- Focuses on safeguarding information assets from unauthorized access, misuse, disclosure, destruction, or alteration.
- Core Goals: Confidentiality, Integrity, Availability (CIA Triad).
- Protects individual computer systems and devices from malicious attacks, software failures, and data loss.
- Key Concerns:
- Hardware protection (preventing theft or damage).
- Software security (preventing malware infections).
- Data security (ensuring backups and encryption).
- Protects the communication infrastructure (wired and wireless networks) from intrusions, misuse, and disruption.
- Techniques used:
- Firewalls
- Intrusion Detection and Prevention Systems (IDPS)
- Virtual Private Networks (VPNs)
- Unauthorized Access: Gaining access to systems or data without permission.
- Example: Hacking into a database to steal sensitive customer information.
- Data Theft: Extracting confidential or proprietary information without permission.
- Example: Stealing intellectual property or trade secrets.
- Denial of Service (DoS): Overloading a system to make it unavailable to legitimate users.
- Insider Threats: Malicious activities carried out by employees, contractors, or other insiders.
- Malware Infection: Introducing malicious software (e.g., viruses, ransomware, spyware) into a system.
- Threats: Any event or circumstance with the potential to cause harm.
- Examples: Cyberattacks, natural disasters, hardware failures.
- Risks: Likelihood of a threat exploiting a vulnerability.
- Risk = Threat x Vulnerability x Impact.
- Weak spots or potential points of failure in a system that attackers exploit.
- Examples:
- Outdated software with unpatched vulnerabilities.
- Weak passwords used by employees.
- Misconfigured servers or open ports.
- Aim: To gather information without altering the data or system.
- Examples:
- Eavesdropping: Intercepting communication to gather sensitive data.
- Traffic Analysis: Observing network traffic patterns to infer information.
- Aim: To modify, disrupt, or destroy data or systems.
- Examples:
- Masquerade: Impersonating an authorized user or device.
- Replay Attacks: Capturing and reusing valid communication packets.
- Modification of Messages: Altering legitimate data in transit.
- Denial of Service (DoS): Flooding a system with excessive requests to make it unavailable.
- Ensures information is only accessible to authorized users.
- Techniques:
- Encryption (e.g., AES, RSA).
- Secure communication protocols (e.g., HTTPS, TLS).
- Verifies the identity of a user or system.
- Types:
- Password-based authentication.
- Multi-factor authentication (MFA).
- Biometrics (e.g., fingerprints, facial recognition).
- Guarantees that a party cannot deny the authenticity of their actions.
- Achieved through:
- Digital signatures.
- Transaction logs.
- Ensures that data is accurate, consistent, and has not been tampered with.
- Techniques:
- Hashing algorithms (e.g., SHA-256, MD5).
- Checksums.
- Regulates who can view, modify, or execute resources in a system.
- Methods:
- Role-based access control (RBAC).
- Discretionary access control (DAC).
- Ensures that systems, applications, and data are accessible when needed.
- Techniques:
- Redundancy (e.g., backup servers, RAID).
- Load balancing.
- Protection against DoS attacks.
- Policies: Define acceptable behavior, rules, and procedures.
- Mechanisms: Tools and methods used to enforce policies.
- Assurance: Confidence that mechanisms are functioning as intended.
- Application Layer: User authentication, email security.
- Transport Layer: Data encryption using SSL/TLS.
- Network Layer: IP security, firewalls.
- Data Link Layer: Encryption at the frame level.
- Defined by organizations like the IETF (Internet Engineering Task Force).
- Cover protocols, data formats, and best practices for the internet.
- Technical documents that specify internet standards.
- Examples of Important RFCs:
- RFC 791: Internet Protocol (IP).
- RFC 1321: MD5 Message Digest Algorithm.
- RFC 5246: Transport Layer Security (TLS) Protocol.
- Define and explain the CIA triad in information security.
- How do information security, computer security, and network security differ?
- List and explain the kinds of security breaches with examples.
- Describe threats and risks in the context of information security.
- Explain the concept of "point of vulnerability" and its relevance in cybersecurity.
- Differentiate between passive and active attacks with examples.
- What is eavesdropping, and how does it pose a security threat?
- Describe the characteristics and impact of a denial-of-service (DoS) attack.
- Explain the role of encryption in maintaining confidentiality.
- What are digital signatures, and how do they provide non-repudiation?
- Define hashing and its importance in ensuring data integrity.
- How does access control enhance system security? Explain RBAC and DAC.
- What is multi-factor authentication (MFA), and why is it more secure than traditional methods?
- Explain the layers of the internetwork security model with examples of security measures at each layer.
- Describe the purpose of firewalls and intrusion detection systems (IDS).
- How does SSL/TLS ensure secure communication on the internet?
- What are the key features of RFC 5246 (TLS)?
- Explain the importance of redundancy and load balancing in ensuring availability.
- What are internet standards, and why are they necessary for cybersecurity?
- Compare and contrast policies, mechanisms, and assurance in the context of internetwork security.
- Answer:
The CIA triad is the foundation of information security, ensuring that systems and data are protected against threats:- Confidentiality: Ensures data is only accessible to authorized individuals. Techniques include encryption and access controls.
- Integrity: Ensures data remains accurate and unaltered. Achieved through hashing and checksums.
- Availability: Ensures authorized users can access systems and data when needed. Achieved using redundancy, load balancing, and DoS attack prevention.
- Answer:
- Information Security: Focuses on protecting data, irrespective of its format (digital, physical). Example: Encrypting sensitive documents.
- Computer Security: Protects individual computers or devices from attacks. Example: Antivirus software.
- Network Security: Protects communication infrastructure from intrusions and misuse. Example: Firewalls and VPNs.
- Answer:
- Unauthorized Access: Gaining access without permission (e.g., hacking passwords).
- Data Theft: Stealing confidential information (e.g., customer data leaks).
- DoS Attack: Overloading a server to deny services (e.g., flooding a website with traffic).
- Malware Infection: Spreading malicious software (e.g., ransomware locking files).
- Insider Threats: Employees misusing access privileges (e.g., leaking trade secrets).
- Answer:
- Threats: Potential events or actions that could harm a system (e.g., malware, hackers, natural disasters).
- Risks: The likelihood and impact of a threat exploiting a vulnerability.
Formula: Risk = Threat × Vulnerability × Impact.
Example: If an unpatched server is exposed, the risk of a malware infection is high.
- Answer:
- Point of Vulnerability: A weak spot in a system that attackers can exploit.
- Examples:
- Weak passwords.
- Unpatched software.
- Open ports on a network.
Addressing vulnerabilities reduces risks of breaches and attacks.
- Answer:
- Passive Attacks: Attempt to monitor or gather information without altering systems. Examples:
- Eavesdropping.
- Traffic analysis.
- Active Attacks: Modify, disrupt, or destroy data. Examples:
- Replay attacks.
- DoS attacks.
- Passive Attacks: Attempt to monitor or gather information without altering systems. Examples:
- Answer:
- Eavesdropping: Intercepting and listening to network communications.
- Threat: Sensitive information (e.g., passwords, emails) can be stolen.
- Solution: Use encryption (e.g., HTTPS, TLS) to prevent interception.
- Answer:
- A DoS attack floods a system with excessive traffic, making it unavailable to legitimate users.
- Characteristics: High traffic, resource exhaustion, unresponsiveness.
- Impact: Business disruptions, financial losses, damaged reputation.
- Prevention: Firewalls, load balancing, and traffic filtering.
- Answer:
- Encryption transforms data into an unreadable format using algorithms.
- Only authorized users with the decryption key can access the data.
- Example: HTTPS encrypts web traffic to protect sensitive information (e.g., credit card details).
- Answer:
- Digital Signature: A cryptographic mechanism that verifies the sender’s identity and ensures message integrity.
- Non-repudiation: Prevents the sender from denying their involvement.
- Example: Signing an email with a private key ensures authenticity.
- Answer:
- Hashing: Converts data into a fixed-length value (hash).
- Importance: Any change in the original data alters the hash, detecting tampering.
- Example: SHA-256 is used in blockchain to verify transactions.
- Answer:
- Access Control: Regulates who can view, modify, or execute resources.
- RBAC (Role-Based Access Control): Permissions are assigned based on roles (e.g., Admin, User).
- DAC (Discretionary Access Control): Data owners decide access permissions.
- Answer:
- MFA: Requires two or more authentication factors, such as:
- Something you know (password).
- Something you have (smartphone).
- Something you are (biometrics).
- More secure: Even if one factor is compromised, the system remains protected.
- MFA: Requires two or more authentication factors, such as:
- Answer:
- Application Layer: User authentication, email encryption.
- Transport Layer: SSL/TLS for data encryption.
- Network Layer: Firewalls, IPsec.
- Data Link Layer: MAC address filtering, frame encryption.
- Answer:
- Firewall: Monitors and controls incoming/outgoing traffic based on security rules. Example: Blocks unauthorized access to a network.
- IDS: Detects malicious activities in a network and raises alerts. Example: Identifies suspicious behavior like repeated login attempts.
- Answer:
- SSL/TLS encrypts data between a client and server, ensuring confidentiality and integrity.
- Key Features:
- Data encryption.
- Server authentication via certificates.
- Example: HTTPS uses TLS to secure web traffic.
- Answer:
- RFC 5246: Specifies the Transport Layer Security (TLS) protocol.
- Features:
- Strong encryption (AES, RSA).
- Authentication through digital certificates.
- Secure session establishment via handshakes.
- Answer:
- Redundancy: Ensures system functionality during failures (e.g., backup servers, RAID storage).
- Load Balancing: Distributes traffic across multiple servers to prevent overload.
- Together, they enhance system availability and reliability.
- Answer:
- Internet standards are protocols and best practices defined by organizations like IETF to ensure global interoperability.
- Importance:
- Uniform security protocols (e.g., HTTPS).
- Ensures safe and reliable communication.
20. Compare and contrast policies, mechanisms, and assurance in the context of internetwork security.
- Answer:
- Policies: High-level rules for security (e.g., password policies).
- Mechanisms: Tools used to implement policies (e.g., firewalls).
- Assurance: Confidence that policies and mechanisms are effective.
Example: Testing firewalls for compliance ensures assurance.
- Internal Sources: Disgruntled employees, insiders with malicious intent, or negligence.
- External Sources: Hackers, organized cybercriminals, terrorist groups, and state-sponsored entities.
- Financial Gain: Fraud, theft, ransomware attacks.
- Revenge: Disgruntled individuals causing harm.
- Ideological: Hacktivism or promoting political/religious causes.
- Espionage: Stealing trade secrets or intelligence.
- Personal Data: Social security numbers, financial records.
- Intellectual Property: Trade secrets, patents.
- Infrastructure: Networks, servers, industrial systems.
- Financial Loss: Direct theft or costs from breaches.
- Reputational Damage: Loss of trust and clients.
- Operational Disruption: System outages and downtime.
- Phishing: Deceptive emails trick users into sharing sensitive information.
- Spoofing: Emails appear to come from trusted sources.
- Malware: Attachments or links containing malicious code.
- Drive-by Downloads: Malware downloaded without user consent.
- Cross-Site Scripting (XSS): Attackers inject malicious scripts into websites.
- Man-in-the-Middle Attacks: Eavesdropping or altering data in transit.
- Black Hat Hackers: Malicious intent, steal or damage.
- White Hat Hackers: Ethical hackers securing systems.
- Gray Hat Hackers: In between, may break the law but not maliciously.
- Intruders: Unauthorized users accessing systems.
- Insiders: Employees or partners misusing access.
- Registering domain names resembling trademarks to profit by selling them.
- Persistent online harassment or intimidation.
- Using digital channels to deceive and defraud, e.g., phishing, identity theft.
- Hosting illegal or harmful content, like child pornography or hate speech.
- Types: Viruses, worms, trojans, ransomware.
- Detection Tools: Antivirus software, intrusion detection systems.
- Using technology to cause fear or disrupt society for political gains.
- Information Warfare: Propaganda and misinformation campaigns.
- Surveillance: Unauthorized monitoring of individuals or organizations.
- Crimes in virtual environments like gaming or virtual reality platforms.
- Scams involving online shopping, auctions, or payment systems.
- Stealing someone's identity to commit fraud or access resources.
- Stealing copyrighted material, patents, or trademarks.
- Worms: Self-replicating malware spreading through networks.
- Viruses: Infect files and spread via user actions.
- Spam: Unsolicited emails or messages.
- Adware/Spyware: Collect data or display ads.
- Trojans: Disguised as legitimate software to execute malicious actions.
- Covert Channels: Hidden communication pathways.
- Backdoors: Secret access points in software for unauthorized access.
- Bots: Automated programs for malicious tasks.
- IP Spoofing: Pretending to be a trusted IP to access systems.
- ARP Spoofing: Faking ARP messages to intercept network traffic.
- Taking control of a user session to access resources.
- Deliberately destroying or damaging systems or data.
- Deceptive techniques to steal credentials or sensitive data.
- Compromised systems remotely controlled for attacks like DDoS.
-
Q: What is the main motive behind phishing attacks?
A: To steal sensitive information like credentials or financial data. -
Q: Name two types of malware.
A: Worms and Trojans. -
Q: What does ARP spoofing target?
A: Address Resolution Protocol (ARP) tables. -
Q: Define cyber squatting.
A: Registering domains similar to trademarks for profit. -
Q: What is a covert channel?
A: A hidden communication pathway. -
Q: How do hackers use zombies?
A: To execute DDoS attacks. -
Q: What is the difference between viruses and worms?
A: Viruses require user action; worms self-replicate automatically. -
Q: What is cyber terrorism?
A: Using technology to instill fear or disrupt society. -
Q: Name a tool for malware detection.
A: Antivirus software. -
Q: What is a backdoor?
A: A hidden entry point for unauthorized access. -
Q: What is the key risk of insider threats?
A: Misuse of authorized access. -
Q: Define information warfare.
A: Propaganda and misinformation campaigns using technology. -
Q: What is identity theft?
A: Stealing someone's personal information for fraud. -
Q: How is adware harmful?
A: Displays unwanted ads and collects user data. -
Q: What does session hijacking exploit?
A: Active user sessions. -
Q: Define phishing.
A: A deceptive attempt to steal sensitive information. -
Q: What is IP spoofing?
A: Faking an IP address to impersonate another system. -
Q: What is the goal of cyber stalking?
A: Harass or intimidate someone online. -
Q: What does spam usually contain?
A: Unsolicited or fraudulent messages. -
Q: Define sabotage in cybersecurity.
A: Deliberate destruction of systems or data.
- Security Threat Management:
- Identifying, assessing, and mitigating threats.
- Tools: Firewalls, intrusion detection systems, encryption.
- Risk Assessment:
- Steps: Identify assets → Assess vulnerabilities → Analyze threats → Determine risk levels → Implement mitigation strategies.
- Introduction to Cyber Forensics:
- Science of collecting, analyzing, and preserving digital evidence for legal proceedings.
- Tools: FTK (Forensic Toolkit), EnCase.
- Evaluation of Crime Scene:
- Identify compromised systems and sources of evidence.
- Secure and preserve evidence to maintain the chain of custody.
- Evidence Collection:
- Types: Logs, hard drives, emails, network traffic.
- Best Practices: Prevent tampering, document processes.
- Definition: Formalized rules to ensure system security.
- Components:
- Access control.
- Data classification.
- Incident response protocols.
- Risk Management:
- Ongoing process to minimize risks.
- Includes risk analysis, mitigation plans, and contingency planning.
- Procedures and Guidelines:
- Clear steps to implement security measures.
- Regular updates to address new threats.
- Advantages:
- Protects intellectual property.
- Regulates online activities.
- Ensures consumer protection.
- Cyber Lawyers:
- Specialists in cybercrime cases, data privacy, and digital contracts.
- Jurisdiction and Sovereignty:
- Issues arise due to cross-border nature of cybercrimes.
- Harmonization of laws needed globally.
- Purpose:
- Legal recognition of electronic transactions.
- Defines cybercrimes and prescribes penalties.
- Key Provisions:
- Section 43: Penalty for unauthorized access.
- Section 66: Punishment for hacking.
- Section 72: Breach of confidentiality and privacy.
- Definition: Legal rights protecting creations of the mind.
- Types:
- Patents: Protect inventions.
- Copyright: Protects literary and artistic works.
- Trademarks: Protects brand identity.
- Ownership:
- Creator or assignee holds rights.
- Joint ownership possible in collaborative works.
- Enforcement:
- Filing lawsuits against infringers.
- Use of technological measures like DRM (Digital Rights Management).
- Fair use.
- Lack of substantial similarity.
- Independent creation.
- Objective: Encourage creativity by protecting original works.
- Transfer of Copyright:
- Rights can be assigned or licensed to others.
- Practical Aspect of Licensing:
- Terms define scope, duration, and royalties.
- Challenges:
- Easy replication of digital works.
- Global accessibility complicates enforcement.
- Protects software algorithms, processes, and technical solutions.
- Issues:
- Determining patentability.
- Balancing innovation with monopoly concerns.
-
Q: What is the purpose of security engineering?
A: To design and implement systems that prevent, detect, and mitigate security threats. -
Q: What are the steps of risk assessment?
A: Identify assets, assess vulnerabilities, analyze threats, determine risk levels, implement mitigation. -
Q: Define cyber forensics.
A: The process of collecting, analyzing, and preserving digital evidence for legal use. -
Q: What is the chain of custody?
A: A process ensuring evidence integrity by documenting its handling. -
Q: Name a tool used in cyber forensics.
A: EnCase. -
Q: What is the IT Act of India 2000?
A: A law providing legal recognition for electronic transactions and prescribing cybercrime penalties. -
Q: What does Section 66 of the IT Act deal with?
A: Punishment for hacking. -
Q: What are intellectual property rights (IPR)?
A: Legal rights protecting creations of the mind. -
Q: Name two types of IPR.
A: Patents and copyrights. -
Q: What is copyright?
A: A legal right protecting original works of authorship. -
Q: What is the objective of copyright?
A: To encourage creativity by safeguarding creators' rights. -
Q: Define fair use.
A: A defense allowing limited use of copyrighted material without permission. -
Q: What is DRM?
A: Digital Rights Management, technology to prevent unauthorized use of digital content. -
Q: What are the key challenges of copyright in digital media?
A: Easy replication and global accessibility of works. -
Q: What does security policy address?
A: Rules and measures for safeguarding information and systems. -
Q: What is jurisdiction in cyber laws?
A: Authority of a legal body to govern over cybercrimes in a region. -
Q: What is a practical aspect of licensing?
A: Defining the terms of use, royalties, and duration for licensed work. -
Q: What is a patent in the cyber world?
A: Protection for software algorithms and technical processes. -
Q: How can IPR be enforced?
A: Filing lawsuits and using technological measures like DRM. -
Q: What does risk management involve?
A: Identifying, assessing, and mitigating risks to minimize impact.
- Definition: The practice of securing communication by transforming information into unreadable formats.
- Types:
- Symmetric Cryptography: Single key for encryption and decryption.
- Asymmetric Cryptography: Uses public and private key pairs.
- Applications: Data confidentiality, authentication, and integrity.
- Key Aspects:
- Confidentiality: Protecting user data.
- Integrity: Ensuring transaction data isn’t altered.
- Authentication: Verifying user identity.
- Non-repudiation: Ensuring transactions cannot be denied.
- Tools:
- SSL/TLS for secure connections.
- Two-factor authentication (2FA).
- Message Authentication: Validates the authenticity of a message.
- Uses Message Authentication Codes (MACs) or digital signatures.
- Hash Functions:
- Converts input data into fixed-length hash values.
- Properties: Deterministic, fast, collision-resistant.
- Examples:
- MD5, SHA-256.
- Message Digests: Output of a hash function, ensuring data integrity.
- Prime Numbers: Foundation of cryptographic algorithms.
- Modular Arithmetic: Used in encryption/decryption.
- Applications:
- RSA encryption.
- Diffie-Hellman key exchange.
- Public Key Algorithms:
- Examples: RSA, ECC (Elliptic Curve Cryptography).
- Used for secure communication and digital signatures.
- Public Key Infrastructure (PKI):
- System for managing digital certificates.
- Components: Certification Authority (CA), Registration Authority (RA).
- Applications:
- Secure emails, SSL/TLS, code signing.
- Purpose: Secure communication by defining how cryptographic algorithms are applied.
- Examples:
- SSL/TLS: Secure web communication.
- IPSec: Secure network communication.
- Definition: Electronic signature ensuring authenticity and integrity.
- Steps:
- Hashing the message.
- Encrypting the hash with the sender’s private key.
- Applications:
- Document signing, legal contracts, software distribution.
- Digital Watermarking:
- Embedding information into digital media to assert ownership.
- Applications: Copyright protection.
- Steganography:
- Hiding messages within digital files.
- Difference from cryptography: Focus on concealment, not transformation.
- Definition: Using unique biological traits for authentication.
- Examples:
- Fingerprint scanning.
- Iris recognition.
- Voice recognition.
- Advantages: High security, difficult to replicate.
- Challenges: Privacy concerns, false positives/negatives.
- Definition: Transforming plaintext into ciphertext to secure data.
- Symmetric Key Encryption:
- Single key for both encryption and decryption.
- Faster but less secure for large systems.
- Data Encryption Standard (DES):
- Symmetric encryption algorithm.
- Features: 56-bit key, replaced by more secure algorithms (e.g., AES).
- Definition: Network authentication protocol using secret-key cryptography.
- How it Works:
- Authenticates clients and servers via a trusted third party.
- Components:
- Key Distribution Center (KDC), Ticket Granting Server (TGS).
- Applications:
- Secure login systems, single sign-on (SSO).
-
Q: What is cryptography?
A: The practice of securing communication by encrypting information. -
Q: Name two types of cryptography.
A: Symmetric and Asymmetric Cryptography. -
Q: What is a hash function?
A: A function that converts input data into a fixed-length hash value. -
Q: Give an example of a symmetric encryption algorithm.
A: Data Encryption Standard (DES). -
Q: What is the role of a Certification Authority in PKI?
A: It issues and manages digital certificates. -
Q: Define modular arithmetic in cryptography.
A: Arithmetic system for integers where numbers wrap around upon reaching a modulus. -
Q: What is SSL/TLS used for?
A: Securing web communications. -
Q: What does a digital signature ensure?
A: Authenticity and integrity of a message. -
Q: How does steganography differ from cryptography?
A: Steganography hides information; cryptography encrypts it. -
Q: What is the key size of DES?
A: 56 bits. -
Q: What is biometric security?
A: Authentication using unique biological traits. -
Q: Name a common biometric security method.
A: Fingerprint recognition. -
Q: What is the function of Kerberos?
A: To authenticate users in a secure manner within a network. -
Q: What is a message digest?
A: The output of a hash function. -
Q: Name a public key algorithm.
A: RSA. -
Q: What is digital watermarking used for?
A: Asserting ownership of digital content. -
Q: Define e-commerce security.
A: Measures ensuring confidentiality, integrity, and authentication in online transactions. -
Q: What is PKI?
A: Public Key Infrastructure, a system for managing digital certificates. -
Q: What are the steps in creating a digital signature?
A: Hash the message and encrypt it with the private key. -
Q: What is the purpose of a hash function in encryption?
A: To verify data integrity.
- Definition: The process of identifying, assessing, and mitigating risks to ensure system security.
- Risk Assessment:
- Steps:
- Identify threats and vulnerabilities.
- Determine impact and likelihood.
- Develop mitigation strategies.
- Tools: Risk matrices, quantitative analysis.
- Steps:
- OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation):
- Focus: Organizational risk-based security practices.
- Phases:
- Identify assets and threats.
- Assess vulnerabilities.
- Develop protection strategies.
- COBIT (Control Objectives for Information and Related Technologies):
- Framework for IT governance and management.
- Components:
- Align IT goals with business objectives.
- Manage risks and ensure compliance.
- Network Security Management:
- Includes monitoring, configuring, and maintaining network components.
- Tools: Network Access Control (NAC), encryption protocols.
- Firewalls:
- Function: Blocks unauthorized access while permitting authorized communication.
- Types: Packet-filtering, proxy-based, stateful inspection.
- Intrusion Detection Systems (IDS):
- Identifies potential security breaches.
- Types: Network-based, host-based.
- Intrusion Prevention Systems (IPS):
- Monitors network traffic and actively blocks threats.
- Web Security:
- Techniques: HTTPS, Content Security Policy (CSP), vulnerability scanning.
- Risks: Cross-site scripting (XSS), SQL injection.
- Wireless Security:
- Techniques: WPA3 encryption, MAC address filtering, VPNs.
- Risks: Eavesdropping, rogue access points.
- Access Control Models:
- Discretionary Access Control (DAC): Access based on user identity.
- Mandatory Access Control (MAC): Access determined by system policies.
- Role-Based Access Control (RBAC):
- Access granted based on roles assigned to users.
- Lattice Models:
- Based on mathematical frameworks to enforce access policies.
- Definition: Collecting, analyzing, and storing logs from systems and applications.
- Purpose:
- Detect security breaches.
- Maintain compliance.
- Best Practices:
- Centralized log storage.
- Regular monitoring and analysis.
- Malware Handling:
- Steps: Detection, containment, eradication, recovery.
- Tools: Antivirus, sandboxing.
- Vulnerability Management:
- Process: Identify, evaluate, and remediate system vulnerabilities.
- Tools: Nessus, Qualys.
- Components of Security Policies:
- Acceptable use policy.
- Password management policy.
- Incident response policy.
- Enforcement:
- Regular training and audits.
- Automated tools to monitor compliance.
- Definition: Systematic evaluation of security measures to ensure compliance and effectiveness.
- Principles:
- Independence of auditors.
- Evidence-based assessments.
- Risk-oriented approach.
- ISO 17799:
- Focus: Information security management systems.
- Components: Security policy, asset management, access control, cryptography.
- PCI DSS (Payment Card Industry Data Security Standard):
- Ensures secure handling of credit card information.
- Requirements: Encryption, secure networks, vulnerability management.
- Legal and Ethical Issues:
- Compliance with cyber laws.
- Ethical handling of user data.
-
Q: What is security risk management?
A: The process of identifying, assessing, and mitigating risks to secure systems. -
Q: Name the three phases of the OCTAVE approach.
A: Identify assets/threats, assess vulnerabilities, develop protection strategies. -
Q: What is COBIT?
A: A framework for IT governance and management. -
Q: What is the primary function of a firewall?
A: To block unauthorized access and permit authorized communication. -
Q: What is an IPS?
A: Intrusion Prevention System, which blocks detected threats. -
Q: Name a common wireless security technique.
A: WPA3 encryption. -
Q: What is the difference between DAC and MAC?
A: DAC allows user discretion, while MAC enforces system-defined policies. -
Q: What is RBAC?
A: Role-Based Access Control, granting access based on user roles. -
Q: What is the purpose of log management?
A: To detect breaches and maintain compliance. -
Q: Name two tools used for vulnerability management.
A: Nessus and Qualys. -
Q: What are the key components of a security policy?
A: Acceptable use, password management, and incident response policies. -
Q: Define an information security audit.
A: Systematic evaluation of security measures. -
Q: What is the ISO 17799 standard?
A: A standard for information security management systems. -
Q: What is PCI DSS?
A: A standard for secure handling of credit card information. -
Q: What does vulnerability management involve?
A: Identifying, evaluating, and remediating vulnerabilities. -
Q: Name a principle of auditing.
A: Independence of auditors. -
Q: What is lattice-based security?
A: A model enforcing access based on mathematical frameworks. -
Q: What is the role of IDS?
A: To detect potential security breaches. -
Q: What is the function of malware handling?
A: Detecting, containing, and eradicating malicious software. -
Q: Why is encryption important in PCI DSS compliance?
A: It ensures the secure handling of sensitive cardholder information.
Answer:
Risk assessment identifies potential threats, evaluates vulnerabilities, and determines the impact of risks on organizational assets. It guides mitigation strategies, ensuring proactive defenses, minimizing security breaches, and maintaining business continuity. This process aligns security measures with organizational goals and compliance requirements.
Answer:
Cryptography secures communication by converting plaintext into unreadable ciphertext using encryption algorithms. It ensures confidentiality, integrity, authentication, and non-repudiation. Cryptography underpins secure protocols like HTTPS and VPNs, safeguarding sensitive data from unauthorized access and cyber threats in modern digital systems.
Answer:
Firewalls filter incoming and outgoing network traffic based on predefined rules. They prevent unauthorized access, block malicious data packets, and secure systems from external threats. Firewalls are a primary defense mechanism in network security, ensuring controlled and secure communication.
Answer:
Symmetric cryptography uses a single shared key for encryption and decryption, making it fast but less secure for large systems. Asymmetric cryptography employs public-private key pairs, enhancing security but with higher computational complexity, suitable for secure communications and digital signatures.
Answer:
The IT Act 2000 establishes legal recognition for electronic transactions, combating cybercrime. It addresses data protection, identity theft, hacking, and digital fraud, providing a framework for penalizing cybercriminals and ensuring safe online environments for individuals and businesses in India.
Answer:
Hash functions generate fixed-size digests from input data, ensuring integrity by detecting unauthorized modifications. In message authentication, hash functions validate data by comparing generated hashes with expected values, preventing tampering during data transmission.
Answer:
Phishing is a social engineering attack where attackers trick users into revealing sensitive information through fake emails or websites. It compromises personal and financial data, leading to identity theft, financial losses, and reputational damage for individuals and organizations.
Answer:
Intellectual property theft involves unauthorized use or reproduction of protected ideas, designs, or trademarks. It disrupts business innovation, causes financial losses, undermines competitive advantage, and damages brand reputation, necessitating stringent IPR enforcement.
Answer:
Digital signatures verify the authenticity and integrity of electronic documents using cryptographic techniques. They ensure the sender's identity and prevent tampering, supporting secure online communications, legal transactions, and compliance with digital security standards.
Answer:
Information security audits systematically evaluate an organization's security measures. They identify vulnerabilities, ensure compliance with standards, and provide actionable insights for improving defenses, ensuring data protection and resilience against cyber threats.