Professional Documents
Culture Documents
Is Audit Revision
Is Audit Revision
1. Malware, short for malicious software, such as Trojans, viruses, and worms that
2. Social engineering attacks such as phishing that fool users into giving up
by attackers before the vendor has released a patch or even before they are aware
of the vulnerability.
Vulnerability Scanners: Automated tools that scan systems and networks to detect
Penetration Testing: Also known as ethical hacking, this involves simulating cyber
code.
Dynamic Application Security Testing (DAST): Tests applications as they run to find
vulnerabilities that are visible only during the operation of the application.
Configuration Management Tools: Tools like Chef, Puppet, and Ansible can be used to
A threat is any potential agent or event that could harm the system by exploiting
severity of the exploitation depends on the threat actor’s intent and capability and the
Malware Infection: Any incident involving malicious software such as viruses, worms,
data, or resources. This can include credential theft, privilege escalation, or bypassing
security controls.
Data Breach: Involves the unauthorized retrieval, exposure, or theft of data. This can be
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: These
incidents aim to make a service unavailable to its intended users by overwhelming the
have inside information concerning the organization's security practices, data, and
computer systems.
integrity, and availability (CIA), the scope of the incident, and the potential damage or
loss.
Preparation: Develop and maintain an incident response plan, train the response team,
monitoring security alerts and analyzing them to determine if they warrant further
investigation.
Eradication: Identify the root cause of the incident and remove affected components to
Recovery: Restore and validate system functionality for business operations. This step
often involves patching systems, changing passwords, and tightening security controls.
Lessons Learned: After handling the incident, conduct a debriefing to evaluate the
Security Information and Event Management (SIEM): Tools like Splunk, LogRhythm,
and IBM QRadar that collect, store, and analyze security logs from various sources to
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Tools such as
Snort or Cisco's IPS that monitor network traffic to detect and potentially prevent
Intrusion Prevention System (IPS), also known as intrusion detection prevention system
(IDPS), is a technology that keeps an eye on a network for any malicious activities
Forensic Tools: Tools like EnCase, FTK, and Volatility are used for digital forensics,
helping to uncover the root cause of the incident and preserve evidence for potential
legal actions.
1. Financial Gain
One of the most common motives is financial profit. Attackers often target businesses
and individuals to steal credit card information, banking credentials, or even to directly
transfer funds. Ransomware attacks, where data is encrypted and a ransom is demanded
2. Political reason
entities looking to gain a competitive edge or interfere in the affairs of rivals or other
nations. Industrial espionage, for example, targets trade secrets and other corporate
data.
3. Revenge
Revenge includes attacks meant to disrupt, degrade, or destroy an organization's
4. Gain Reputation
In some cases, individuals engage in hacking simply for the personal challenge or to
gain reputation within certain communities. These attackers, often called "grey hat"
hackers, might not have a specific financial or political motive but engage in hacking to
Some attackers are driven by the desire to learn and experiment. This can include
students or amateur technologists who are curious about the workings of networks and
systems. While not necessarily malicious in intent, their unauthorized activities can still
6. Blackmailing
damaging attacks, or harm their reputation unless demands (often financial) are met.
7. Terrorism
In more extreme cases, cyber-attacks can be used as a form of terrorism. These attacks
seek to inspire fear, cause physical harm, or disrupt societal functions through the
COBIT 5 PRINCIPLES
and aligning IT strategy with organizational goals. Here are the five principles of
This principle focuses on creating value for stakeholders through the effective and
efficient use of IT. It emphasizes aligning IT objectives with business objectives and
and management.
COBIT 5 applies to the whole enterprise, not just the IT department. It integrates IT
processes into the enterprise's governance framework, ensuring that there is a seamless
connection between business and IT goals across all areas of the organization, from
COBIT 5 can integrate with other standards and frameworks (like ISO 27001, ITIL, and
NIST), providing a comprehensive overview that reduces complexity, eliminates
redundant processes, and ensures that all governance and management activities are
infrastructure, and applications. This holistic view helps organizations address the
Governance ensures that stakeholder needs, conditions, and options are evaluated to
plans, builds, runs, and monitors activities in alignment with the direction set by the
governance body to achieve the enterprise objectives. This separation clarifies the
efficient management.
Define the term IS/IT Governance and describe five basic outcomes of an
IS/IT Governance:
1. Strategic Alignment:
Ensures that IT goals are aligned with the organization’s strategic objectives,
2. Risk Management:
Identifies, manages, and mitigates IT-related risks, considering the impact on the
entire organization.
3. Resource Optimization:
4. Value Delivery:
organization.
5. Performance Measurement:
Establishes relevant metrics to measure and monitor the performance and health
objectives.
State and briefly explain the six stages of System Development Life
Cycle (SDLC) and the role of the IS auditor within each stage.
1. Planning:
This stage involves defining the scope and purpose of the IT project.
IS Auditor Role: Assess the adequacy of the project planning process, ensure alignment
with business goals, and verify that risk assessments are performed.
2. Analysis:
IS Auditor Role: Review requirements for completeness and feasibility, and ensure that
3. Design:
4. Implementation (Development):
IS Auditor Role: Audit the development process for adherence to standards, proper
5. Testing:
IS Auditor Role: Ensure that deployment follows organizational policies, data migration
is secure, and post-implementation reviews assess whether the system meets the
policies.
monitoring tools.
3. Corrective Controls: Intended to correct any issues after a security incident has
procedures.
Recovery controls include disaster recovery plans and data recovery processes.
Processes of Access Control Mechanism, when a user requests for
resources
the user is granted based on predefined security policies. This determines which
files, systems, or network resources the user can access and what operations they
can perform.
IT Risk Management
IT Risk Management refers to the process of identifying, assessing, responding to, and
environment. It involves:
2. Risk Assessment: Evaluating the likelihood and impact of these risks occurring.
Four courses of action management can take in response to identified risks are:
Mitigation: Taking steps to reduce the likelihood or impact of a risk.
Acceptance: Deciding to accept the risk, typically when it's low or the cost of mitigation
Transfer: Sharing the risk with a third party, such as through insurance or outsourcing.
Cite three examples of roles that an IS auditor needs to ensure are segregated within
1. System Administrator and System Auditor: The administrator should not have
the ability to modify logs or system settings that would hide or alter actions they
have taken.
3. Data Entry and Data Review/Approval: The individual who enters data should not
be the same person who reviews or approves it, to prevent the entry of fraudulent
or erroneous data.
Within the context of Recovery Strategies, explain the differences between: Warm
Recovery strategies are critical for business continuity planning, and they include:
Warm Sites: Partially equipped office spaces that have some hardware and connectivity
in place but require some time to become operational. They are a middle ground
Duplicate/Redundant IPFs: These are facilities that are fully equipped and immediately
available. They are identical replicas of the primary site with full redundancy for critical
Mobile Sites: Portable offices that can be deployed to a site and set up to provide
operational capabilities. These are usually trucks or trailers equipped with necessary