iSACA Cybersecurity Fundamentals Certification Exam ALL ANSWERS 100% CORRECT

Document Content and Description Below

Confidentiality Protection from unauthorized access integrity Protection from unauthorized modification Availability protection from disruptions in access Cybersecurity the protection of inform... ation assets (digital assets) by addressing threats to information processed, stored, and transported by internetworked information systems NIST Functions to Protect Digital Assets IPDRR 1) Identify 2) Protect 3) Detect 4) Respond 5) Recover Nonrepudiation Def: ensuring that a message or other piece of information is genuine Examples: digital signatures and transaction logs Risk combination of the probability of an event and its consequences, mitigated through controls Threat Anything that is capable of acting against an asset in a harmful manner Asset something of either tangible or intangible value that is worth protecting Vulnerability A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events Inherent risk The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls) Residual risk the risk that remains after management implements internal controls or some other response to risk Likelihood A.K.A probability measure of frequency of which an event may occur, which depends on the threat and vulnerability Approaches to Cybersecurity Risk Dependent on: 1) Risk tolerance 2) Size & scope of the environment 3) Amount of data available Approaches: 1) Ad hoc 2) Compliance-based 3) Risk-based Threat Agents The actors causing the threats that might exploit a vulnerability Types: 1) Corporations - competitive advantage 2) Cybercriminals - profit 3) Cyberterrorists - critical infrastructures/government 4) Cyberwarriors - politically motivated 5) Employees - revenge 6) Hacktivists - politically motivated 7) Nation states - government/private entities 8) Online social hackers - identity theft, profit 9) Script kiddies - learning to hack Attack vector The path or route used to gain access to the target (asset) Types: 1) Ingress - intrusion 2) Egress - Data removal Attack Attributes 1) Attack Vector 2) Payload 3) Exploit 4) Vulnerability 5) Target (Asset) Threat Process 1) Perform reconnaissance (gathering information) 2) Create attack tools 3) Deliver malicious capabilities 4) Exploit and compromise 5) Conduct an attack 6) Achieve results 7) Maintain a presence or set of capabilities 8) Coordinate a campaign Malware Def: software designed to infiltrate or damage a computer system without the user's informed consent Examples: Viruses, network worms, Trojan horses Policies communicate required and prohibited activities and behaviors Standards Interpret policies in specific situations Procedures Provide details on how to comply with policies and standards Guidelines [Show More]

Last updated: 5 months ago

Preview 1 out of 18 pages