CSF

avatar
Created by
Cayenne pepper

Subdecks (2)

Cards (93)

  • Cybersecurity
    Security of information systems and networks with the goal of protecting operations and assets in the face of attacks, accidents and failures
  • CIA Triad
    • Confidentiality - Certain information should only be known to certain people
    • Integrity - Data is stored and transferred as intended and any modification is authorized
    • Availability - Information is accessible to those authorized to view or modify it
  • Seven Security Domains
    • People
    • Physical access
    • Computer systems
    • Software
    • Network
    • Data
    • Organization
  • Asset
    Tangible - Physical items like buildings, furniture, equipment
    Intangible - Information resources like intellectual property, plans, reputation
    Employees - An organization's staff
  • Vulnerability
    A weakness that could be triggered accidentally or exploited intentionally to cause a security breach
  • Threat
    The potential for something or someone that may trigger a vulnerability accidentally or exploit it intentionally
  • Risk
    The likelihood and impact of a threat actor exercising a vulnerability
  • Vulnerability, Threat, Risk
    • Vulnerability - No security guard, Inadequate virus protection
    Threat - Intruder, Virus
    Risk - Theft, Loss of data
  • Threat Actor
    An entity that is partially or wholly responsible for an incident that impacts an organization's security
  • Types of Threat Actors
    • Hackers/Hacktivists
    • Nation States
    • Cyberterrorists
    • Organized Crime and Competitors
    • Trusted Insider
  • Hackers/Hacktivists use cyber weapons to promote a political agenda
  • Nation states use cyber weapons to achieve military and commercial goals
  • Cyberterrorists can cause massive damage to government systems, hospital records, and national security programs
  • Organized crime seeks criminal profit through financial fraud and blackmail
  • Competitor-driven attacks aim to steal or disrupt a competitor's business
  • Insider threats are often more difficult to identify and block than outside attacks
  • Cybersecurity
    Security of information systems and networks with the goal of protecting operations and assets in the face of attacks, accidents and failures
  • CIA Triad

    • Confidentiality
    • Integrity
    • Availability
  • Seven Security Domains

    • People
    • Physical access
    • Computer systems
    • Software
    • Network
    • Data
  • Assets
    • Tangible assets (physical items)
    • Intangible assets (information resources, intellectual property, reputation)
    • Employees
  • Computer
    An electronic device, operating under the control of instructions stored in memory, that can accept data, process data according to specific rules, store the results for future use, and produce results
  • Vulnerability
    Weakness that could be triggered accidentally or exploited intentionally to cause a security breach
  • Components of a Computer System

    • Processor (Central Processing Unit, CPU)
    • Memory
  • Threat
    Potential for something or someone that may trigger a vulnerability accidentally or exploit it intentionally
  • Processor (CPU)

    • The electronic component that interprets and carries out the basic instructions that operate the computer
  • Risk
    Likelihood and impact (or consequence) of a threat actor exercising a vulnerability
  • Memory
    • Electronic components that store instructions waiting to be executed and data needed by those instructions
  • Vulnerability, Threat & Risk

    • No security guard or controlled entry, Intruder, Theft
    • No user-controlled access, Employee, Data modified
    • Inadequate Preparation, Flood, Property damage / loss of life
    • Outdated virus protection, Virus, Loss of Data
  • Hardware Components - Input Devices

    • Keyboard
    • Mouse
    • Microphone
    • Scanner
    • Web Cam
  • Types of Threat Actors

    • Hackers / Hacktivists
    • Nation States
    • Cyberterrorists
    • Organized Crime and Competitors
    • Trusted Insider
  • Hardware Components - Output Devices

    • Monitor
    • Printer
    • Speaker
  • Hackers / Hacktivists
    • Individuals who have the skills to gain access to computer systems through unauthorized or unapproved means
    • Hacktivist group uses cyber weapons to promote a political agenda
  • Hardware Components - Storage Devices

    • USB Flash Drive
    • Disk Drive
    • Memory Cards
    • Optical Disk
    • Solid State Drive
  • Nation States

    • Develop cybersecurity expertise and use cyber weapons to achieve military and commercial goals
    • Advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period
  • A computer keeps data, instructions, and information on storage device
  • Cyberterrorists
    Intentionally use computers, networks, and public internet to cause destruction and harm for personal objectives
  • A storage device reads and writes items to and from storage media
  • Organized Crime and Competitors

    • Organized crime seeks criminal profit, typical activities are financial fraud and blackmail
    • Competitor-driven attacks could aim at theft or disrupting a competitor's business or damaging their reputation
  • Categories of Computers

    • Desktop computers
    • Mobile computers and devices (Laptop, Tablet PC, Smartphone)
    • Servers (Standalone, Rack, Blade)
  • Trusted Insider

    • Perpetrator of an attack is a member of, ex-member of, or somehow affiliated with the organization's own staff, partners, or contractors
    • Insider threats are often more difficult to identify and block than outside attacks