Unit 3 - Cyber Security

1.1 Cyber security aims to protect information, i.e.:  ❔ Quiz  🌐  🎞️  

• • confidentiality  

  • integrity

  • availability

1.2 Types of cyber security incidents, i.e.: ❔ Quiz

• • unauthorised access including hacking, escalation of privileges

  • information disclosure including personal information, government information

  • modification of data

  • inaccessible data including account lockout, denial of service

  • destruction including using malware, deliberate erasure

  • theft including identity, finance, military secrets

1.3 The importance of cyber security, i.e.:

• the need to protect personal data (e.g. health, financial, national insurance)

• the need to protect an organisation’s data (e.g. financial, research, development plans)

• the need to protect a state’s data (e.g. economic data, national security)

2.1 Threats to cyber security, i.e.📚 Reference   ❔ Quiz

• • vulnerabilities o system attacks o physical threats

  • environmental (accidental/ intentional)

  • organised crime

  • state sponsored

2.2 Types of attackers, i.e.:   ❔ Quiz

• • hacktivist

  • cyber-criminal

  • insider

  • script kiddie

  • vulnerability broker

  • scammers

  • phishers

  • cyber-terrorists

  • characteristics including age, location, social group

2.3 Motivation for attackers, i.e.:

• • espionage

  • righting perceived wrongs

  • publicity

  • fraud

  • •score settling

  • •public good

  • •thrill

  • •income generation

2.4 Targets for cyber security threats, i.e.:

• people

• organisations

• equipment

• information

• methods that can be used during an attack

2.5 Impacts of cyber security incidents, i.e.:

• • global problem, individuals, organisations and states

  • loss including confidentiality, integrity, availability, data, finance, business, identity, reputation, customer confidence

  • disruption including people’s lives, business, industry, transport, industry, the media, utilities

  • safety including identity theft, oil installations, traffic control

2.6 Other considerations of cyber security, i.e.:

• • ethical

  • legal

  • operational

  • implications for stakeholders

3.1 Cyber security risk management, i.e.:  ❔ Quiz

• • identify assets and analyse risks

  • mitigate risks and testing for potential vulnerabilities

  • monitoring and controlling systems

  • protect vulnerabilities

  • cost/benefit

3.2 Testing and monitoring measures, i.e.: ❔ Quiz

• vulnerability testing including penetration testing, fuzzing, security functionality, sandboxing

• intrusion detection systems (IDS) including network intrusion detection systems (NIDS), host intrusion detection systems (HIDS), distributed intrusion detection system (DIDS), anomaly-based, signature-based, honeypots

• intrusion prevention systems (IPS)

• emerging technologies

• effectiveness

3.3 Cyber security controls (access controls), i.e.:   ❔ Quiz

• physical including biometric access, swipe cards, alarms

• hardware including cable locks, safes

• software including firewalls, anti-malware, operating system updates, patch management

• data including in use, at rest, in-transit, in the cloud

• encryption including disks, databases, files, removable media, mobile devices

• cryptography

• devices including. hard drives, external drives, USBs

• procedures including access management, data backup, remote working, device management, user accounts and permissions, awareness and training

• emerging technologies

• characteristics

4.1 Responding to an incident, i.e.:

• • know responsibilities

  • know who to contact

  • know procedures

  • know the extent of the incident

  • contain the incident

  • eradicate the incident

  • reduce the impact of the incident

  • recover from the incident

  • confirm the system is functioning normally

4.2 Cyber security incident report, i.e.:

• • incident title and date of incident

  • target of the incident

  • incident category, i.e.:

    • critical

    • significant

    • minor

    • negligible

  • description of the incident

  • type of attacker(s)

  • purpose of incident

  • techniques used by the attacker(s)

  • capability of attacker(s)

  • impact of the incident on business, data, recovery time

  • cost of the incident

  • responses needed

  • future management

• • review (of incident)

  • evaluation to include identification of trends

  • update of documentation, key information, procedures and controls

  • recommendations of changes