iSACA Cybersecurity Fundamentals Certification Exam with complete solutions.

Confidentiality Protection from unauthorized access integrity Protection from unauthorized modification Availability protection from disruptions in access Cybersecurity the protection of information assets (digital assets) by addressing threats to information processed, stored, and transported by internetworked information systems NIST Functions to Protect Digital Assets IPDRR 1) Identify 2) Protect 3) Detect 4) Respond 5) Recover Nonrepudiation Def: ensuring that a message or other piece of information is genuine Examples: digital signatures and transaction logs Risk combination of the probability of an event and its consequences, mitigated through controls Threat Anything that is capable of acting against an asset in a harmful manner Asset something of either tangible or intangible value that is worth protecting Vulnerability A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events Inherent risk The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls) Residual risk the risk that remains after management implements internal controls or some other response to risk Upgrade to remove ads Only $35.99/year Likelihood A.K.A probability measure of frequency of which an event may occur, which depends on the threat and vulnerability Approaches to Cybersecurity Risk Dependent on: 1) Risk tolerance 2) Size & scope of the environment 3) Amount of data available Approaches: 1) Ad hoc 2) Compliance-based 3) Risk-based Threat Agents The actors causing the threats that might exploit a vulnerability Types: 1) Corporations - competitive advantage 2) Cybercriminals - profit 3) Cyberterrorists - critical infrastructures/government 4) Cyberwarriors - politically motivated 5) Employees - revenge 6) Hacktivists - politically motivated 7) Nation states - government/private entities 8) Online social hackers - identity theft, profit 9) Script kiddies - learning to hack Attack vector The path or route used to gain access to the target (asset) Types: 1) Ingress - intrusion 2) Egress - Data removal Attack Attributes 1) Attack Vector 2) Payload 3) Exploit 4) Vulnerability 5) Target (Asset) Threat Process 1) Perform reconnaissance (gathering information) 2) Create attack tools 3) Deliver malicious capabilities 4) Exploit and compromise 5) Conduct an attack 6) Achieve results 7) Maintain a presence or set of capabilities 8) Coordinate a campaign Malware Def: software designed to infiltrate or damage a computer system without the user's informed consent Examples: Viruses, network worms, Trojan horses Policies communicate required and prohibited activities and behaviors Standards Interpret policies in specific situations Procedures Provide details on how to comply with policies and standards Upgrade to remove ads Only $35.99/year Guidelines Provide general guidance on issues; not requirements but strongly recommended Defense in Depth Layering defenses to provide added protection Types: 1) Concentric rings 2) Overlapping Redundancy 3) Segregation Security perimeter A well-defined boundary between the organization and the outside world. Cybersecurity emphasizes the system-centric model (placing controls at the network level) Internet Perimeter Secure access to the Internet for enterprise employees and guest users, regardless of location. It should... 1) Route traffic between enterprise & internet 2) Prevent executable files from being transferred through email attachments/browsing 3) Monitor internal/external network ports 4) Detect & block traffic from infected internal end point 5) Control user traffic bound for the internet 6) Identify and block malicious packets 7) Eliminate threats such as email spam, viruses 8) Enforce filtering policies to block access to websites containing malware 9) Provide protection for VPNs, WANs, and WLANs Open Systems Interconnection (OSI) model a seven-layer architecture for defining how data is transmitted from computer to computer in a network, from the physical connection to the network to the applications that users run. It also standardizes interactions between network computers exchanging information. APSTNDP 7) Application - Mediates between software applications and other layers of network services 6) Presentation - Formats, encrypts, and compresses data 5) Session - Coordinates and manages user connections 4) Transport - Ensures that data are transferred reliably in the correct sequence 3) Network - Translates network addresses/routes data form sender to receiver 2) Data Link - Divides data into frames that can be transmitted by the physical layer 1) Physical - Manages signals among network systems Transmission Control Protocol/Internet Protocol (TCP/IP) - Protocol that connects computers to the Internet - Tells computers how to exchange information over the Internet - Operates at Level 4 (transport) & 3 (network) of OSI Model Encapsulation Process of adding addressing information to data as they are transmitted down the OSI stack concentric rings A.K.A. Nested layering Creates a series of nested layers that must be bypassed in order to complete an attack. Each layer delays the attacker and provides opportunities to detect and attack overlapping redundancy Two or more controls that work in parallel to protect an asset. Provides multiple, overlapping points of detection. This is most effective when each control is different. segregation A.K.A. compartmentalization Compartmentalizes access to an asset, requiring two or more process, controls or individuals to access or use the asset. This is effective in protecting very high value assets or in environments where trust is an issue Upgrade to remove ads Only $35.99/year Horizontal defense in depth Controls are placed in various places in the path to access an asset. Vertical Defense in Depth Controls are placed at different system layers - hardware, operating system, application, database or user levels. Firewall combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment (i.e. internet) packet-filtering firewall Def: A firewall that examines each packet and determines whether to let the packet pass. Best suited for smaller networks Advantages: - Simple; only one network choke point - minimal performance constraints - inexpensive/free Disadvantages: - Vulnerable to attacks from improperly configured filters - Vulnerable to attacks tunneled over permitted services - All private systems are vulnerable when a single packet filtering router is compromised Application firewall systems Def: Allow information to flow between systems but do not allow the direct exchange of packets. Provide greater protection than packet filtering. Work at the application level of OSI model Types: 1) Application level gateways - proxy for each service; impacts network performance 2) Circuit level gateways - one proxy for all services; more efficient Advantages: - Provide security for commonly used protocols - generally hide network from outside untrusted networks - ability to protect the entire network by limiting break-ins to the firewall itself - ability to examine and secure program code Disadvantages: - reduced performance and scalability as internet usage grows Stateful Inspection Firewall Tracks the destination IP address of each packet that leaves the organization's internal network. Responses are recorded and referenced to determine if message is in response to a request sent out. Advantages: - Provide greater control over the flow of IP traffic - Greater efficiency in comparison to CPU-intensive, full-time application firewalls Disadvantages: - Complex to administer screened host firewall Utilizes packet filtering router and bastion host, implements basic network layer security and application server security. dual-homed firewall a host that resides on more than one network and possesses more than one network card Demilitarized Zone (DMZ) A separate network located outside the organization's internal information system that permits controlled access from the internet. Functions as a small, isolated network for an organization's public servers, VPN, modem pools. Common Firewall issues 1) Configuration errors 2) Monitoring demands 3) Policy maintenance 4) Vulnerability to application/input-based attacks