Computer Science > EXAM > iSACA Cybersecurity Fundamentals Certification Exam ALL ANSWERS 100% CORRECT (All)
Confidentiality Protection from unauthorized access integrity Protection from unauthorized modification Availability protection from disruptions in access Cybersecurity the protection of inform... ation assets (digital assets) by addressing threats to information processed, stored, and transported by internetworked information systems NIST Functions to Protect Digital Assets IPDRR 1) Identify 2) Protect 3) Detect 4) Respond 5) Recover Nonrepudiation Def: ensuring that a message or other piece of information is genuine Examples: digital signatures and transaction logs Risk combination of the probability of an event and its consequences, mitigated through controls Threat Anything that is capable of acting against an asset in a harmful manner Asset something of either tangible or intangible value that is worth protecting Vulnerability A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events Inherent risk The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls) Residual risk the risk that remains after management implements internal controls or some other response to risk Likelihood A.K.A probability measure of frequency of which an event may occur, which depends on the threat and vulnerability Approaches to Cybersecurity Risk Dependent on: 1) Risk tolerance 2) Size & scope of the environment 3) Amount of data available Approaches: 1) Ad hoc 2) Compliance-based 3) Risk-based Threat Agents The actors causing the threats that might exploit a vulnerability Types: 1) Corporations - competitive advantage 2) Cybercriminals - profit 3) Cyberterrorists - critical infrastructures/government 4) Cyberwarriors - politically motivated 5) Employees - revenge 6) Hacktivists - politically motivated 7) Nation states - government/private entities 8) Online social hackers - identity theft, profit 9) Script kiddies - learning to hack Attack vector The path or route used to gain access to the target (asset) Types: 1) Ingress - intrusion 2) Egress - Data removal Attack Attributes 1) Attack Vector 2) Payload 3) Exploit 4) Vulnerability 5) Target (Asset) Threat Process 1) Perform reconnaissance (gathering information) 2) Create attack tools 3) Deliver malicious capabilities 4) Exploit and compromise 5) Conduct an attack 6) Achieve results 7) Maintain a presence or set of capabilities 8) Coordinate a campaign Malware Def: software designed to infiltrate or damage a computer system without the user's informed consent Examples: Viruses, network worms, Trojan horses Policies communicate required and prohibited activities and behaviors Standards Interpret policies in specific situations Procedures Provide details on how to comply with policies and standards Guidelines [Show More]
Last updated: 5 months ago
Preview 1 out of 18 pages
Buy this document to get the full access instantly
Instant Download Access after purchase
Add to cartInstant download
We Accept:
Connected school, study & course
About the document
Uploaded On
Jan 04, 2024
Number of pages
18
Written in
This document has been written for:
Uploaded
Jan 04, 2024
Downloads
0
Views
33
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
We're available through e-mail, Twitter, Facebook, and live chat.
FAQ
Questions? Leave a message!
Copyright © Browsegrades · High quality services·