interview question in IT security
Hi Evryone,
Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?
thanks in advance.
Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?
thanks in advance.
Comments
-
GirlyGirl
Member Posts: 219
Hi Evryone,
Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?
thanks in advance.
Could be 0. I need specifics.
What kind of account...
User Account
Administrator Account
Free Wifi in the Lobby Account
What department?
HVAC
HR
Legal
Security
Blah
Blah
Blah
I guess it depends on which account. When I get asked an open ended question I give them an open ended question. They are like, I tried to setup GirlyGirl for the okydoke and Girlygirl didn't fall for it. Ok, let me be more specific. That's what they say to themselves. -
hudda
Member Posts: 101
Thank you for quick reply, it is bank user's account, outsider customer not IT department.
thanks.... -
GirlyGirl
Member Posts: 219
Thank you for quick reply, it is bank user's account, outsider customer not IT department.
thanks....
Hugh?
So, like an employee or so like a individual who logs into the bank for transactions because they have an account? -
scasc
Member Posts: 465 ■■■■■■■□□□
Hi Evryone,
Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?
thanks in advance.
I’m going to spin this that access has been gotten to domain admin for instance and it’s a large enterprise which could mean a bank.
Classic question. Impact usually falls within the realms of:
1. Legal/compliance
2. Operations
3. Reputation/brand/customer confidence
4. finance
In this case you can argue if personal data breached then violation of data protection act or GDPR. Which results in hefty fine anyway + non compliance. Which could lead to reputation damage as customers refrain from wanting to do business with you.
Could also mean when one gains unauthorised access and tampers with settings denying legitimate access impact is availability to a legitimate user which is an opportunity cost to unproductive time.
Hope you get my point.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia... -
hudda
Member Posts: 101
Thank you scasc, I totally agree with your answer on the top of that, how about the integrity violation in terms of CIA triad ?
Thanks
Hudda -
scasc
Member Posts: 465 ■■■■■■■□□□
Hi - immediate impact is violation of CIA amongst other things def. But consider the wider picture regarding how an enterprise is affected by the violation. Security needs to be aligned to the business. For instance if it was an ecommerce website - and access is obtained for instance to DNS where all traffic redirects then impact is naturally not achieving business objectives of revenue along with operational impact.
Thanks.Thank you scasc, I totally agree with your answer on the top of that, how about the integrity violation in terms of CIA triad ?
Thanks
HuddaAWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia... -
greeneon
Member Posts: 40 ■■■□□□□□□□
Hi - immediate impact is violation of CIA amongst other things def. But consider the wider picture regarding how an enterprise is affected by the violation. Security needs to be aligned to the business. For instance if it was an ecommerce website - and access is obtained for instance to DNS where all traffic redirects then impact is naturally not achieving business objectives of revenue along with operational impact.
Thanks.
I agree. Always answer a question as it related to CIA.
