Annexure II

Form-(TDO- A202-03)
Record of Questions Asked & Answered by Expert in Helpdesk

Topic of Helpdesk: ["Cyber Security Controls for SMEs"]

Date of Helpdesk: [28-11-2022]
Venue: [LCCI]
City: [Lahore]
Name of Expert: [Mr. Muhammad Jahanzeb Akbar]

Question Asked by (Name of

Sr. No. Question Answer by Expert
Participant)
Ali Shafiq What is the brute force method for Brute Force is a way of finding out the right
decoding simple passwords? credentials by repetitively trying all the
permutations and combinations of possible
1 credentials. In most cases, brute force attacks
are automated where the tool/software
automatically tries to login with a list of
credentials.
Faisal N. Ahmed How has the Cyber Security threat Over the years, hackers are also evolving as
evolved in the last decade? Cyber Security controls are increasing. Other
than Phishing, now even Malware has become
2
difficult to identify, as it is now detected based
on the behavior and not the malicious
signature.
Khalid Mehmood What are the basic controls we can Always be careful of various applications being
implement to protect ourselves, installed on phones, especially the permissions
3 especially on Digital Media Platforms that are being granted. Never allow access to
(Facebook)? media, storage, and contacts unless necessary.

Shahzad Sherazi What is Port Scanning? Port Scanning is the technique used to identify
open ports and services available on a host.
4 Hackers use port scanning to find information
that can be helpful to exploit vulnerabilities.

Rehan Tahir What is the weakest link in Cyber In Cyber Security threat landscape, the weakest
Security? link in most cases are the people. You can
configure systems, firewalls, endpoints but it is
5 the humans that make errors in judgment and
put the organization at risk. The best way to
handle that is creating awareness amongst
users with regard to Cyber Security.
M. Naeem Afzal As a rule of thumb, what are the As a bear minimum, the following policies need
policies we need to have in place to to be put in place in any SME to secure itself
avoid the threat of Cyber Security? from Cyber Threat
- Acceptable Usage Policy
- Data Classification Policy
6
- Data Protection Policy
- Data Governance Structure
- Access Control Policies
- Back Up and Restore Policy
- End Point Usage Policy
Khurram Altaf What is ARP and how does it work? Address Resolution Protocol (ARP)is a protocol
for mapping an Internet Protocol address (IP
address) to a physical machine address that is
recognized in the local network.
7
When an incoming packet destined for a host
machine on a particular local area network
arrives at a gateway, the gateway asks the ARP
program to find a physical host or MAC address
that matches the IP address.
 Question Asked by (Name of
Sr. No. Question Answer by Expert
Participant)
Attique Ur Rehman What are various controls we must Typically a Payment gateway (e.g. PayPal) will
have while developing a web-based come with its own Security Baseline document.
application especially linked to However, there are certain best practices that
Payment Gateways? can be followed by developers that include:
 -All web applications and
interfaces/APIs should be on https
 Each login related activity (login,
logout, failed login, change password
etc.) to the system should be logged
in a table
 Failed logins should trigger a lock-
8
out after a determined number of
attempts.
 All applications should have captcha
on login page.
 Enforce Password complexity for all
applications. Implement a password
expiry time for all passwords.
 It is highly recommended to use the
"Secure" flag in your cookie, which
enforces the use of HTTPS to send
cookies.
Abdul Hameed How can university LMS be protected In order to avoid a ransomware attack, the first
from various Ransomware Attacks? step is to invest in END-POINT Protection and
raise awareness among end users. Also, have a
9 clear IR (Incident Response) in place that
involves data retention policies. Some of the
best vendors in the field include Symantec and
Kaspersky for protection.
Mehmood Ul Hassan How to implement a Cyber Security There are various Cyber Security Frameworks in
Environment in an organization? Is place like ISO 27001 or NIST. A ‘Cybersecurity
there a road-map? Framework’ is a collection of best practices that
an organization should follow to manage its
10 cybersecurity risk. The goal of the framework is
to reduce the company’s exposure to
cyberattacks, and to identify the areas most at
risk for data breaches and other compromising
activity perpetrated by cyber criminals
Adil What is Data Leakage? Data Leakage is an intentional or unintentional
transmission of data from within the
organization to an external unauthorized
destination. It is the disclosure of confidential
information to an unauthorized entity. Data
Leakage can be divided into 3 categories based
on how it happens:

Accidental Breach: An entity unintentionally

11
send data to an unauthorized person due to a
fault or a blunder
Intentional Breach: The authorized entity sends
data to an unauthorized entity on purpose
System Hack: Hacking techniques are used to
cause data leakage
Data Leakage can be prevented by using tools,
software, and strategies known as DLP(Data
Leakage Prevention) Tools.
Zafar What are the most common types of Following are some common cyber attacks that
Cyber Attacks? could adversely affect your system.

12 - Malware
- Phishing
- Password Attacks
- DDoS
 Question Asked by (Name of
Sr. No. Question Answer by Expert
Participant)
- Man in the Middle
- Drive-By Downloads
- Malvertising
- Rogue Software

Ayesha What is Social Engineering? Social Engineering is the art of manipulating

people into performing actions that lead to
breach of confidential data & give access to
13
personal sensitive information. Social
Engineering can be done using phone calls,
Email, Web, and Instant Messaging.
Ali Adil What can be the worst consequence DLP in some cases can cause loss of business,
of DLP? clients , reputation and in extreme cases may
14 cause loss of business.

Mustafa Hamdani Explain SSL Encryption SSL(Secure Sockets Layer) is the industry-
standard security technology creating
encrypted connections between Web Server
15
and a Browser. This is used to maintain data
privacy and to protect the information in online
transactions
Muhammad Khalid Explain SQL Injection SQL Injection (SQLi) is a code injection attack
where an attacker manipulates the data being
sent to the server to execute malicious SQL
16
statements to control a web application’s
database server, thereby accessing, modifying
and deleting unauthorized data.
Ali Hamza Explain MITM attack? A MITM(Man-in-the-Middle) attack is a type of
attack where the hacker places himself in
between the communication of two parties and
17
steal the information. Suppose there are two
parties A and B having a communication. Then
the hacker joins this communication.
*Serial number should match the number of participants in the attendance sheet, add more rows. Email softcopy to the concerned. (Total No of
questions should be same as per total participants)
*Only computerized and comprehensive Question/Answers will be considered.

Form Filled By;

Trainer/ Consultant Name: [Muhammad Jahanzeb Akbar] Signature: ___________________________

Form Checked / Reviewed By;

Name: _____________________________ Designation: ____________________________