Identifying Threats
An attack with the goal of gaining access to a target system through the use of a falsified identity. When an attacker _________ their identity as a valid or authorized entity, they are often able to bypass filters and blockades against unauthorized access.
What is Spoofing?
It is the implementation of safeguards, security controls, and countermeasures to reduce and/or eliminate vulnerabilities or block threats. Deploying encryption and using firewalls are common examples of risk mitigation or reduction. Elimination of an individual risk can sometimes be achieved, but typically some risk remains even reducing efforts.
What is Risk Mitigation?
It is deployed to discover or detect unwanted or unauthorized activity. It operate after the fact and can discover the activity only after it has occurred. Examples of ________ include security guards, motion detectors, recording and reviewing of events captured by security cameras or CCTV, job rotation, mandatory vacations, audit trails, honeypots or honeynets, intrusion detection systems (IDSs), violation reports, supervision and review of users, and incident investigations
What is Detective Control?
It is an effective technique because most people are likely to respond to authority with obedience. The trick is to convince the target that the attacker is someone with valid internal or external authority. Some attackers claim their authority verbally, and others assume authority by wearing a costume or uniform.
What is Authority?
They intentionally exploit vulnerabilities. They are usually people, but they could also be programs, hardware, or systems. Threat agents wield threats in order to cause harm to targets.
What are Threat Agents?
Any action resulting in unauthorized changes or manipulation of data, whether in transit or in storage.
What is Tampering?
Assigning risk or transferring risk is the placement of the responsibility of loss due to a risk onto another entity or organization. Purchasing cybersecurity or traditional insurance and outsourcing are common forms of assigning or transferring risk. Also known as assignment of risk and transference of risk
What is Risk Assignment?
It is deployed to provide various options to other existing controls to aid in enforcement and support of security policies. They can be any controls used in addition to, or in place of, another control. They can be a means to improve the effectiveness of a primary control or as the alternate or failover option in the event of a primary control failure
What is Compensation Control?
It can sometimes be seen as a derivative of the authority principle. Intimidation uses authority, confidence, or even the threat of harm to motivate someone to follow orders or instructions. Often, intimidation is focused on exploiting uncertainty in a situation where a clear directive of operation or response isn’t defined.
What is Intimidation?
These are accidental occurrences and intentional exploitations of vulnerabilities. They can also be natural or person-made. Threat events include fire, earthquake, flood, system failure, human error (due to a lack of training or ignorance), and power outage.
What are Threat Events?
The ability of a user or attacker to deny having performed an action or activity by maintaining plausible deniability. _________ attacks can also result in inno cent third parties being blamed for security violations.
What is Repudiation?
It is the process of implementing deterrents to would-be violators of security and policy. The goal is to convince a threat agent not to attack. Some examples include implementing auditing, security cameras, and warning banners; using security guards; and making it known that the organization is willing to cooperate with authorities and prosecute those who participate in cybercrime
What is Risk Deterrence?
modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. It attempts to correct any problems result ing from a security incident
A social proof is the act of taking advantage of a person’s natural tendency to mimic what others are doing or are perceived as having done in the past. For example, bartenders often seed their tip jar with money to make it seem as if previous patrons were appreciative of the service. As a social engineering principle, the attacker attempts to con vince the victim that a particular action or response is necessary to be consistent with social norms or previous occurrences.
What is a Consensus?
An attack vector is the path or means by which an attack or attacker can gain access to a target in order to cause harm. They can include email, web surfing, external drives, Wi-Fi networks, physical access, mobile devices, cloud, social media, supply chain, removable media, and commercial software.
What is a Threat Vector?
An attack that attempts to prevent authorized use of a resource. This can be done through flaw exploitation, connection overloading, or traffic flooding
What is Denial of Service (DDOS)?
It is the process of selecting alternate options or activities that have less associated risk than the default, common, expedient, or cheap option. For example, choosing to fly to a destination instead of driving to it is a form of risk avoid ance. Another example is to locate a business in Arizona instead of Florida to avoid hur ricanes. The risk is avoided by eliminating the risk cause. A business leader terminating a business endeavor because it does not align with organizational objectives and that has a high risk versus reward ratio.
An extension of corrective controls but have more advanced or complex abilities. A recovery control attempts to repair or restore resources, functions, and capabilities after a security policy violation
What is Recovery Control?
It is a form of spear phishing that targets specific high-value individuals (by title, by industry, from media coverage, and so forth), such as the CEO or other C-level exec utives, administrators, or high-net-worth clients. These attacks require significantly more research, planning, and development on the part of the attackers in order to fool the victim. That is because these high-level personnel are often well aware that they are a high value target
What is Whaling?
An intrusion, or penetration is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. It is a successful attack.
What is a Breach?
An attack where a limited user account is transformed into an account with greater privileges, powers, and access
What is Elevation of Priviledge?
It is the result after a cost/benefit analysis shows countermeasure costs would outweigh the possible cost of loss due to a risk. It also means that management has agreed to accept the consequences and the loss if the risk is realized. In most cases, accepting risk requires a clearly written state ment that indicates why a safeguard was not implemented, who is responsible for the decision, and who will be responsible for the loss if the risk is realized, usually in the form of a document signed by senior management
It is deployed to direct, confine, or control the actions of subjects to force or encourage compliance with security policies
What is Directive Control?
It is often a physical world or in-person form of social engineering. It occurs when someone is able to watch a user’s keyboard or view their display. Often, shoulder surfing is stopped by dividing worker groups by sensitivity levels and limiting access to certain areas of the building by using locked doors. Additionally, users should not orient their displays to be visible through windows (from outside) or walkways/doorways (for internal issues). And they should not work on sensitive data while in a public space. Password fields should mask characters as they are typed. Another defense against shoulder surfing is the use of screen filters, which limit the field of view to mostly a perpendicular orientation
What is Shoulder Surfing?
A security control, protection mechanism, or countermeasure is anything that removes or reduces a vulnerability or protects against one or more specific threats. This concept is also known as a risk response. It is any action or product that reduces risk through the elimination or lessening of a threat or a vulnera bility. They are the means by which risk is mitigated or resolved.
What is a Safeguard?