📚 Resources Hub

"Define what is meant by 'phishing'."

Phishing is a social engineering attack where attackers send fraudulent communications that appear to come from reputable sources to trick recipients into revealing sensitive information or downloading malware.

"Describe the features of ransomware."

Ransomware is malware that encrypts victim files or locks their system. It displays a ransom note demanding payment, often in cryptocurrency like Bitcoin, within a specific timeframe. The malware typically spreads through phishing emails or exploit kits, and may threaten to delete files or increase the ransom if payment deadlines are missed.

"Explain how SQL injection attacks work."

SQL injection works by exploiting vulnerabilities in an application's database queries. When user input is not properly validated, attackers can insert malicious SQL code into input fields. This code gets executed by the database server, allowing attackers to bypass authentication, retrieve sensitive data, or modify database contents. For example, entering ' OR '1'='1' -- in a login field can make the SQL query always return true, granting unauthorized access. The attack succeeds because the application treats malicious input as legitimate SQL commands rather than data.

"Identify cybersecurity vulnerabilities in networks."

Network vulnerabilities include: unpatched software (known security bugs not fixed), misconfigured firewalls (allowing unnecessary traffic), weak credentials (easily guessed passwords), zero-day exploits (unpatched vulnerabilities), SQL injection (database manipulation), cross-site scripting (malicious scripts in web apps), and missing encryption (data transmitted in plaintext).

"Consider mitigations following cybersecurity testing."

After testing identifies vulnerabilities, several mitigations should be considered. Patching involves applying software updates, OS patches, and application fixes to address known vulnerabilities. User access control should be reviewed and strengthened using principle of least privilege and multi-factor authentication. High availability measures like redundancy and failover systems ensure business continuity if attacks succeed. Staff training and awareness programs help employees recognize threats like phishing. An escalation process must be established to ensure critical vulnerabilities reach appropriate decision-makers quickly. Organizations should prioritize mitigations based on risk assessment, addressing critical vulnerabilities first while planning remediation for lower-priority issues.

"Demonstrate the steps to be taken when a vulnerability has been identified."

When a vulnerability is identified, follow these steps: 1) Document the vulnerability - record details, severity, affected systems, and discovery date in organizational incident log. 2) Assess risk and impact - evaluate likelihood of exploitation and potential business impact using organizational risk matrix. 3) Follow escalation policy - notify IT security team immediately for critical vulnerabilities; log medium/low priority issues in tracking system per organizational procedures. 4) Apply mitigation - for unpatched systems, enable automatic updates in Windows Update settings, then manually run updates immediately. 5) Verify fix - test that vulnerability is resolved through re-scanning or manual verification. 6) Document closure - update incident log with remediation actions and closure date per organizational procedures.

"Apply the correct response to a vulnerability."

For the unpatched software vulnerability identified in Question 8, I applied the following response: First, I accessed Windows Update settings on the affected system and enabled automatic updates to prevent future vulnerabilities. I set it to install updates daily at 2 AM when the system isn't in use. Next, I manually ran Windows Update to immediately install all available security patches, which included 15 critical updates that had been pending for 3 months. After installation, I rebooted the system and verified patch installation by checking Windows Update history. Finally, I documented the remediation in our vulnerability tracking system, marking the vulnerability as "Resolved" with evidence screenshots. This response directly addresses the root cause and prevents recurrence through automation.

"Analyse the effectiveness of current security controls."

Current security controls show mixed effectiveness. The firewall successfully blocks 99.8% of unauthorized access attempts, evidenced by IDS logs showing 50,000+ blocked connections monthly. However, email filtering is less effective, with 15% of phishing emails reaching users, resulting in 3 successful compromises this quarter. Access control implementation is strong, using multi-factor authentication for all remote access with zero unauthorized access incidents. Conversely, patch management is weak, with average patch deployment taking 45 days compared to industry standard of 7-14 days, creating extended vulnerability windows. Employee security training completion is only 60%, leaving 40% of staff vulnerable to social engineering. Overall, technical controls perform well, but process-based controls need improvement through faster patching and mandatory training to achieve comprehensive security posture.

"Make recommendations for improving security posture."

I recommend implementing automated patch management to reduce vulnerability windows from 45 to 7 days, significantly decreasing exploit risk. This should be prioritized as unpatched systems are the primary entry point for recent attacks. Second, mandatory security awareness training should be enforced quarterly with phishing simulations, as 40% of staff lack current training, creating the weakest link in defenses. Third, upgrade email filtering to an AI-based solution to improve phishing detection from 85% to 98%, reducing successful social engineering attacks. Finally, implement EDR (Endpoint Detection and Response) on all endpoints to detect and respond to threats that bypass perimeter controls. These recommendations address identified weaknesses while remaining cost-effective and practical to implement within 6 months.