Module 2: The Evolution of Cybersecurity

by
Contents hide
1 INTRODUCTION – The Evolution of Cybersecurity
2 TEST YOUR KNOWLEDGE: THE HISTORY OF CYBERSECURITY
3 Learning Objectives
4 TEST YOUR KNOWLEDGE: THE EIGHT CISSP SECURITY DOMAINS
5 MODULE 2 CHALLENGE
Spread the love

INTRODUCTION – The Evolution of Cybersecurity

Trace the genealogies of emerging threats to cybersecurity, which, in tandem with the explosive spread of computers, have flourished alongside them. Learn the historical and modern thrilling incidences of cybercrime that have significantly impacted the advance of the security field. Stuart about the details of these attacks with the focus on the increasing presence of cybersecurity.

Having fully captured the eight security domains, one might be knowledgeable in all aspects of the components of cybersecurity. This would certainly make one appreciate the earlier days and the present-day world of cybersecurity in terms of threats and countermeasures.

Learning Objectives

  • Specific attacks become most typical: past and present.
  • Understand business and security impact approaches.
  • Appreciate how business attacks of yesteryears created the outcome of today’s security field.
  • Identify the CISSP eight security domains and explain their importance in the context of cybersecurity.

TEST YOUR KNOWLEDGE: THE HISTORY OF CYBERSECURITY

1. Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage.

  • code (CORRECT)
  • hardware
  • sequencing
  • formatting

Explains malware in either of the following ways: a form of malicious code that disturbs the operation of computers and damages them. It is another form of malware meant to be self-replicating and spreading to other systems, causing loss of data, system failure, and even security breaches.

2. What is one way that the Morris worm helped shape the security industry?

  • It made organizations more aware of the significant financial impact of security incidents.
  • It prevented the development of illegal copies of software. (CORRECT)
  • It led to the development of computer response teams.
  • It inspired threat actors to develop new types of social engineering attacks.

Its logical implication is that it served to initiate the process which has eventually emerged into what would now be termed Computer Security Incident Response Teams (CSIRTs). Hence, this incident established a need for coordinated response to cybersecurity threats and vulnerabilities in and of itself; the very founding stone of modern cyber incident management.

3. What were the key impacts of the Equifax breach? Select two answers.

  • Millions of customers’ PII was stolen. (CORRECT)
  • Phishing became illegal due to significant public outcry.
  • The significant financial consequences of a breach became more apparent. (CORRECT)
  • Developers were able to track illegal copies of software and prevent pirated licenses.

Such breach of Equifax resulted in millions of customers’ personal identifiable information (PII) being stolen, highlighted the liabilities this breach incurs, and created public awareness regarding the huge financial complications following this breach. This incident exemplified the significant value of ensuring the protection of data and the very possible financial, reputational, and regulatory questions against organizations that do not maintain security over sensitive data.

4. Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.

  • True
  • False (CORRECT)

Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.

Data analysts hold several roles within their works. In this part of the course, you learn about some of these roles and the fundamental skills used by analysts. You will also learn analytical thinking as well as its relevance to data-driven decision making.

Learning Objectives

  • Define the terms data and decision-driven. Clarify the examples What are the most important attributes of analytical thinking?
  • Self-assessment of analytical thinking should be accompanied by examples of the situations in which analytical thinking has been applied to carry out Individual tasks.
  • Understand the five fundamental analytical abilities of a data analyst.
  • How analytical thinking leads to better decision-making.
  • How to question better going forward.

5. What type of manipulation technique was the LoveLetter attack?

  • Login credentials
  • Unsolicited email
  • Social engineering (CORRECT)
  • Digital communication

The case of LoveLetter has clearly illustrated how social engineering can be employed. This technique of manipulation is used especially to exploit a person’s ignorance and bring about access to confidential information, systems, or valuables. In this case, the attacker sent an email containing an infected attachment and persuaded the target to open that attachment. As soon as it was opened, the virus spread and caused havoc, once again showing how dangerous social engineering techniques are carried out in a cyberattack.

TEST YOUR KNOWLEDGE: THE EIGHT CISSP SECURITY DOMAINS

1. Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.

  • domains (CORRECT)
  • data
  • networks
  • assets

Just a few of the extensive list of security domains are security and risk management, security architecture, and engineering. The identification, assessment, and management of security risks are thus complemented with the design and implementation of secure systems and infrastructures to protect the organizational assets from potential threats.

2. A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?

  • Asset security (CORRECT)
  • Software development security
  • Communication and network security
  • Security and risk management

It deals with the security of assets, in which the management and safeguarding of digital and physical assets need to include proper storage and maintenance as well as retention and destruction of data in a lifecycle manner. It also ensures that all those sensitive information are protected throughout the lifecycle and are in compliance with rules and regulations, as well as best practices.

3. Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?

  • Asset security
  • Security assessment and testing (CORRECT)
  • Security operations
  • Software development security

It relates to security assessments as well as testing which conducted regular auditing about user permissions determining whether employees and teams had the right access level. The audits highlight exceptions such as unauthorized access or misconfigurations, ensuring, therefore, that only authorized individuals can access sensitive information while maintaining integrity and security of the system.

MODULE 2 CHALLENGE

1. Which of the following threats are examples of malware? Select two answers.

  • Error messages
  • Viruses (CORRECT)
  • Worms (CORRECT)
  • Bugs

2. Fill in the blank: Social engineering is a ______   that exploits human error to gain private information, access, or valuables.

  • manipulation techniques (CORRECT)
  • replicating virus
  • type of malware
  • business breach

Correct!

3. Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply.

  • Malicious software being deployed (CORRECT)
  • Theft of the organization’s hardware
  • Employees inadvertently revealing sensitive data (CORRECT)
  • Overtaxing systems with too many internal emails

Correct!

4. Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?

  • Security architecture and engineering
  • Security assessment and testing
  • Identity and access management
  • Security and risk management (CORRECT)

Correct!

5. Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?

  • Security architecture and engineering (CORRECT)
  • Communication and network security
  • Identity and access management
  • Security and risk management

Correct!

6. Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?

  • Security operations
  • Communication and network security
  • Security assessment and testing
  • Asset security (CORRECT)

Correct!

7. A security professional is auditing user permissions at their organization in order to ensure employees have the Correct! access levels. Which domain does this scenario describe?

  • Security and risk management
  • Security assessment and testing (CORRECT)
  • Asset security
  • Communication and network security

Correct!

8. Which of the following tasks may be part of the identity and access management domain? Select three answers.

  • Ensuring users follow established policies (CORRECT)
  • Managing and controlling physical and logical assets (CORRECT)
  • Setting up an employee’s access keycard (CORRECT)
  • Conducting security control testing

Correct!

9. Which domain involves conducting investigations and implementing preventive measures?

  • Security operations (CORRECT)
  • Security and risk management
  • Identity and access management
  • Asset security

Correct!

10. Fill in the blank: A _____   is malicious code written to interfere with computer operations and cause damage to data.

  • software breach
  • spyware attack
  • business disruption
  • computer virus (CORRECT)

Correct!

11. Fill in the blank: Exploiting human error to gain access to private information is an example of _________  engineering.

  • communication
  • digital
  • social (CORRECT)
  • network

Correct!

12. A security professional is researching compliance and the law in order to define security goals. Which domain does this scenario describe?

  • Security assessment and testing
  • Security architecture and engineering
  • Security and risk management (CORRECT)
  • Identity and access management

Correct!

13. Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.

  • Validating the identities of employees
  • Ensuring that effective systems and processes are in place (CORRECT)
  • Configuring a firewall (CORRECT)
  • Securing hardware

Correct!

14. A security professional is ensuring proper storage, maintenance, and retention of their organization’s data. Which domain does this scenario describe?

  • Asset security (CORRECT)
  • Security assessment and testing
  • Security operations
  • Communication and network security

Correct!

15. Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.

  • Conducting security audits (CORRECT)
  • Collecting and analyzing data
  • Auditing user permissions (CORRECT)
  • Securing physical networks and wireless communications

Correct!

16. Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?

  • Security assessment and testing
  • Security and risk management
  • Communication and network security
  • Identity and access management (CORRECT)

Correct!

17. Which of the following tasks may be part of the security operations domain? Select all that apply.

  • Conducting investigations (CORRECT)
  • Implementing preventive measures (CORRECT)
  • Investigating an unknown device that has connected to an internal network (CORRECT)
  • Using coding practices to create secure applications

Correct!

18. Fill in the blank: Social engineering is a manipulation technique that exploits______   error to gain access to private information.

  • human (CORRECT)
  • computer
  • coding
  • network

Correct!

19. A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.

  • Phishing attacks (CORRECT)
  • Overtaxing systems with too many internal emails
  • Employees inadvertently revealing sensitive data (CORRECT)
  • Malicious software being deployed (CORRECT)

Correct!

20. Which of the following tasks are part of the security and risk management domain? Select all that apply.

  • Securing physical assets
  • Defining security goals and objectives (CORRECT)
  • Business continuity (CORRECT)
  • Compliance (CORRECT)

Correct!

21. Fill in the blank: The _____  spread globally within a couple of months due to users inserting a disk into their computers that was meant to track illegal copies of medical software.

  • LoveLetter attack
  • Morris worm
  • Brain virus (CORRECT)
  • Equifax breach

Correct!

22. Which of the following tasks may be part of the asset security domain? Select all that apply.

  • Ensuring users follow established policies
  • Data storage and maintenance (CORRECT)          
  • Securing digital and physical assets (CORRECT)
  • Proper disposal of digital assets (CORRECT)

Correct!

23. A security professional is asked to issue a keycard to a new employee. Which domain does this scenario relate to?

  • Security assessment and testing
  • Identity and access management (CORRECT)
  • Security and risk management
  • Communication and network security

Correct!

24. Which security event, related to the successful infiltration of a credit reporting agency, resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?

  • LoveLetter attack
  • Morris worm
  • Equifax breach (CORRECT)
  • Brain virus

Correct!

25. A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?

  • Training about network optimization
  • Training about social engineering (CORRECT)
  • Training about security architecture
  • Training about business continuity

Correct!

26. Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?

  • Communication and network security
  • Identity and access management
  • Security assessment and testing (CORRECT)
  • Security and risk management

Correct!

Leave a Comment