Chapter 1

Question 1

What is Cybersecurity

Answer 1

Protection of information that is stored, transmitted, and processed in a networked system

Question 2

What is Information Security

Answer 2

Preservation of CIA

Question 3

What is Network Security

Answer 3

Protection of networks and their services

Question 4

What are the Key Objectives of Cyber Defenders

Answer 4

• Confidentiality
• Integrity
• Availability

Question 5

What are the Key Objectives of Hackers

Answer 5

• Disclosure
• Destruction
• Denial

Question 6

Differentiate System Integrity and Data Integrity

Answer 6

Data integrity ensures data and programs are changed in a specific and authorized manner while system integrity assures a system performs in an unimpaired way

Question 7

Differentiate Authentication and Authorization

Answer 7

Authentication confirms while authorization gives permission

Question 8

What are the parts of an OSI Security Architecture

Answer 8

• Security Attack: Any action that compromises security
• Security Mechanism: process or device that detects, prevents, or recover
• Security Service: enhances security processing systems, intended to counter security attacks

Question 9

Differentiate Peer Entity Authentication and Data Origin Authentication

Answer 9

Peer entity authentication provides confidence in the identity of the entities connected while Data Origin Authentication assures that the source of data is as claimed

Question 10

What is the GDPR

Answer 10

The General Data Protection Regulation of the EU aims to protect the personal data and privacy of EU residents

Question 11

What is the scope of the GDPR

Answer 11

Companies and organizations that process the data of EU residents (international and local)

Question 12

What is Lawfulness, Fairness, and Transparency

Answer 12

Data must be processed as such and individuals must be informed about how their data is used

Question 13

What is Purpose Limitation

Answer 13

Personal data must be collected for specified, explicit, and legitimate purposes only

Question 14

What is Data Minimization

Answer 14

Only collect and process data that is necessary for the intended purpose

Question 15

What is Accuracy

Answer 15

Personal data must be accurate and kept up to date with efforts to correct inaccuracies

Question 16

What is Integrity and Confidentiality

Answer 16

Data must be processed securely

Question 17

What is Storage Limitation

Answer 17

Data should be kept no longer than necessary

Question 18

What is Accountability

Answer 18

Organizations are responsible in following the GDPR and implement appropriate measures

Question 19

Who are the Key Entities Affected by the GDPR

Answer 19

Controllers and Processors

Question 20

What are the Rights Enforced by the GDPR

Answer 20

• Right to Access
• Right to Rectification
• Right to Erasure (forgotten)
• Right to Restrict Processing
• Right to Data Portability
• Right to Object (reject)
• Rights Related to Automated Decision-Making: Challenge solely automated decisions

Question 21

What is Right to Access

Answer 21

Individuals can request access to their personal data from an organization

Question 22

What is Right to Rectification

Answer 22

Individuals can request the correction of inaccurate or incomplete data

Question 23

What is Right to Erasure

Answer 23

Individuals can request the deletion of their personal data under certain conditions

Question 24

What is Right to Restrict Processing

Answer 24

Individuals can limit the way personal data is processed

Question 25

What is Right to Data Portability

Answer 25

Individuals can request their data in a structured, company-used, and machine-readable format

Question 26

What is Right to Object

Answer 26

Individuals can object to certain types of processing

Question 27

What is Rights Related to Automated Decision-Making

Answer 27

Individuals can challenge decisions made solely by automated processes that have significant effects on them

Question 28

What are the GDPR's Lawful Bases for Data Processing?

Answer 28

- Consent - Contractual Necessity - Legal Obligation - Vital Interests - Public Interest - Legitimate Interests

Question 29

What is Consent

Answer 29

Explicit permission from the individual to process their data

Question 30

What is Contractual Necessity

Answer 30

Processing necessary to fulfil a contract with an individual

Question 31

What is Legal Obligation

Answer 31

Processing required to comply with a legal requirement

Question 32

What are Vital Interests

Answer 32

Processing necessary to protect someone's life or health

Question 33

What is Public Interest

Answer 33

Processing in the public interest or authority

Question 34

What are Legitimate Interests

Answer 34

Pursuing Legitimate interests of the controller unless overridden by individual rights

Question 35

What are the Responsibilities of Organizations

Answer 35

- Appoint a DPO if they process large volumes of data - Maintain ROPA to mention how data is processed and protected - Conduct DPIAs to evaluate the risks of data processing - Provide Transparency to for data usage clarification - Ensure Vendor Compliance to hold third-party processors accountable

Question 36

What does DPO Stand for?

Answer 36

Data Protection Officer

Question 37

What does ROPA Stand for?

Answer 37

Records of Processing Activities

Question 38

What does DPIA Stand for?

Answer 38

Data Protection Impact Assessments

Question 39

What is GDPR's Fine for Non-Compliance

Answer 39

- 20 mil Euros or 4% of company's annual turnover (whichever's bigger) - lesser instances are 10 mil Euros or 2% of company's annual turnover (whichever's bigger)

Question 40

What is Personal Data?

Answer 40

Any Information that can identify an individual

Question 41

What is Sensitive Data?

Answer 41

Special, more sensitive personal data

Question 42

What is a Data Breach Notification

Answer 42

DPA breach notification within 75 hours that alerts affected individuals

Question 43

What are the Practical Compliance Steps

Answer 43

- Assess personal data your organization collects and processes - Ensure you have a lawful basis for collecting data - Create and publish a GDPR-compliant privacy notice - Implement robust security measures to protect data - Train employees on GDPR principles and responsibilities - Regularly review and update data protection policies and practices

Question 44

What is the CCPA

Answer 44

A Californian privacy law that provides individuals with greater control over their personal information

Question 45

Where does the CCPA Apply to?

Answer 45

At least one must be met: - Annual gross revenue is over $25 mil - Buy, receive, or sell the information of 50,000 or more Californian individuals, households, or devices annually - Derive 50% of annual revenue from selling Californian personal information

Question 46

According to the CCPA, what is Considered Personal Information?

Answer 46

Any data that identifies, relates, or can be reasonably linked to a specific individual or household

Question 47

What are the Consumer Rights Under CCPA

Answer 47

- Right to know - Right to Delete - Right to Opt-Out - Right to Non-Discrimination

Question 48

What are the Business Obligations Under CCPA

Answer 48

- Provide a clear and accessible privacy policy - Offer a "do not sell my personal information" link - Respond to verified customer requests regarding personal information - Take reasonable measures to secure personal data

Question 49

What are the Penalties for CCPA Non-Compliance?

Answer 49

- $7,500 fine per intentional violation - $2,500 fine per unintentional violation - Customers can sue businesses in certain data breaches with $100 to 750 per customer per incident

Question 50

Differentiate CCPA and GDPR

Answer 50

- Jurisdiction: CCPA - EU, GDPR - California - Scope: CCPA - consumer rights and data sales, GDPR - broader, covering all personal data processing - Legal Basis: CCPA - more on transparency and consumer rights, GDPR - lawful basis for data processing

Question 51

What is ISO 27001

Answer 51

International standard for Information Security Management Systems (ISMS) that enforces CIA

Question 52

What makes ISO 27001 Different from CCPA and GDPR

Answer 52

- ISO is more on information security systems - ISO is voluntary - ISO is more globally applicable

Question 53

Differentiate Privacy by Design and Privacy by Default

Answer 53

Privacy by design incorporates privacy into the design of systems from the start while privacy by default ensures strictest privacy settings are automatically applied without user intervention

Question 54

What are the Seven Foundational Principles of Privacy by Design

Answer 54

- Proactive, not reactive; preventative, not remedial - Privacy Embedded into design - Full Functionality - positive-sum, not zero-sum