Cyber Security Test - Week 1 to 5 Questions and Answers with Compete Solutions What does cyber security refer to? - Answer Cybersecurity relates to the security of any device which is connected to some form of network such as the internet. What does information security refer to? - Answer Information security is wider than computer security because it relates to the security of any information, whether that be physical or held within a digital device. What does computer security refer to? - Answer Computer security relates to the security of any computing device. What are the three stages within cyber security? - Answer Prevent: try to prevent any attacks Detect: try to detect any attack which are happening or have happened Respond: try to respond to those attacks by incorporating more mechanisms or including things such as security training or policies which can also impact the security of a system What are the three properties that make up the CIA triad? - Answer Confidentiality: where information should be kept confidential from unauthorised parties. For example, if you visit your GP and have some medical issues, documented, the doctor's surgery is required to ensure that that is kept confidential from unauthor ised parties. Integrity: where you want your data to be correct. You don't want someone to go and amend that in an incorrect fashion. If we go back to the example of the GP surgery, again, you wouldn't want somebody going and changing your medication to something that i t shouldn't be. So again, we're coming back to the idea of unauthorised parties changing information or accessing information that they shouldn't have access to. Availability: The data should be available to legitimate users at a time which is expected to have access to. One example of this could be a bank unexpectedly being hit by a denial of service attack, in which case the end user would not be able to access t heir funds, which could cause some distress as well as, obviously impact the bank's reputation, which is undesirable. What is a Bad/threat actor or malicious actor/hacker/attacker refer to? - Answer Bad/threat actor or malicious actor/hacker/attacker: an insider or outsider so that is someone who is legitimately part of the system or someone who's external to that who's trying to impose some form of harm on the system -- so to gain unauthorised acce ss to a system that it shouldn't have access to. What does Malicious mean? - Answer Malicious: where someone sets out with the intent of causing harm. What does non malicious mean? - Answer Non -malicious: where someone unintentionally compromises the security of the system -- for example, writing down a password and storing it somewhere that can be easily found by someone who shouldn't have access to that. What is a vulnerability? - Answer Vulnerability: a limitation of a system which opens it up to exploitation. What is a threat? - Answer Threat: something or someone which is constantly posing potential harm to an asset, such as a data set. What is an attack? - Answer Attack: an attempted exploitation of a particular vulnerability of a system. What is an attack surface? - Answer Attack surface: a collection of all the different points of entry an unauthorised attacker could try to exploit. What is an attack vector? - Answer Attack vector: typically referred to after an attack has taken place and is the particular path that the attacker has taken in order to gain unauthorised access. Give three examples of cybersecurity laws and regulations - Answer Computer Misuse Act, the Serious Crime Act Amendment which revised Computer Misuse Act to reflect more modern landscapes, and the Data Protection Act 2018, which is the UK implementation of GDPR. Give four examples of cyber security events in history that changed the industry - Answer The morris worm, phreaking 60s, first computer password, the 414s real life war games, target 2013 What are cyber security frameworks? - Answer Cyber security frameworks are pre-defined guides to developing security policies and procedures. What is the purpose of cyber security frameworks? - Answer The aim is to reduce the risk of common cyber security threats which organisations face on a daily basis. Give three examples of cyber security frameworks - Answer Such frameworks are generally defined by leading cyber security organisations like NIST (National Institute of Standards and Technology) ISO (International Standards Organisation) NCSC (National Cyber Security Centre) What are the stages within the NIST cyber security framework? - Answer Identify, Protect, Detect, Respond and Recover model What is the common body of knowledge cyber security framework? - Answer The Common Body of Knowledge (CBK) provides a knowledge base of information security subjects, referred to as domains, a security professional should understand. What are the ten security domains within the common body of knowledge? - Answer Access Control Systems and Methodology Telecommunications and Network Security Business Continuity Planning and Disaster Recovery Planning Security Management Practices Security Architecture and Models Law, Investigation, and Ethics Application and Systems Development Security Cryptography Computer Operations Security Physical Security What are the stages within the ISO27001 cyber security framework? - Answer Plan, Do, Check, Act model What does the NIST framework focus on? - Answer assets, managing the risks related to that, and detecting anomalies, incidents, response, and recovery. What does the common criteria framework focus on? - Answer This applies more specifically to the security of hardware and software products. The common criteria applies only to system security. It's implementation independent, which means that it doesn't prescribe particular controls. Give three similarities that exist between all cyber security frameworks - Answer There are similar families of objectives or areas of interest or function. They often rely on risk management processes in terms of understanding the context, assets, threats, and related processes. They are often less specific in terms of implementation details. So they don't prescribe particular controls that must be applied. They all tend to have a review and reflection aspect to them. where we look at the efficacy of our controls and countermeasures to continually improve our cybersecurity processes and resilience. What is a cipher? - Answer A cipher is effectively an algorithm which allows us to send a message across an insecure network in a secure fashion. It means that if anyone were to intercept that message, they would be unable to read the contents of that. What are the three key components of a cipher? - Answer Plain text: unencrypted message that if anyone were to intercept that, they would be able to read it irrespective of whether they have access to the key or not.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StudySet. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.