the people who use the software and the people who manage the software, respectively.
Policies
which are the rules an organization implements to protect information
Physical Security
which includes all hardware and software necessary to secure data, such as firewalls and antivirus software.
Cybercriminals
who usually seek to exploit security vulnerabilities for some kind of financial reward or revenge.
