Cybersecurity risk

avatar
Created by
Xpwag

Cards (15)

  • Security effectiveness is defined as a combination of:
    • Confidentatiality, level of access individuals have to information
    • Integrity, user's must be able to trust the software
    • Availability, individuals are able to readily access the software with interruption
  • Hackers
    • White hat, act for good like testing vulnerabilities within a software
    • Grey hat, not malicious but actions may be illegal or unethical
    • Black hat, generate malicous code to corrupt or steal information
    • Script kiddies, use downloaded code
  • Spies
    Computer espionage targetted towards stealing data
  • Insiders
    Most effective attack by someone within the organisation used to steal data
  • Cybercriminals
    Hackers aimmed towards stealing information to sell
  • Cyberterrorist
    Motivated by an ideological belief and are often unpredictable
  • Physical Security
    • Deterance, measures that pose difficulties for attackers
    • Delay, impede or slow attackers
    • Detect, identifies unauthorised actions or individuals
    • Respond, prevent or mitigate an attack
    • Recover, restore operations to normal levels
  • Layering involves having multiple zones with increasing layers of security. Used to deter, detect and delay attackers
  • Malware, malicous software that enter a computer that can corrupt, control or modify data
    • Virus, malicous code that reproduces on the same computer
    • Worms, self-replicating code that can spread across computer systems
    • Trojans, software disguised as being safe, requires user installation
    • Logic bomb, placed by individuals in a system that activates when a condition is met or the timer is over
  • Security procedures
    • Firewall is a hardware device or software that blocks unauthorised access.
    • Preform security updates to patch possible vulnerabilities.
    • Quarantine affected equipment by removing it from the software.
  • How software and data can be protected
    • Version control, records each stage of the development process, so that previous points can be returned to
    • User-authentication, involves multi-factor authentication, monitor IP location and resetting passwords
    • Encryption, ensures that the data is encoded making it unintelligible to outsiders
    • Software updates, involves patches that install or updates vulnerabilities
  • Software audits, involves conducting a review on the system to identify vulnerabilites, legal and ethical issues and to find ways to improve the system
  • Data-breaches
    • Man-in-the-middle attack, is a type of eavesdrops where communications and data is exposed to an authorised party, where it is intercepted and possbily altered
    • Social engineering, attacks rely on the manipulation of human nature to gain information
    • Cross-site scripting, is when attackers inject client sided script onto webpages
    • SQL injection, is when attackers inject malware in a database allowing them to destory or manipulate information
    • Botnet zombies is a coordinated network of compromised computers used to transmit or cause a Ddos attack (overwhelming a webserver)
  • Social engineering involves
    • Phishing, which is when someone decieves people into reavealing information or installing malware
    • Pharming, redirecting users to false websites
    • Spoofing, tricking users by using false identities
  • Characteristics of data integrity
    • Accuracy refers to the accuracy of the functions (completeness and correctness) and appearance (consistency and calrity) of the data
    • Authenticity is when the data and informaton comes from a reliable and trusted source
    • Reasonable, checks that the raw data is logically possible
    • Relevance, measures how closely a resource corresponds to that person's desire for that information
    • Timeliness, data must be able to be produced efficiently to provide usable information