Module 1: History of Cybersecurity

by
Contents hide
1 INTRODUCTION – History of Cybersecurity
2 INTRODUCTION TO CYBERSECURITY TOOLS & CYBER ATTACKS
3 WHAT ARE WE TALKING ABOUT WHEN WE TALK ABOUT CYBERSECURITY?
4 FROM RONALD REAGAN TO WHERE WE ARE TODAY
5 CYBERSECURITY PROGRAMS
6 CYBERSECURITY – A SECURITY ARCHITECT’S PERSPECTIVE
7 WHAT IS CRITICAL THINKING?
8 HISTORY OF CYBERSECURITY
9 CONCLUSION – History of Cybersecurity
Spread the love

INTRODUCTION – History of Cybersecurity

This module explains the evolution of cybersecurity as the most essential part in the understanding of terms and the roles associated with it.

Learning Objectives:

  • Explain why it is very complex to have a well-established architecture in cybersecurity.
  • Recent statistics concerning the present state of affairs in cybersecurity.
  • Explain key events that shaped how the United States is approaching the issue of cybersecurity.
  • Summarize the event that led to the establishment of the first national policy on cybersecurity.
  • Discuss the different roles found in an information security department.
  • Identify vulnerability assessment, and most common types by which vulnerabilities enter systems.
  • Contrast human security threats with natural security threats, giving an example for each type of human and natural threat.
  • Define terms such as vulnerability, threat, exploit, and risk.
  • What are the three components of the CIA Triad?
    Define “cybersecurity”.
  • What are the essential things that can make up an organization’s cybersecurity program?
  • Summarize several conditions that complicate the implementation of regarded cybersecurity.
  • Explain the need for critical thinking among individuals involved in cybersecurity.
  • Summarize how quickly technology and tools are changing and thus necessitate critical thinking in cybersecurity.
  • Discuss each of the parts that make up the critical thinking model.
  • Give the five core skills of critical thinking.

INTRODUCTION TO CYBERSECURITY TOOLS & CYBER ATTACKS

1. Jeff Crume described 5 challenges in security today. Which three (3) of these are challenges because their numbers are increasing rapidly?

  • Needed knowledge (CORRECT­)
  • Alerts (CORRECT­)
  • Available analysts
  • Available time
  • Threats (CORRECT­)

Complete knowledge can never be obtained by a cybersecurity analyst, as new systems are ceaselessly being added and new vulnerabilities keep on emerging.

The hrge volume of alerts that require investigation is only soaring further.

The rate at which the threats are increasing, which must be addressed by cybersecurity analysts, is accelerating.

2. About how many unfilled cybersecurity jobs are expected by the year 2022?

  • 180,000
  • 1.8 million (CORRECT­)
  • 180 million
  • There is expected to be a surplus of available skills by 2022.

Correct! Job opportunities will be very many for persons with the requisite skill.

WHAT ARE WE TALKING ABOUT WHEN WE TALK ABOUT CYBERSECURITY?

1. Which is the National Institute of Standards’ (NIST) definition of cybersecurity?

  • The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (CORRECT­)
  • The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.
  • The measures taken to protect governmental and military computer and weapons systems from unauthorized use, alteration, disruption or destruction.

Correct! The following quote is as defined by the National Institute of Standards and Technology: cybersecurity or information security.

2. Which three (3) are components of the CIA Triad?

  • Information
  • Availability (CORRECT­)
  • Access
  • Confidentiality (CORRECT­)
  • Integrity (CORRECT­)
  • Cyber

Partially correct! Availability is the “A” in CIA.

Partially correct! Confidentiality is the “C” in CIA.

Partially correct! Integrity is the “I” in CIA.

3. “A flaw, loophole, oversight, or error that can be exploited to violate system security policy.” Is the definition of which key cybersecurity term?

  • Threat
  • Vulnerability (CORRECT­)
  • Risk
  • Exploit

Correct! It is an explanation for what a cybersecurity vulnerability would be.

4. “An event, natural or man-made, able to cause a negative impact to an organization.” Is the definition of which key cybersecurity term?

  • Threat (CORRECT­)
  • Vulnerability
  • Exploit
  • Risk

Correct! This defines the cybersecurity threats-:

5.  Most cyber attacks come from which one of the following sources?

  • Natural factors, such as hurricanes, lightning and tornados.
  • External threats, such as hackers, malware and viruses.
  • Malicious events, such as an attack orchestrated by a foreign government.
  • Internal factors, such as current and former employees. (CORRECT)

Correct! Most cyber attacks originate with inside actors.

6. Vulnerabilities are weaknesses in a system that can be exploited. Which are the two (2) most common ways in which vulnerabilities are introduced to a system?

  • Many vulnerabilities are introduced to a system by malware such as Trojan horses.
  • Many vulnerabilities occur as a result of misconfiguration by the system administrator. (CORRECT)
  • Many vulnerabilities are inherent in a systems operating system and cannot be patched, only monitored.
  • Many systems are shipped with known and unknown security holes, such as insecure default settings. (CORRECT)

Untrained administrators usually create many security holes which can be exploited.

Most systems introduce many proprietary vulnerabilities which are both unknown and known at delivery, thus generating many concerns from the outset.

7. Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms?

  • Information Security Analyst (CORRECT)
  • Chief Information Security Officer
  • Information Security Auditor
  • Information Security Architect

Correct! Information security assessment and evaluation of security events–that is the affair of Information Security Analyst.

FROM RONALD REAGAN TO WHERE WE ARE TODAY

1. Which American president first recognized the need for a national policy on cybersecurity?

  • George W Bush
  • Ronald Reagan (CORRECT)
  • Gerald Ford
  • Barack Obama

Correct, it was President Ronald Reagan!

2. In addition to specific events, what other factor has led to an enhanced need for strong cybersecurity?

  • There is nothing illegal about accessing any computer you wish, as long as you do not do harm.
  • To save money, common operating systems have paid little attention to security and are easily hacked.
  • Computing devices like PCs and smartphones are now used by a large majority of people. (CORRECT)
  • Weapons systems are now fully automated and can be controlled remotely.

Correct! Currently, the world has more computing devices of several sizes than at any other time in its history, used by an ever-growing number of people.

3. Between 2010 and 2016 the number of new software vulnerabilities discovered during this 7-year period was in what range?

  • 50 to 100
  • 1000 to 2000
  • 7000 to 10,000 (CORRECT)
  • 35,000 to 40,000

Correct! Between 7k and 10k new software vulnerabilities have been recorded during the 7-year time period.

4. An example of weaponizing a cybervulnerability is the use of the Stuxnet virus. Which attack by a government actor successfully used this virus?

  • Stuxnet was used by agents acting on behalf of the Russian government to hack Hillary Clinton’s email server.
  • Stuxnet was used by Edward Snowden to hack US intelligence agency servers and download classified information about secret surveillance programs.
  • Stuxnet was used to steal an estimated $100M from various banks in the United States and the UK.
  • Stuxnet was used to disable uranium processing equipment in an Iranian nuclear facility. (CORRECT)

Correct! Stuxnet is believed to have ruined thousands of advanced and sensitive uranium enrichment centrifuges.

CYBERSECURITY PROGRAMS

1. Which three (3) security challenges face today’s organizations?

  • Protectors have to be right just once
  • Protection of enforcement structure can complicate solutions (CORRECT)
  • Solutions can be attacked themselves (CORRECT)
  • Security is not as simple as it seems (CORRECT)

It is a demonstration of how “guards require guards” to indicate the requirement of additional layers of security.

The attack gets underway successfully by tampering with or incapacitating the defense mechanisms.

Strong security proves complex and multifaceted as a result of the need for multiple layers of protection.

2. In John’s example of friends and enemies, what is the name used to refer to the intruder?

  • Bob
  • Trudy (CORRECT)
  • Boris
  • Alice

Correct. Trudy (intruder) may intercept, delete, add messages

3. Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept?

  • Authentication
  • Confidentiality (CORRECT)
  • Integrity
  • Availability

Correct! A message becomes confidential only when the message sender and intended target are the only two who can read and access the message’s contents.

4. The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?

  • Authentication (CORRECT)
  • Integrity
  • Availability
  • Confidentiality

Correct! It signals that both ends of the given relationship i.e., the sender and the receiver of the message, can identify each other beyond any doubt.

CYBERSECURITY – A SECURITY ARCHITECT’S PERSPECTIVE

1. Which three (3) security challenges face today’s organizations?

  • Protectors have to be right just once
  • Protection of enforcement structure can complicate solutions (CORRECT)
  • Solutions can be attacked themselves (CORRECT)
  • Security is not as simple as it seems (CORRECT)

It is a case of “the guards needing guards”; that is, additional security layers would be needed.

Now, a successful attack is initiated by negating or getting around defenses opposing it.

Effective security is thus a complicated and multifarious undertaking.

2. In John’s example of friends and enemies, what is the name used to refer to the intruder?

  • Bob
  • Trudy (CORRECT)
  • Boris
  • Alice

Correct. Trudy (intruder) may intercept, delete, add messages

3. Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept?

  • Authentication
  • Confidentiality (CORRECT)
  • Integrity
  • Availability

Correct! A confidential message exists, if only the sender and the intended audience have the means to read the contents.

4. The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?

  • Authentication (CORRECT)
  • Integrity
  • Availability
  • Confidentiality

Correct! Authentication is the process by which a sender and a receiver can be assured of each other’s identity with certainty.

WHAT IS CRITICAL THINKING?

1. Which is the presenter, Kristin Dahl’s definition of Critical Thinking?

  • Critical thinking is a mode the brain goes into during critical or emergency situations.
  • Critical thinking is the controlled, purposeful thinking directed toward a goal. (CORRECT)
  • Critical thinking is taking on the mindset of your opponent (the hacker for example) and trying to think like him/her.
  • Critical thinking involves always looking for the flaw or weakness in any given situation.

Correct! Critical thinking is that focusing and purposeful thinking which is conducted to bring about a specific end or goal.

2. The Critical Thinking Model presented places critical thinking at the overlap of which four (4) competencies?

  • Critical thinking characteristics (attitudes & behaviors). (CORRECT)
  • The strength necessary to be critical of others who are advocating unsafe practices.
  • Technical skills and competencies. (CORRECT)
  • Theoretical and experimental knowledge, intellectual skills and competencies. (CORRECT)
  • Interpersonal skills and competencies. (CORRECT)
  • The ability to place yourself in the mindset of an adversary or attacker.

Partially correct! That is purposeful thinking, one of the four elements of critical thinking, directed toward a specified goal and intentional.

3. Put yourself in others’ shoes – reframe the problem is an example of which of the 5 Key  Skills of Critical Thinking?

  • Understand Context (CORRECT)
  • Identify Key Drivers
  • Consider Alternatives
  • Challenge Assumptions

Correct! Actually many of the problems are there because one fails to see the other point of view.

HISTORY OF CYBERSECURITY

1. What was shown in the movie War Games that concerned President Reagan?

  • The movie gave an accurate portayal of the Iran-Contra scandle that could have only come from inside sources.
  • A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons. (CORRECT)
  • US Army generals did not know how to use the advanced weapons systems they were responsible for.
  • KGB agents from the USSR were able to hack into Pentagon computer systems and steal plans for advanced US weapons.

2. In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?

  • The failed Bay of Pigs invasion.
  • Confirmed reports of Al Qaeda operatives hacking the E-mail servers of US Government agencies.
  • The attack against the USS Cole while it was in port in Yeman.
  • 9/11 (CORRECT)

3. According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?

  • $100M
  • $1B
  • $10B
  • $100B (CORRECT)

4. Who are Alice, Bob and Trudy?

  • They are fictional characters used to illustrate how cryptography works. (CORRECT)
  • They were members of British Navel Intelligence who did pioneering work in secure communications that later became known as cryptography.
  • They are the founders of modern cryptography.
  • They are the pseudonyms (false names) used by members of the hacktivist group Anonymous.

5. Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?

  • Security practices are viewed as being “in the way”.
  • Security architectures require constant effort.
  • Security is often an after-thought; something that is added at the end of a project rather than baked into the project from the start.
  • All of the above (CORRECT)

6. “A defined way to breach the security of an IT system through a vulnerability” is the definition of which key cybersecurity term?

  • Risk
  • Vulnerability
  • Threat
  • Exploit (CORRECT)

7. “A situation involving exposure to a danger.” Is the definition of which key cybersecurity term?

  • Threat
  • Exploit
  • Vulnerability
  • Risk (CORRECT)

8. Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?

  • Security program (CORRECT)
  • Technical controls
  • Asset management
  • Administrative controls

9. In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?

  • The availability of communication that needs to be shared between the 3 friends.
  • The complexity of communication between people who use different protocols.
  • The positioning of firewalls that assure the integrity of communication between the 3 friends.
  • The security of communication between Alice and Bob that risks interception by Trudy. (CORRECT)

10. Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?

  • Confidentiality (CORRECT)
  • Integrity
  • Availability
  • All of the above.

11. Alice sends an encrypted message to Bob but it is intercepted by Trudy.  Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?

  • Confidentiality
  • Integrity
  • Availability (CORRECT)
  • All of the above

12. Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?

  • Confidentiality
  • Integrity (CORRECT)
  • Availability
  • All of the above

13. According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?

  • Exposure and Sensitivity
  • Identify Indicators and Exposure
  • Sensitivity and Adaptive Capacity
  • Potential Impacts and Adaptive Capacity (CORRECT)

14. According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter? 

  • Every 1 minute (CORRECT)
  • Every 1 Second
  • Every 10 minutes
  • Every 10 seconds

CONCLUSION – History of Cybersecurity

This module has indeed laid the foundation of understanding in the evolution of cybersecurity and has also introduced some of the important terminologies along with roles in that context. Historical and conceptual understanding now places you in a better position to navigate the complexities of cybersecurity and understand how it is evolving in today’s digital world.

This major central knowledge is going to go a long way to help further study and specialization in cybersecurity practices and principles.

Leave a Comment