interview question in IT security

huddahudda Posts: 101Member
Hi Evryone,

Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?

thanks in advance.

Comments

  • GirlyGirlGirlyGirl Posts: 219Member
    hudda wrote: »
    Hi Evryone,

    Just a quick interview question here regarding Impact in IT security job.
    If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?

    thanks in advance.


    Could be 0. I need specifics.

    What kind of account...
    User Account
    Administrator Account
    Free Wifi in the Lobby Account


    What department?
    HVAC
    HR
    Legal
    Security
    Blah
    Blah
    Blah

    I guess it depends on which account. When I get asked an open ended question I give them an open ended question. They are like, I tried to setup GirlyGirl for the okydoke and Girlygirl didn't fall for it. Ok, let me be more specific. That's what they say to themselves.
  • huddahudda Posts: 101Member
    Thank you for quick reply, it is bank user's account, outsider customer not IT department.

    thanks....
  • GirlyGirlGirlyGirl Posts: 219Member
    hudda wrote: »
    Thank you for quick reply, it is bank user's account, outsider customer not IT department.

    thanks....

    Hugh?

    So, like an employee or so like a individual who logs into the bank for transactions because they have an account?
  • scascscasc Posts: 225Member ■■■■□□□□□□
    hudda wrote: »
    Hi Evryone,

    Just a quick interview question here regarding Impact in IT security job.
    If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?

    thanks in advance.

    I’m going to spin this that access has been gotten to domain admin for instance and it’s a large enterprise which could mean a bank.

    Classic question. Impact usually falls within the realms of:

    1. Legal/compliance
    2. Operations
    3. Reputation/brand/customer confidence
    4. finance

    In this case you can argue if personal data breached then violation of data protection act or GDPR. Which results in hefty fine anyway + non compliance. Which could lead to reputation damage as customers refrain from wanting to do business with you.

    Could also mean when one gains unauthorised access and tampers with settings denying legitimate access impact is availability to a legitimate user which is an opportunity cost to unproductive time.

    Hope you get my point.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSNA, GSTRT, CEH, CHFI, TOGAF, CISMP
  • huddahudda Posts: 101Member
    Thank you scasc, I totally agree with your answer on the top of that, how about the integrity violation in terms of CIA triad ?

    Thanks
    Hudda
  • hxhxhxhx Posts: 41Member ■■□□□□□□□□
  • scascscasc Posts: 225Member ■■■■□□□□□□
    Hi - immediate impact is violation of CIA amongst other things def. But consider the wider picture regarding how an enterprise is affected by the violation. Security needs to be aligned to the business. For instance if it was an ecommerce website - and access is obtained for instance to DNS where all traffic redirects then impact is naturally not achieving business objectives of revenue along with operational impact.

    Thanks.
    hudda wrote: »
    Thank you scasc, I totally agree with your answer on the top of that, how about the integrity violation in terms of CIA triad ?

    Thanks
    Hudda
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSNA, GSTRT, CEH, CHFI, TOGAF, CISMP
  • huddahudda Posts: 101Member
    Thank you for quick reply all.

    Hudda
  • greeneongreeneon Posts: 40Member ■■■□□□□□□□
    scasc wrote: »
    Hi - immediate impact is violation of CIA amongst other things def. But consider the wider picture regarding how an enterprise is affected by the violation. Security needs to be aligned to the business. For instance if it was an ecommerce website - and access is obtained for instance to DNS where all traffic redirects then impact is naturally not achieving business objectives of revenue along with operational impact.

    Thanks.

    I agree. Always answer a question as it related to CIA.
Sign In or Register to comment.