• Question 1 Using the following risk estimation factors calculate the risk for the scenario below: Asset B has a value of 100 and has two vulnerabilities. Vulnerability has a likelihood of 0.5 with a...

• Question 1

Using the following risk estimation factors calculate the risk for the scenario below:
Asset B has a value of 100 and has two vulnerabilities. Vulnerability has a likelihood of 0.5 with a current control that addresses 50% of its risk. Your assumptions and data are 80% accurate
• Question 2

In this course, we discussed the use of authentication to validate whether the claim of identity is true. Authentication is an access control mechanism that requires the validation and verification of an unauthenticated entity’s purported identity.The following are all valid authentication credentials except ________.

• Question 3
Network Intrusion Detection and Prevention can detect an attack as it occurs. Inline IDS connects directly to the network and monitors the flow of data as it occurs. Passive IDS Connected to a port on a switch, which receives a copy of network traffic. IDS systems can be managed by ___________________

• Question 4

Five major access control models:Discretionary Access Control, Mandatory Access Control, Role-Based Access Control, Rule-Based Access Control, Attribute-Based Access Control

• Question 5

Virtual private networks, or VPNs, can provide at least two essential network security functions to IT administrators. First, they allow the secure interconnection of remote systems such as connecting branch offices to a corporate headquarters. Second, they provide mobile workers with a mechanism to securely connect from a remote locations back to the organization's network. VPNs work by using encryption to create a virtual tunnel between two systems over the Internet. Everything that enters one end of the tunnel is encrypted, and then it is decrypted when it exits the other end of the tunnel
• Question 6

In describing the approaches to Information Security Implementation, the the “Bottom-up” approach, is always better than the “Top-down” approach .

• Question 7

Discussed or identify two impacts of the case below(Picture attached).

Identify 3 solutions or recommendations you can provide to minimize the chances of unauthorized disclosure by an insider threat [5.5].
• Question 8

Management has no essential role in the development, maintenance, and enforcement of Information Security policies.

• Question 9

Firewalls can be software-based or hardware-based. Both types inspect packets and either accept, reject or drop. All modern OSs include a software firewall, usually called a host-based firewall. Host-based firewalls running on a device provide protection to the entire network.

• Question 10

With the exception ________________, the following answers are all the views we can approach Integrity.

• Question 11

_______ ________provides affirmation or guarantee of the Confidentiality, Integrity, and Availability of information

____

• Question 12

Intrusion detection and prevention systems play an extremely important role in the defense of networks against hackers and other security threats. Intrusion detection systems sit on the network and monitor traffic, searching for signs of potential malicious activity. An IDPS Compares current detected behavior with baseline is __________________________

• Question 13

Information Security education, training, and awareness (SETA) is a control measure that can reduce _____ and increases organizational resistance to many other forms of attacks, such as social engineering.

• Question 14

It has been almost four years since business owners Carl Woerndle and his brother Alex were caught up in a cyber-attack so damaging it destroyed their once prospering technology business, Distribute.IT. Carl Woerndle has given all account of how he and other staff at his former company dealt with the crisis and the fallout of the malicious hack in a new cyber security guide, in conjunction with the CIO Executive Council.
“It was a perfect storm of events,” says Woerndle.
Background
Brothers Carl and Alex Woerndle founded Distribute.IT in 2002 as a web-based start-up. The business adopted a channel sales strategy, appointing resellers to on-sell its services. Over the next nine years, the firm branched into cloud-based web server hosting, distributing SSL certificates and SMS services.
By 2011, Distribute.IT had secured 10 per cent of the market for Australian domain names, held multiple international domain accreditations and had 30,000 hosting clients through 3,000 active resellers. Distribute IT had a total Asset Value of approximately $1000. The percentage of asset affected durinng the attack 50%
Later that year the business suffered a severe cyber-attack, just as it was growing.
The initial breach – week 1
At 5pm on Friday June 3, Woerndle received a call from his CIO alerting him to a breach in the company’s network.
“We had about 30,000 clients and a minimum of two per day were targeted on our network, so we were used to managing security,” says Carl Woerndle.
DOS attacks and single targeted sites on servers are fairly common for hosting providers, but this attack was different. The hacker had managed to bypass the company’s entire security protocol, get behind its firewall and gain access to its master user access information. This event was the catalyst for a three-week nightmare ride for all involved with the business and its clients. While Distribute.IT was proactive in its response and compliance obligations, re-building most of its network over the next week, these measures would not be enough to save the business. A current security vulnerability scan showed the company has one vulnerability, which has a likelihood of 0.5 with no current controls. The value of the server with this vulnerability is $1,000. The assumptions and data are 80% accurate.
“We put in two back-to-back, 72-hour shifts during the week so it was a massive effort by all,” says Woerndle.
The destructive attack – week 2
Although the company felt it had mitigated its issues, in the end the work completed the week before was for nothing. At 4:30pm on Saturday 11 June, Distribute.IT’s network monitoring system went crazy.
The IT team watched servers go offline every few seconds, as the hacker had regained access to the company’s network, before escalating into an extremely malicious attack.
The hackers targeted and destroyed servers inside Distribute.IT’s network, including back-ups, then locked the IT team out, meaning the only way to get control was to ‘pull the plug’ at the data centre.
This attack targeted Distribute.IT’s primary trading and hosting systems, shared web servers and backup systems, removing its ability to trade. The company had to rebuild its entire infrastructure from the ground up …again.
“We were into our third 72-hour block [working on the problem] and by this time, we were completely and utterly exhausted,” says Carl Woerndle.
The network was switched on again on the evening of Monday 13 June, but with its primary websites and VoIP systems down and client databases compromised. By Tuesday 14 June, Distribute.IT started to lose clients. The trust and brand equity that had been built up over nine years had eroded.
Knowledge of the hack became so widespread that the company had an email from hacking group Anonymous saying ‘it wasn’t us’. By Monday June 20, time had run out. With resellers possibly losing their livelihoods and many websites unrecoverable, the company had no choice but to seek a quick alternative solution.
“My brother and I knew at this point that our business was gone,” Woerndle says.
The aftermath
The hacker’s main entry point was carefully targeted towards an individual company employee who was deemed vulnerable. The hacker was able to save key logging malware onto the staff member’s laptop. The malware built up a password database and used the laptop’s secure VPN connection to access the network.
Based on the case above:
A. Summarize this case study in (Maximum 3 paragraphs) [5 Marks].
B. Discuss what measure the company should have put in place to minimize the risk of such breach (prior to the breach) – Minimum 5 measures [5 Marks]
C. Calculate [5 Marks]
i. The Single Loss Expectancy
ii. Using risk estimation factors Calculate the Risk

• Question 15

Establishing best practices for limiting access can help secure systems and data. The following are all considered as an example of best practices:
 Separation of duties
 Job rotation
 Mandatory vacations
 Clean desk policy
• Question 16

Controls are put into place to mitigate or reduce the likelihood of Information Security risk. With the exception of ______________, all the answers can be considered as part of Administrative control.

• Question 17

___________ is the risk to information assets that remains even after current controls have been applied.
• Question 18

Reconnaissance is a set of processes and techniques (Footprinting, Scanning ) used to discover and collect information about a target system covertly. During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible, using multiple avenues
• Question 19

Malicious insider threat is a current or former employee, contractor, or business partner who meets the following criteria:
 has or had authorized access to an organization’s network, system, or data

 has intentionally exceeded or intentionally used that access in a manner that negatively affected the confidentiality, integrity, availability, or physical well-being of the organization’s information or information systems or workforce.

In your own words describe or list 5 strategies of addressing insider threat

• Question 20

The most restrictive access control model is ____.

• Question 21

What security concept states a user should only be given the minimum set of permissions required to perform necessary tasks?

• Question 22

_____________________sets strategic direction, scope, and tone for all security efforts within the organization. It is Executive-level document, usually drafted by or with chief information officer (CIO) of the organization, and Typically addresses compliance in two areas: General compliance to ensure meeting of requirements to establish the program and assigning responsibilities therein to various organizational components; Use of specified penalties and disciplinary action

• Question 23

From Exercise 1, Netstats is a cool diagnostic utility. It will determine the route the message takes from Denver to Albuquerque by using ICMP echo packets sent to the destination. You've seen ICMP in action before—with the ping command.

• Question 24

In defending against attacks, list three fundamental security principles for defenses against information systems attacks. In your own words describe one of the listed fundamental security principles you have listed

• Question 25

In addressing Information System controls, the following are some of the control functions: Preventative, Deterrent, Corrective, Recovery.

• Question 26

________________is the quantity and nature of risk that an organization is willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
• Question 27

Several attacks that target a networkor a process that relies on a network These attacks can be grouped into Interception attacks and Poisoning attacks.The following are all poisoning attack except _________________________
• Question 28

From Exercise 1, the main use of nslookup is to help with any DNS issues you may have. You can use it to find the IP address of a host, find the domain name of an IP address, or find mail servers on a domain. This tool can be used in an interactive and a non-interactive mode.

• Question 29

Risk control is the application of controls that reduce the risk to an organization’s information assets to an acceptable level. On the other hand Risk identification focuses on the recognition, enumeration, and documentation of risks to an organization’s information assets.
• Question 30

A switch is a device that connects network hosts. It can learn which device is connected to each of its ports. It examines the M A C address of frames that it receives. The following are all types of attacks on a switch except _______________

• Question 31

Risk assessment is the determination of the extent to which an organization’s information assets are exposed to risk. The goal of information security is to bring residual risk into line with risk appetite.
• Question 32

For an organizations' Information Security policy to remain viable, it must have all of the following attributes or processes except ________

• Question 33

Using the following risk estimation factors calculate the risk for the scenario below:
Asset A has a value of 50 and has one vulnerability, which has a likelihood of 1.0 with no current controls. Your assumptions and data are 90% accurate
• Question 34

During footprinting, the ability to detect a target computer’s operating system (OS) is very valuable to an _______

• Question 35

First, “identification” occurs when a subject claims a specific identity.

Second, “authentication” happens when a subject proves they are who they claim they are.

Third, “authorization” occurs when the log is reviewed for compliance.

Fourth, “auditing” is a recording of activities for a given subject in a log .

• Question 36

0 out of 2 points
Authorization is the access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels. The following statements are all true except __________

• Question 37

Security should be considered a balance between protection and availability. To achieve balance, the level of security must allow reasonable access, yet protect against threats. It is possible to obtain perfect information security.

• Question 38

Host intrusion detection system (H I D S) is a software-based application that can detect an attack as it occurs. It is installed on each system needing protection. The following are all advantages of HIDS:
- It can monitor network traffic that does not reach local system
- Resource-intensive and can slow system

• Question 39

Firewalls often sit at the network perimeter in between an organization's routers and the Internet. From this network location, they could easily see all inbound and outbound connections. Traffic on the internal network may flow between trusted systems unimpeded, but anything crossing the perimeter to or from the Internet must be evaluated by the firewall. It can be software-based or hardware-based. The following are firewall actions on a packet except