CyberSecurity Fundamentals (Section 1,5 And 6)

The correct answer is a. Redundancy, backups and access controls. These three controls are commonly used to protect the availability of information. Redundancy ensures that there are multiple copies or backups of the information, so that if one copy is unavailable, another copy can be used. Backups involve regularly creating copies of the information and storing them in a secure location, so that if the original data is lost or damaged, it can be restored from the backups. Access controls restrict who can access the information, ensuring that only authorized individuals have access to it. Together, these controls help to ensure that information is available when needed.

Option d is the best definition for cybersecurity because it encompasses the protection of information assets from threats that may occur during processing, storage, or transportation through interconnected information systems. This definition highlights the importance of addressing potential risks and vulnerabilities in order to safeguard sensitive information.

Cloud computing is defined as "a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction." This means that cloud computing allows users to access and use resources such as networks, servers, storage, applications, and services over the internet on-demand, without the need for extensive management or interaction with the service provider. This definition aligns with the concept of cloud computing, making it the correct answer.

Section 1

Containment involves isolating and limiting the impact of an incident to prevent further damage. In the context of an incident response plan, obtaining and preserving evidence is crucial for conducting a thorough investigation and identifying the cause of the incident. By containing the incident, organizations can ensure that the evidence remains intact and uncontaminated, allowing for a more effective response and potential legal actions if necessary.

The answer suggests that smart devices, BYOD strategies, and freely available applications and services are all examples of the reorientation of technologies and services designed around the individual end user. This means that these advancements in technology and strategies are focused on catering to the needs and preferences of individual users, rather than following traditional communication methods or being influenced primarily by external threats.

An incident, as defined by NIST, refers to a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. This term is used to describe any event that compromises the security of a computer system or network. It can include unauthorized access, data breaches, malware infections, or any other security breach. Therefore, the correct answer is "Incident."

Cloud computing, social media, and mobile computing have provided increased levels of access and connectivity, leading to increased opportunities for cybercrime. Cloud computing allows for remote storage and access to data, making it easier for cybercriminals to target and exploit sensitive information. Social media platforms provide a vast amount of personal data that can be used for identity theft and phishing attacks. Mobile computing has become increasingly popular, providing cybercriminals with more targets and opportunities for attacks through mobile apps and insecure Wi-Fi networks. Overall, these three elements have significantly expanded the threat landscape and made it easier for cybercriminals to carry out their activities.

The chain of custody contains information regarding who had access to the evidence, in chronological order. This is important for maintaining the integrity and reliability of the evidence by providing a clear record of everyone who handled it. It also includes proof that the analysis is based on copies identical to the original evidence, ensuring that any findings are accurate and valid. Additionally, the procedures followed in working with the evidence are documented in the chain of custody to ensure that proper protocols were followed throughout the process.

According to the NIST framework, three key functions necessary for the protection of digital assets are protect, recover, and identify. Protecting digital assets involves implementing security measures to prevent unauthorized access or data breaches. Recovering digital assets involves having a plan and procedures in place to restore data or systems in the event of a disruption or incident. Identifying digital assets involves understanding and categorizing the assets to prioritize protection efforts and allocate resources effectively.

Mobile devices are typically associated with organizational risk because they can pose security threats to the organization's network and data. Technical risk is also associated with mobile devices as they can be vulnerable to malware, hacking, and other technical issues. Physical risk is another type of risk associated with mobile devices as they can be lost, stolen, or damaged, leading to potential data breaches or unauthorized access. Transactional risk, on the other hand, is not typically associated with mobile devices as it refers to risks related to financial transactions, which may not be directly linked to mobile devices.

Section 5

Governance has several goals, including providing strategic direction, ensuring that objectives are achieved, verifying that organizational resources are being used appropriately, and ascertaining whether risk is being managed properly. These goals help guide and oversee the organization's activities, ensuring that it is moving in the right direction, achieving its goals, using its resources effectively, and managing risks effectively. By achieving these goals, governance helps in the overall success and sustainability of the organization.

APTs, or advanced persistent threats, are typically initiated by organized crime groups, activists, or governments. They employ obfuscation techniques to evade detection for extended periods, sometimes lasting months or even years. APTs are characterized as long-term, multi-phase projects that prioritize reconnaissance. The APT attack cycle commences with infiltrating the target and gathering sensitive information. While APTs are often associated with intelligence agencies, they are rarely the ones behind these attacks.

The business impact analysis (BIA) is a process that helps identify and prioritize potential risks and their potential impact on the business. It should include assessing the estimated probability of identified threats actually occurring, as this helps in determining the level of risk and the need for risk mitigation measures. It should also evaluate the efficiency and effectiveness of existing risk mitigation controls to ensure they are adequate. Additionally, the BIA should provide a comprehensive list of potential vulnerabilities, dangers, and threats that the business may face, enabling the organization to develop appropriate strategies to address them.