Cisco Introduction to Cyber Security

Chapter 1: The Need for Cybersecurity


cybersecurity :

    ongoing effort to protect networked systems connected to the Internet and to protect all of the data from unauthorized use or harm

confidentiality, integrity, and availability :

    a large network of physical objects including sensors and equipment

confidentiality :

    also called privacy, which means that data access is restricted to authorized personnel only

methods to ensure confidentiality :

    data encryption, username ID and password, two factor authentication, etc.

integrity :

    the term that indicates accuracy, consistency, and trustworthiness of the data

methods to ensure integrity :

    file permissions, user access control, version control, and checksums

availability :

    the term that describes the services and data being well maintained and able to be be accessed all the time

internal security threats :

    attacks originating from within an organization

external security threats :

    attacks originating from ouside of an organization

white hat attackers :

    persons or organizations that break into networks or computer systems to discover weaknesses with the intention to improve the security of these systems

black hat attackers :

    persons or organizations that take advantage of any vulnerability for illegal personal, financial, or political gain

organized attackers :

    organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers

cyberwarfare :

    an Internet-based conflict that involves the penetration of computer systems and networks of other nations

Stuxnet :

    a malware program designed to damage the nuclear enrichment plant of Iran, a program which is an example of a state-sponsored attack

International Multilateral Partnership Against Cyber Threats (IMPACT) :

    a global partnership of world governments, industries, and academia dedicated to improving global capabilities when dealing with cyber threats

ethics :

    codes of behavior that are sometimes, but not always, enforced by laws

Quiz :

  1. Which statement describes cyberwarfare?

    • Cyberwarfare is an attack carried out by a group of script kiddies.
    • It is a series of personal protective equipment developed for soldiers involved in nuclear war.
    • It is Internet-based conflict that involves the penetration of information systems of other nations.
    • It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario.
  2. What are three methods that can be used to ensure confidentiality of information? (Choose three.)

    • data encryption
    • username ID and password
    • version control
    • two factor authentication
    • backup
    • file permission settings
  3. What is another name for confidentiality of information?

    • consistency
    • trustworthiness
    • accuracy
    • privacy
  4. What is a reason that internal security threats might cause greater damage to an organization than external security threats?

    • Internal users have better hacking skills.
    • Internal users can access the infrastructure devices through the Internet.
    • Internal users have direct access to the infrastructure devices.
    • Internal users can access the corporate data without authentication.
  5. What is the motivation of a white hat attacker?

    • fine tuning network devices to improve their performance and efficiency
    • taking advantage of any vulnerability for illegal personal gain
    • studying operating systems of various platforms to develop a new system
    • discovering weaknesses of networks and systems to improve the security level of these systems
  6. Match the type of cyber attackers to the description. (Not all options are used.)

    • gather intelligence or commit sabotage on specific goals on behalf of their government
      • state-sponsored attackers
    • make political statements in order to create an awareness of issues that are important to them
      • hacktivists
    • make political statements, or create fear, by causing physical or psychological damage to victims
      • terrorist
  7. Which method is used to check the integrity of data?

    • authentication
    • backup
    • checksum
    • encryption
  8. What three items are components of the CIA triad? (Choose three.)

    • integrity
    • intervention
    • access
    • confidentiality
    • scalability
    • availability
  9. What is an example of "hacktivism"?

    • A teenager breaks into the web server of a local newspaper and posts a picture of a favorite cartoon character.
    • Criminals use the Internet to attempt to steal money from a banking company.
    • A country tries to steal defense secrets from another country by infiltrating government networks.
    • A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill