Course 5 – IT Security: Defense Against the Digital Dark Arts

by
Contents hide
1 Week 6: Creating a Company Culture for Security
2 PRACTICE QUIZ: RISK IN THE WORKPLACE
3 PRACTICE QUIZ: USERS
4 PRACTICE QUIZ: INCIDENT HANDLING
5 QUIZ: CREATING A COMPANY CULTURE FOR SECURITY
Spread the love

Week 6: Creating a Company Culture for Security

You’re done with the course, and now this final week is all about building up a trust-based security culture. In modern tech roles, however, understanding how to undertake measures in terms of the primary goals- confidentiality, integrity, and availability-with respect to security is important.

By the end of this module, you will:

  • Identify the strategies, means, and practices to achieve the three goals of security.
  • Design a security plan for small or medium-sized organizations.
  • Draft a disaster recovery plan for the resilience of the organization in unexpected incidents.

PRACTICE QUIZ: RISK IN THE WORKPLACE

1. What are some examples of security goals that you may have for an organization? Check all that apply.

  • To protect customer data from unauthorized access (CORRECT)
  • To deploy an Intrusion Prevention System
  • To implement a strong password policy
  • To prevent unauthorized access to customer credentials (CORRECT)

Great job! All these actually constitute the objectives of security: we shall achieve confidentiality, integrity, and availability. It is therefore protection measures, systems, and defense mechanisms through which we achieve these objectives. In fact, they have to be seen as tools, but not the end objectives, such as when one considers firewalls or encryption. They play an indispensable role in protecting the systems and ensuring we continue to meet the other goals around the securing of sensitive data, maintaining trust, and ensuring continuous access to services.

2. Which of these would you consider high-value targets for a potential attacker? Check all that apply.

  • Networked printers
  • Authentication databases (CORRECT)
  • Logging server
  • Customer credit card information (CORRECT)

That’s right! Spot on! Credit card information of the consumer’s accounts is high in demand by a hacker since it can be turned into instant cash on the online black markets that disallow activity of this kind. Again, authentication databases about the usernames and passwords are great valuables for them since they can use this information in their effort to perform the credential stuffing attacks on other websites and services. Hence, the need for strong encryption, multi-factor authentication, and applying several security measures to protect sensitive data and avoid unauthorized access.

3. What’s the purpose of a vulnerability scanner?

  • It fixes vulnerabilities on systems.
  • It blocks malicious traffic from entering your network.
  • It protects your network from malware.
  • It detects vulnerabilities on your network and systems. (CORRECT)

Correct! Vulnerability scanners actually scan and verify the hosts on your network for misconfigurations or weaknesses in security and generate a detailed report accordingly.

4. What are some restrictions that should apply to sensitive and confidential data? Check all that apply.

  • It can be stored on encrypted media only.
  • It can be transferred via email.
  • It can be stored on removable media.
  • It can be accessed and stored on personal devices.

Nice work! Sensitive information is something that should be handled carefully in order for it not to be accessed by any unauthorized third party. Encrypt this information as a very important method of protecting it for purposes of unauthorized access prevention.

5. What’s a privacy policy designed to guard against?

  • Eavesdropping on communications
  • Denial-of-service attacks
  • Misuse or abuse of sensitive data (CORRECT)
  • Attackers stealing customer data

Yep! Privacy policies state how sensitive information is accessed and used. The policy restricts the authorized parties who can handle sensitive data.

PRACTICE QUIZ: USERS

1. You’re interested in using the services of a vendor company. How would you assess their security capabilities? Check all that apply.

  • Request full access to their systems to perform an assessment
  • Ask them to complete a questionnaire (CORRECT)
  • Assume that they’re using industry-standard solutions
  • Ask them to provide any penetration testing or security assessment reports (CORRECT)

Great job! A security assessment questionnaire gives a good and quick overview of what security measures are put in place by such a vendor company. Moreover, reports on past penetration tests or security assessments deliver big amounts of information on the security posture of the vendor.

2. What’s the goal of mandatory IT security training for an organization? Check all that apply.

  • To educate employees on how to stay secure (CORRECT)
  • To build a culture that prioritizes security (CORRECT)
  • To punish employees with poor security practices
  • To avoid the need for a security team

Exactly! The aim of such training is to prevent loss, theft, unauthorised duplication, interference and damage of electronic records, files and statements through best practices such self protective measures among employees as well as by developing an organizational culture of protection and security across employee groups.

PRACTICE QUIZ: INCIDENT HANDLING

1. What’s the first step in handling an incident?

  • Contain the incident
  • Remove or eradicate of the incident
  • Recover from the incident
  • Detect the incident (CORRECT)

Yep! Before taking any possible actions, the first important thing is to recognize that an incident has been taken place. Awareness is the first step in effectively responding to any security event.

2. How do you protect against a similar incident occurring again in the future?

  • Change all account passwords.
  • Cross your fingers and hope for the best!
  • Conduct a post-incident analysis. (CORRECT)
  • Update your antivirus definitions.

Correct! By carrying out an investigation into the incident, an attacker can be identified as a means of determining access into a network or systems where the vulnerabilities were exploited and corrective action instituted to remedy those gaps.

QUIZ: CREATING A COMPANY CULTURE FOR SECURITY

1. What’s the first step in performing a security risk assessment?

  • Threat modeling (CORRECT)
  • Logs analysis
  • Vulnerability scanning
  • Penetration testing

That’s right! Threat modeling consists of identifying the various threats that are possible for your systems or network and then assigning priority to them based on the likelihood and severity of the attack. This is the first step in assessment and management of security risks.

2. Which of the following should be incorporated into a reasonably secure password policy that balances security with usability? Check all that apply.

  • A length of at least 8 characters (CORRECT)
  • A requirement to use dictionary words
  • A complexity requirement of special characters and numbers (CORRECT)
  • A password expiration time of 6-12 months (CORRECT)

Excellent job! It should be powerful but at the same time usable enough to be long, say at least 8 characters, include some punctuation and other types of character types, and should be changed regularly but not too quickly for the order to be frustrating to users.

3. What’s a quick and effective way of evaluating a third party’s security?

  • A comprehensive penetration testing review
  • A manual evaluation of all security systems
  • A security assessment questionnaire (CORRECT)
  • A signed contract

You nailed it! A security assessment questionnaire evaluates the security measures concerning a third party and how well they are taking this heritage. Such information is very important in decision-making between parties before doing business with each other.

4. Beyond restoring normal operations and data, what else should be done during the recovery phase?

  • Take systems offline
  • Correct the underlying root cause (CORRECT)
  • Update documentation
  • Assign blame for the incident

Awesome! But you would find the source of the problem and come away with suggestions on changes to prevent a similar occurrence in the future.

5. Security risk assessment starts with _____.

  • Payment processing
  • Threat modeling (CORRECT)
  • Outside attackers
  • Attack impact

You got it! In beginning a security risk assessment, threat modeling comes into place, allowing the discovery of an intrusion, detection of vulnerabilities, prioritization of any risk exposures as well as measures to mitigate these risks.

6. Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply.

  • Print customer information
  • Audit access logs (CORRECT)
  • Lease privilege (CORRECT)
  • VPN connection
 

Thanks! Auditing access logs is essential for ensuring that only authorized individuals have access to sensitive information.

Exactly! Applying the principle of least privilege means restricting access to specific data unless absolutely necessary, ensuring that only those who need it for their role can access it.

7. When employees need to access sensitive data, they should do all of the following EXCEPT what?

  • Specify exact data needed
  • Time limit
  • A second signature (CORRECT)
  • Provide justification

Awesome! Signature for data access; it is not a common thing, and a need for another signature is much rarer. This level of authentication increases the security requirement considerably by making sure that two parties are involved in the process in the event of granting access.

8. When considering third-party service providers to host sensitive data, you should conduct a vendor risk review. What actions does this include? Check all that apply.

  • Test the vendor’s hardware or software. (CORRECT)
  • Ask vendor to fill out a security questionnaire. (CORRECT)
  • Talk to vendor employees.
  • Ask vendor for a cost comparison.

That’s a fact! Testing software or hardware can help reveal potential security vulnerabilities that may be exploited.

That is it! The questionnaire shall capture the various aspects of security policies, procedures, and defenses adopted by the third party, and this would help gauge their security posture at a higher level.

9. Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Check all that apply.

  • Bring your own device
  • Designated mailing list (CORRECT)
  • Desktop monitoring software
  • Posters promoting good security behavior (CORRECT)

A mailing list is the medium through which specific questions are asked and security-related issues are raised towards encouraging communication and awareness.

A mailer provides a personal platform for people to ask questions or report issues with regard to security. Exactly! Posters and informational flyers are effective tools for promoting good security practices and reminding individuals to stay vigilant in their security behaviors.

10. The very first step of handling an incident is _____ the incident.

  • blaming
  • understanding
  • ignoring
  • detecting (CORRECT)

Great work! Indeed! The very first thing that one must know of is the detection of the occurrence of an incident. It cannot be responded to or remedied otherwise than by detection.

11. Once the scope of the incident is determined, the next step would be _____.

  • remediation
  • documentation
  • escalation
  • containment (CORRECT)

Nice job! Absolutely! After scoping out the incident, the next very crucial step is containment. Isolating infected systems to prevent further damage or spreading the problem while investigating and approaching the root cause is.

12. What risk are you exposing your organization to when you contract services from a third party?

  • Trusting the third party’s security (CORRECT)
  • Man-in-the-middle attacks
  • DDoS attacks
  • Zero-day vulnerabilities

Yep! Impeccably right! When working with a third party, you are depending on them for fairly good security measures to protect the data or access that you have trusted into them. Security compliance is your best bet in really ensuring that they are keeping your data safe and sound.

13. What are the first two steps of incident handling and response? Check all that apply.

  • Incident detection (CORRECT)
  • Incident containment (CORRECT)
  • Incident eradication or removal
  • Incident recovery

Nice work! Detection of an incident is, first of all, followed by knowing that an incident is happening, then anything else will be done to take action. Once it has been detected, it will be contained so that any damage will be limited and will not spread before resolution can take place.

14. When handling credit card payments, your organization needs to adhere to the _____.

  • IEEE
  • HIPAA
  • PCI DSS (CORRECT)
  • ISO

Great work! Yes! While taking credit card payments, your organization must comply with the Payment Card Industry Data Security Standard (PCI DSS). This is a security standard set that protects cardholder data and practices secure payment processing.

15. In the Payment Card Industry Data Security Standard (PCI DSS), which of these goals would benefit from encrypted data transmission?

  • Protecting cardholder data (CORRECT)
  • Maintaining a vulnerability management program
  • Monitoring and testing networks regularly
  • Implement strong access control measures

Nice job! Exactly! Encryption is necessary for the transmission of data, particularly when transmitted over open networks. Even if the data gets intercepted by unauthorized users, they cannot read or understand it and hence can’t misuse it for inappropriate purposes.

16. _____ is the practice of attempting to break into a system or network for the purpose of verification of systems in place.

  • Penetration testing (CORRECT)
  • Security assessment
  • Vulnerability scanning
  • Network probing

You nailed it! That’s so correct! The term penetration testing widely covers all types of attacks, wherein actual attacks are simulated against a system or network to determine its vulnerabilities. The purpose of penetration testing is, therefore, to check how effective the currently installed security measures are, and even better, whether the installation could withstand attacks.

17. What are some ways to combat against email phishing attacks for user passwords? Check all that apply.

  • Virtual private network
  • Spam filters (CORRECT)
  • User education (CORRECT)
  • Cloud email

Absolutely! The spam filters are an integral part of the safety measures of users from harboring phishing emails in their inbox, or even rejecting them outright.

Yes, it is important as well for training the users to identify phishing emails in order for them not at all to succumb to the scams or visit fraudulent sites.

18. Google provides free _____, which is a good starting point when assessing third-party vendors.

  • Vendor security assessment questionnaires (CORRECT)
  • Business apps
  • Cloud storage
  • Mobile phone services

Woohoo! Definitely! The Vendor Security Assessment Questionnaires put out by Google can be adopted to create a similar form for your organization. These questionnaires would usually cover important aspects of security practices and protocols and would serve as a solid basis to assess the security posture of prospective vendors.

19. Periodic mandatory security training courses can be given to employees in what way? Check all that apply.

  • Short video (CORRECT)
  • One-on-one interviews
  • Brief quiz (CORRECT)
  • Interoffice memos

Indeed! The training of delivering very short films or information would entertain and involve people while informing employees about critical principles of security.

Perfectly true! The use of a very short quiz at the end of the entire training period makes learning permanent, as well as tests whether the employees understand it.

20. After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly _____.

  • backed up
  • baselined
  • tested (CORRECT)
  • removed

You got it! Absolutely! After restoring a known backup and fixing vulnerabilities, it is important to test the systems thoroughly to make sure they are functioning correctly and securely before bringing them back online. This ensures that there are no lingering issues and that everything works as it should.

21. How can events be reconstructed after an incident?

  • By reviewing and analyzing logs (CORRECT)
  • By interviewing the people involved
  • By doing analysis of forensic malware
  • By replaying security video footage

Excellent! Audit logs help trace the events preceding and constituting an incident. This knowledge enables one to see how intruders act, what systems have been compromised, and whether the incidents are large enough for an offensive response.

22. A company wants to restrict access to sensitive data. Only those who have a “need to know” will have access to this data. Strong access controls need to be implemented. Which of these examples, that don’t include user identification, are used for 2-factor authentication? Check all that apply.

  • Common Access Card
  • Password (CORRECT)
  • U2F token (CORRECT)
  • Smart card

Well done! It is so! When aggregated logs are reviewed, one can usually notice some oddities in a pattern or correlation, such as a number of hosts simultaneously connecting to a suspicious external address. This can be a flag for possible problems such as malware infection. Investigating such anomalies would help detect and mitigate security threats.

 21. What is the combined sum of all attack vectors in a corporate network?

  • The Access Control List (ACL)
  • The attack surface (CORRECT)
  • The risk
  • The antivirus software

Definitely! A password serves as a factor to authenticate and provide access but doesn’t directly identify a user-it’s simply a secret that the user knows.

Basically, a U2F (Universal Second Factor) token making use of another authentication means does not immediately identify a person but serves as another added level of security beyond passwords access.

23. Data handling policies usually forbid the storing of confidential information on which of these devices? Check all that apply.

  • CD drives (CORRECT)
  • Encrypted portal hard drives
  • Limited access file shares
  • USB sticks (CORRECT)

Awesome! Generally, it is prohibited to save confidential data on removable media, such as a USB drive.

Awesome! Storing confidential information on removable media such as USB sticks is usually forbidden.

24. Third-party services that require equipment on-site may require your company to do which of the following? Check all that apply.

  • Provide additional monitoring via a firewall or agentless solution. (CORRECT)
  • Provide remote access to third-party service provider. (CORRECT)
  • Report any issues discovered from evaluating hardware. (CORRECT)
  • Evaluate hardware in the lab first. (CORRECT)

You nailed it! Your company should monitor these third-party devices because it is a new potential attack surface on the network.

Great job! Your company might need to grant remote access to a third-party service provider for under equipment maintenance.

Great job! After assessing and monitoring the devices, any issues that arise from the monitoring should be sent to the vendor for resolution.

Great job! Your company must conduct lab-testing of all third-party devices before they can be deployed onto the company’s network.

25. What tool can you use to discover vulnerabilities or dangerous misconfigurations on your systems and network?

  • Antimalware software
  • Firewalls
  • Bastion hosts
  • Vulnerability scanners (CORRECT)

Awesome! A vulnerability scanner serves as the tool amid scanning for the present vulnerability or misconfigured network and systems that pose a serious threat.

26. A strong password is a good step towards good security, but what else is recommended to secure authentication?

  • Strong encryption
  • Password rotation
  • 2-factor authentication (CORRECT)
  • Vulnerability scanning

Exactly! When supplemented with a strong password, two-factor authentication greatly augments the security of your authentication system.

27. Which of these are examples of security tools that can scan computer systems and networks for vulnerabilities? Check all that apply.

  • OpenVAS (CORRECT)
  • Qualys (CORRECT)
  • Wireshark
  • Nessus (CORRECT)

Hooray! OpenVAS is a computing tool that scans systems and networks for vulnerabilities.

Hooray! Qualys is a software tool for scanning systems and networks for vulnerabilities.

Hooray! Nessus is a software tool used for scanning systems and networks for vulnerabilities.

28. Which of these are bad security habits commonly seen amongst employees in the workplace? Check all that apply.

  • Password on a post-it note (CORRECT)
  • Leave laptop logged in and unattended (CORRECT)
  • Log out of website session
  • Lock desktop screen

Awesome! Writing passwords on a sticky note is not a good security practice at all.

29. A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company’s security policies? Check all that apply.

  • Upload to a personal OneDrive
  • Upload to a personal Google drive
  • Share directly via VPN (CORRECT)
  • Upload to company secure cloud storage. (CORRECT)

Good work! A VPN connects a head office and an employee such that files can be shared directly with security.

Nice job! An organization can adopt an approved and secured method such as a secure cloud storage solution to share large files with utmost care remotely.

30. The incident response team found malware on several user workstations. Trying to remove the malware infection is becoming time consuming. There is important data on the workstations. Which of these actions will recover the workstations back to a malware-free state? Check all that apply.

  • Replace the hard drive
  • Restore file from backup (CORRECT)
  • Rebuild the machine (CORRECT)
  • Replace network cable

Right on! Backup repository allowed recovery of user files after machine regeneration.

Leave a Comment