2.0a Security Principles

Question 1

Confidentiality

Answer 1

Ensuring sensitive data is only accessible to authorized individuals or entities and protected from unauthorized disclosure.

Question 2

Integrity

Answer 2

Maintaining the accuracy, consistency, and trustworthiness of data and information throughout it’s lifecycle.

Question 3

Availability

Answer 3

Ensuring information and resources are accessible and usable by authorized users when needed.

Question 4

Authentication

Answer 4

Verifying the identity of users, systems, or divices to ensure they are who they claim to be.

Question 5

Authorization

Answer 5

Granting appropriate access rights and privileges to authorized users based on their roles and responsibilities.

Question 6

Non-Repudiation

Answer 6

Ensuring the origin and receipt of information or transactions can be verified and parties cannot deny their involvement.

Question 7

Defense in Depth

Answer 7

Implementing multiple layers of security controls to protect against various types of cyber threats and attacks.

Question 8

Least Privilege

Answer 8

Providing users with the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access or misuse.

Question 9

Separation of Duties

Answer 9

Assigning different tasks and responsibilities to different individuals to prevent any single person from having complete control over critical processes.

Question 10

Auditability and Accountability

Answer 10

Keeping track of security events and actions, enabling traceability and accountability in case of security incidents.

Question 11

Defense in Breadth

Answer 11

Extending security controls across various layers and components of an IT system to provide comprehensive protection against diverse cyber threats.

Question 12

Privacy

Answer 12

Ensuring the protection of individuals’ personal and sensitive information from unauthorized access or disclosure.

Question 13

Security by Design

Answer 13

Integrating security measures and considerations from the early stages of system design and development.

Question 14

Incident Response

Answer 14

Having a well-designed and practiced plan to respond to security incidents promptly and effectively.

Question 15

Patch Management

Answer 15

Regularly applying security patches and updates to software and systems to address known vulnerabilities

Question 16

Encryption

Answer 16

Using Cryptographic techniques to protect data from unauthorized access or tampering.

Question 17

Physical Security

Answer 17

Implementing measures to safeguard physical assets, such as servers, data centers, and devices, from theft or damage.

Question 18

Monitoring and Logging

Answer 18

Collecting and analyzing security logs and events to detect and respond to suspicious activities or breaches.

Question 19

Redundancy and Resilience

Answer 19

Building redundancy and resilience into critical systems to ensure continuity of operations in the face of disruptions

Question 20

User Education

Answer 20

Conducting cybersecurity awareness training for employees and users to promote safe online practices and reduce human-related security risks.

Question 21

Secure Software Development

Answer 21

Integrating secure coding practices and conduction regular security assessments during software development to minimize vulnerabilities

Question 22

Insider Threat Mitigation

Answer 22

Implementing measures to detect and prevent malicious activities from insiders, such as employees, contractors, or partners.

Question 23

Least Common Mechanism

Answer 23

Reducing the shared access to resources or data among users and applications to limit the potential impact of security breaches.

Question 24

Mobile Device Security

Answer 24

Implementing security measures to protect mobile devices such as smartphones and tablets, and the sensitive data they store or access.

Question 25

Clout Security

Answer 25

Applying security controls and best practices to secure data and applications hosted in cloud environments.

Question 26

Secure Remote Access

Answer 26

Implementing secure remote access solutions for employees and authorized users to connect to internal resources securely.

Question 27

Identity and Access Management (IAM)

Answer 27

Controlling and managing user access to systems and resources bases on their roles and permissions.

Question 28

Cyber Threat Hunting

Answer 28

Proactively searching for signs of cyber threats and intrusions within an organization’s network and systems.

Question 29

Disaster Recovery Planning (DRP)

Answer 29

Developing plans and procedures to recover IT systems and operations in case of a significant cybersecurity incident or disaster.

Question 30

Social Media Security

Answer 30

Education users about safe practices on social media platforms to prevent information leaks and social engineering attacks.