interview question in IT security

hudda

Hi Evryone,

Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?

thanks in advance.

GirlyGirl

hudda wrote: »

Hi Evryone,

Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?

thanks in advance.

Could be 0. I need specifics.

What kind of account...
User Account
Administrator Account
Free Wifi in the Lobby Account


What department?
HVAC
HR
Legal
Security
Blah
Blah
Blah

I guess it depends on which account. When I get asked an open ended question I give them an open ended question. They are like, I tried to setup GirlyGirl for the okydoke and Girlygirl didn't fall for it. Ok, let me be more specific. That's what they say to themselves.

hudda

Thank you for quick reply, it is bank user's account, outsider customer not IT department.

thanks....

GirlyGirl

hudda wrote: »

Thank you for quick reply, it is bank user's account, outsider customer not IT department.

thanks....

Hugh?

So, like an employee or so like a individual who logs into the bank for transactions because they have an account?

scasc

hudda wrote: »

Hi Evryone,

Just a quick interview question here regarding Impact in IT security job.
If hacker able to successfully log in to someon’s account, what is the impact apart from the finanial loss ?

thanks in advance.

I’m going to spin this that access has been gotten to domain admin for instance and it’s a large enterprise which could mean a bank.

Classic question. Impact usually falls within the realms of:

1. Legal/compliance
2. Operations
3. Reputation/brand/customer confidence
4. finance

In this case you can argue if personal data breached then violation of data protection act or GDPR. Which results in hefty fine anyway + non compliance. Which could lead to reputation damage as customers refrain from wanting to do business with you.

Could also mean when one gains unauthorised access and tampers with settings denying legitimate access impact is availability to a legitimate user which is an opportunity cost to unproductive time.

Hope you get my point.

hudda

Thank you scasc, I totally agree with your answer on the top of that, how about the integrity violation in terms of CIA triad ?

Thanks
Hudda

hxhx

You might find this useful

https://danielmiessler.com/study/infosec_interview_questions/

scasc

Hi - immediate impact is violation of CIA amongst other things def. But consider the wider picture regarding how an enterprise is affected by the violation. Security needs to be aligned to the business. For instance if it was an ecommerce website - and access is obtained for instance to DNS where all traffic redirects then impact is naturally not achieving business objectives of revenue along with operational impact.

Thanks.

hudda wrote: »

Thank you scasc, I totally agree with your answer on the top of that, how about the integrity violation in terms of CIA triad ?

Thanks
Hudda

hudda

Thank you for quick reply all.

Hudda

greeneon

scasc wrote: »

Hi - immediate impact is violation of CIA amongst other things def. But consider the wider picture regarding how an enterprise is affected by the violation. Security needs to be aligned to the business. For instance if it was an ecommerce website - and access is obtained for instance to DNS where all traffic redirects then impact is naturally not achieving business objectives of revenue along with operational impact.

Thanks.

I agree. Always answer a question as it related to CIA.