Definitions
What is the type of malware that is designed specifically to damage or disrupt a system?
VIRUS
Exploitation
This phase involves attackers taking advantage of vulnerabilities in target systems to execute their payload and gain initial access.
Inexperienced Hackers
Script Kiddies
Standards for the protection of sensitive patient health information.
HIPPA
Name one detective control measure
IDS
IPS
Log Analysis
SIEM
Audit Trails
Define Cyber Security
Cybersecurity is the practice of protecting systems, networks, and programs from unauthorized access or digital attacks.
This phase involves crafting an exploit or malware payload, often tailored to specific vulnerabilities discovered during reconnaissance.
Weaponization
What are ethical hackers called?
White Hat Hackers
This framework used for adversary emulation and threat intelligence.
MITRE ATT&CK Framework
What are preventive controls?
Controls put in place to prevent security incidents from occurring by reducing vulnerabilities and deterring threats
The Principle of Cyber security that ensures your digital messages, files, or data remain unchanged from sender to receiver.
INTEGRITY
Gathering information about potential targets, such as IP addresses, domain names, and employee email addresses.
Reconnaissance
These hackers operate between the realms of ethical and malicious hacking.
Grey Hat Hackers
Nigerian Act that aims to strengthen data protection and privacy for Nigerian citizens.
NDPA
Name 3 preventive control measures.
Firewalls
Encryption
Access controls
Security polices
Anti-malware
An Internet-based conflict that involves the penetration of computer systems and networks of other nations is called?
Cyberwarfare
Communication channels are being established to remotely control the compromised system.
Command and Control
Employees that misuse their authorized access for malicious purposes
Insider Threats
This industry standard aims to enhance payment card data security and reduce credit card fraud.
PCI DSS
Define corrective controls, and name 1
They are security measures used to mitigate the effects of a security incident after it has occurred.
Backup and Recovery
Patch Management
Incident Response Plans
Data Recovery
System Hardening, etc.
Define BEC
A type of cyberattack where criminals impersonate trusted individuals within an organisation to defraud it.
This involves achieving the attacker's ultimate goal, which could include data theft, system disruption, or espionage.
Actions on Objectives
Cyberattacks for political or ideological reasons, often targeting government agencies, corporations, or individuals.
Hacktivists
Mention 3 frameworks, standards, or laws
NIST Cybersecurity Framework
NDPA
GDPR
ISO/IEC 27001
PCI DSS
FISMA
HIPAA
NIST SP 800-53
Name one preventive, detective, and corrective control measure and explain
Preventive - firewalls, encryption, policies, anti-malware, etc.
Detective – IDS, IPS, SIEM, Log analysis, etc.
Corrective - Backup & Recovery, Incident response plan, Data recovery, Patch Management, etc.