Scavenger Hunt 13-Information Security part 2 PDF

Preview

Summary

An overview of chapter 13 in ISM regarding information security. It contains details about malware, trojans, viruses and worms. Also contains sections about DDos and Defense....

Description

Scavenger Hunt – Week 13 – Information Security, part 2

Unit 1: Malware 13.01-What is Malware?  



What is malware? Payloads – characteristics of the following: o Keylogger o Bot o Ransomware Types of systems targeted by malware … and which platform suffered nearly half of malware infections as of mid2021?

13.02-Trojans  

Trojans – what are they, and how do they compromise systems? Be able to briefly describe each of the 3 types of trojans in the video – what it does, and how an attacker might use it.

13.03-Viruses and Worms   

Viruses – what are they, and how do they propagate? What is a macro? What is a macro virus? Worms – what are they, and how do they propagate?

13.04-Email Attacks      

Why is Email is a powerful attack vector? What is phishing? What three key scam techniques are used in a phishing attack? What is spoofing? How is it used in phishing? How can one avoid phishing scams? How is spearphishing different from phishing? Consider the target and methods used.

13.05-Web Browsing and Malware  



What is Malvertising? Drive-by Downloads o What are they? o How do they work? How can one defend against web-based malware?

13.06-Hazardous Hardware 

Be able to briefly explain one of the ‘hazardous hardware’ attacks from the video … How does it work? How does the cybercriminal execute the attack? What can the cybercriminal get from this attack?

13.07-Free WiFi   

What is a Man-in-the-Middle (MitM) attack? How can an attacker execute an MitM attack against open WiFi hotspot users? How can one defend against this threat?

Unit 2: DDoS 13.08-Denial of Service     

What is the “vulnerability” being exploited in a Denial of Service (DoS) attack? How does this type of attack harm the victim? How does a DDoS attack work? Be able to explain the terms Bot, Botnet, Zombie, Command&Control Based on current reports… o How frequently do DDoS attacks occur? o Roughly what is the cost of a typical DDoS attack to a small business?

Unit 3: Defense 13.09-Risk Management   

Why is data classification a necessary step in risk management? What three factors can be used to quantify IT security risk? How are they used together to estimate risk? Be able to explain the three ways that an organization can respond to IT security risk.

13.10-Defense in Depth   



Defense in depth – how does the castle metaphor apply to information security? Human vulnerabilities – what measures are suggested for addressing them? Technological solutions to technological vulnerabilities – be able to briefly describe each of the following: o Endpoint Protection o Intrusion Detection o Vulnerability Scanning o Penetration Testing Physical vulnerabilities – be able to briefly describe the steps an organization can take to protect mobile devices … and to protect USB flash drives.

“How to Stop Gullible Employees” article from Cyberheist News 

What’s the “fastest and cheapest bang for your buck” when it comes to information security?

13.11-Controlling Access 

Be able to briefly explain the importance of password complexity.

  

What is a ‘passphrase’ and why might this be a better approach than a complex password? What is MFA? Be able to briefly explain how it works and how it can it improve IT security. What are the principle of least privilege and role-based access controls? Be able to explain how these concepts can be used to improve an organization’s IT security....