Chapter 1 Flashcards
What an example of a privacy law in Europe that dictates how data belonging to European citizens is handled?
GPDR -General Data Protection Regulation
Define Privacy
the right of an individual to control the distribution of information about themselves
How do you protect data that is entrusted to you as a Cyber Security Analyst
By using the CIA Triad
What is a vulnerability
an inherent weakness or flaw in a system or component which, if triggered or acted upon could cause a risk event to occur.
What is a threat
Something or someone that aims to exploit a vulnerability in order to gain unauthrorized access.
Define Authentication
Access control process that compares one or more factors of identification to validate the identity of someone trying to authenticate
Define authorization
The right or a permission that is granted to a system entity to access a system or resource
Define Confidentiality
Characteristic of data or info when it is not made available or disclosed to unauthorized people.
Define Privacy
The right of an individual to control the distribution of information about themselves.
Define an asset
something in need of protection
What is risk
The intersection of threats, vulnerabiliites and assets.
define a threat vector
Approach and technique used by a threat actor
Define the likelihood of occurrence
is a weighted factor based on a subjective analysis of the probability that a given threat or set of threats is capable of exploiting a given vulnerability or set of vulnerabilities.
Define impact as it relates to risk management
the magnitude of harm that can be expected to result from the consequences of a comprised CIA.
What are three strategies for identifying risk.
Identify risk to communicate it clearly.
Employees at all levels of the organization are responsible for identifying risk.
Identify risk to protect against it.
Define Risk assessment
the process of identifying, estimating and prioritizing risks to an organization’s operations assets, individuals, other organizations and even the nation.
Wha vtis one outcome of a of a risk assessment be
The aligning of each identified risk with the goals, assets, or processes the organization uses
What are the primary goals of a risk assessment
Estimate and prioritize risks
What is risk treatment
making decisions about the best actions to take regarding the identified and prioritized risk.
What are the four types of risk treatment
Avoidance
Acceptance
Mitigation
Transfer
Define Risk avoidance
Decision to attempt to eliminate the risk entirely.
Define Risk Acceptance
When the organization accepts the risk and makes no effort to mitigate, avoid, or transfer
Define risk mitigation
taking actions to prevent or reduce the possibility of a risk event or its impact.
Mitigations include remiadation measures, security controls, creating and enforicing policies and procedures.
How can Qualitative risk analysis be identified
Method for risk analysis that is based on the assignment of a descriptor such as low, med, high
Think of the quality of experience driving the quality of assignement
