Introduction to Cyber Security Revision
Confidentiality - answers Information accessible to authorised entities only
Integrity - answers Protecting accuracy and completeness
Availability - answers Accessible and usable on demand by an authorised entity
Non-repudiation - answers Ability to prove that an entity/person cannot deny having
carried out an action
Asset - answers Anything of value to an organisation
Information Asset - answers Any hardware, software or data own by an organisation
that is used to conduct business
Tangible Asset - answers Physical: Equipment, cash and building
Intangible Asset - answers Logo, patents, brand value and reputation
Information assets - answers Digital file, paper document and encryption key
Most important asset? - answers Employees aka human capital
Information Security - answers Practice of defending information (in all forms) from
unauthorised: access, use, disruption, modification and destruction
Cyber security - answers Protection of electronic data and internet connected systems
(hardware/software)
Information security or information security program is concerned with - answers The
preservation of CIA, non-repudiation, AAA and reliabilitt
Protocols that mediate network access, and related to IAM - answers Authentication,
Authorisation and Accounting
, What is Authentication? - answers Provision of assurance of the claimed identity of an
entity
What is Authorisation? - answers Permission granted to a system entity to access a
system resource
What is accounting? - answers Process of ensuring that the actions of an entity can be
traced to the entity.
Examples of where AAA is used - answers Active Directory, RADIUS protocol (provides
centralised AAA management for users who connect and use a network service).
Why do information assets and related systems need to be protected? - answers
Information assets and related systems must be protected in order to ensure that
businesses can perform its critical processes effectively. Whilst an asset may have a
simple market value (cost of replacement), the loss of an asset may result in business
continuity and legal liabilities which outweighs market value
List potential impact a security incident could have on an organisation - answers
Financial, operational, reputation, legal and regulatory
Describe the potential financial impact of a security incident - answers Loss of market
value of asset, loss of money through cyber enabled fraud, revenue lost when asset
taken offline, regulatory compliance fines, attorney fees and litigations, share price drop.
Describe the potential regulatory impact of a security incident - answers Not meeting
regulatory compliance resulting in penalties.
Describe the legal impact of a security incident - answers Certain incidents you are
legally obliged to report to the Incident Commissioner's Office (ICO). If the incident
reveals that the company has broken Criminal law (jail, fine) or contract law ( branch of
civil law- requires lower level of evidence, eg breaking cyber sec agreement)
Reputation impact of incident - answers Deemed untrustworthy, customer leaving for a
competitor, can take a long time ( if never) to rebuild
Operational impact of an incident - answers Loss of key operational component, unable
to perform transactions, unable to provide service to customers and therefore lose
money and reputational impact
What impact would most concern Public Sector - answers Public sector - medical,
council, police and fire. Operational impact ( loss of life etc)
What impact would most concern critical national infrastructure (critinf/ CNI) - answers
Critinf - transport, utilities eg electrical or water. Operational and legal.
Confidentiality - answers Information accessible to authorised entities only
Integrity - answers Protecting accuracy and completeness
Availability - answers Accessible and usable on demand by an authorised entity
Non-repudiation - answers Ability to prove that an entity/person cannot deny having
carried out an action
Asset - answers Anything of value to an organisation
Information Asset - answers Any hardware, software or data own by an organisation
that is used to conduct business
Tangible Asset - answers Physical: Equipment, cash and building
Intangible Asset - answers Logo, patents, brand value and reputation
Information assets - answers Digital file, paper document and encryption key
Most important asset? - answers Employees aka human capital
Information Security - answers Practice of defending information (in all forms) from
unauthorised: access, use, disruption, modification and destruction
Cyber security - answers Protection of electronic data and internet connected systems
(hardware/software)
Information security or information security program is concerned with - answers The
preservation of CIA, non-repudiation, AAA and reliabilitt
Protocols that mediate network access, and related to IAM - answers Authentication,
Authorisation and Accounting
, What is Authentication? - answers Provision of assurance of the claimed identity of an
entity
What is Authorisation? - answers Permission granted to a system entity to access a
system resource
What is accounting? - answers Process of ensuring that the actions of an entity can be
traced to the entity.
Examples of where AAA is used - answers Active Directory, RADIUS protocol (provides
centralised AAA management for users who connect and use a network service).
Why do information assets and related systems need to be protected? - answers
Information assets and related systems must be protected in order to ensure that
businesses can perform its critical processes effectively. Whilst an asset may have a
simple market value (cost of replacement), the loss of an asset may result in business
continuity and legal liabilities which outweighs market value
List potential impact a security incident could have on an organisation - answers
Financial, operational, reputation, legal and regulatory
Describe the potential financial impact of a security incident - answers Loss of market
value of asset, loss of money through cyber enabled fraud, revenue lost when asset
taken offline, regulatory compliance fines, attorney fees and litigations, share price drop.
Describe the potential regulatory impact of a security incident - answers Not meeting
regulatory compliance resulting in penalties.
Describe the legal impact of a security incident - answers Certain incidents you are
legally obliged to report to the Incident Commissioner's Office (ICO). If the incident
reveals that the company has broken Criminal law (jail, fine) or contract law ( branch of
civil law- requires lower level of evidence, eg breaking cyber sec agreement)
Reputation impact of incident - answers Deemed untrustworthy, customer leaving for a
competitor, can take a long time ( if never) to rebuild
Operational impact of an incident - answers Loss of key operational component, unable
to perform transactions, unable to provide service to customers and therefore lose
money and reputational impact
What impact would most concern Public Sector - answers Public sector - medical,
council, police and fire. Operational impact ( loss of life etc)
What impact would most concern critical national infrastructure (critinf/ CNI) - answers
Critinf - transport, utilities eg electrical or water. Operational and legal.
