Chapter 1 Risk Management Flashcards

1
Q

What is a big part of the discussion when it comes to cybersecurity today?

A

Business risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the foundational concepts of cybersecurity?

A

Assets, threats, threat actors, vulnerabilities, and the CIA triad (Confidentiality, Integrity, Availability).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are assets in cybersecurity?

A

Personal information, photos, bank information, and other valuable data we want to keep secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What represents a threat in the analogy of cybersecurity?

A

A pirate sneaking up to steal the golden coins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is risk defined in cybersecurity terms?

A

The potential for a threat to exploit a vulnerability and cause harm to assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the essence of cybersecurity?

A

Understanding and protecting assets, recognizing risks, addressing vulnerabilities, and minimizing risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the CIA triad in cybersecurity?

A

Confidentiality, Integrity, and Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does confidentiality ensure in cybersecurity?

A

Data is only accessible to those who have the authority to view it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What can unauthorized access lead to in terms of confidentiality?

A

Data breaches with legal and reputational consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does integrity ensure in cybersecurity?

A

Data remains unaltered and genuine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is integrity important in a banking system?

A

It ensures that the amount deducted from one account matches the amount added to another, preventing mistrust and financial loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does availability ensure in cybersecurity?

A

Systems, applications, and data are available and operational when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is availability crucial in a hospital setting?

A

The database of patients must be available, especially during emergencies, to prevent financial losses, hindered operations, or endangering lives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the role of the CIA triad in dealing with cybersecurity threats?

A

It serves as a trusted shield to address and manage threats effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are threat actors in cybersecurity?

A

Individuals or groups that pose a threat to digital assets, such as unskilled hackers, hacktivists, insider threats, and shadow IT.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What factors determine the threat level of a threat actor?

A

Resources, funding, sophistication, and capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How are threat actors categorized based on their relation to a company?

A

Internal or external to the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe unskilled hackers in the treasure chest analogy.

A

Rookie pirates in rickety boats using basic maps and readily available hacking tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the characteristics of unskilled hackers?

A

External, low resources, low funding, low sophistication, low capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Who are hacktivists in the context of cybersecurity?

A

Pirates that hack to promote a political or social agenda, akin to pirates trying to overthrow a tyrant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the characteristics of hacktivists?

A

External, low resources, low funding, low sophistication, low capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What makes insider threats particularly dangerous?

A

They are part of the company’s trusted crew with intimate knowledge of the company’s secrets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the characteristics of insider threats?

A

Internal, high resources (company’s resources), low funding, variable sophistication, high capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is shadow IT in companies?

A

Unauthorized apps or services used by employees, creating vulnerabilities inadvertently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the characteristics of shadow IT?

A

Internal, high resources, low funding, variable sophistication, high capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is an application allow list?

A

A list of trusted applications allowed access through the security gate, keeping unknown or potentially dangerous ones out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Why is an application allow list important in cybersecurity?

A

It ensures only known and trusted applications get access, bolstering defenses against unwanted intruders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What analogy is used for an application allow list?

A

: A diligent guard at a special gate, allowing only trusted pirates (applications) to approach the treasure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the importance of threat intelligence in cybersecurity?

A

To be aware of the latest threats, prevent them from affecting systems, and reduce incident response time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is TTP in cybersecurity?

A

Adversary Tactics, Techniques, and Procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How does TTP help in cybersecurity?

A

By providing step-by-step methods used by attackers to gain access or crash a system, allowing for proactive security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the benefit of tools that provide graphical representations of threats?

A

They offer a live geographical map showing where malware threats are currently active and additional details about affected sectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is open source intelligence (OSINT)?

A

Publicly available information sources like government reports, media reports, academic reports, and freely available online tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is closed source or proprietary intelligence?

A

Private threat intelligence sources that require a subscription or vendor sign-up to access the latest threat information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the Google Hacking exploit database?

A

An example of open source intelligence that focuses on using the Google search engine to find potentially sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are common vulnerabilities and exposures (CVEs)?

A

Uniquely numbered threats known internationally, freely available as an example of OSINT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What was a known vulnerability used in the Equifax hack of 2017?

A

Apache Struts vulnerability CVE-2017-5638.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the dark web, and why is it relevant for threat intelligence?

A

A part of the internet not indexed by search engines, accessible through the Tor network, used for anonymous and encrypted communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

How does the Tor network work?

A

By routing traffic through multiple servers worldwide to mask the origin location, ensuring anonymity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is automated indicator sharing (AIS)?

A

A method for automatically sharing threat intelligence information among different software programs and enterprises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the Structured Threat Information Expression (STIX) format?

A

A specialized format for packaging threat intelligence information understood by many dissimilar systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the Trusted Automation Exchange of Intelligence Information (TAXII) standard?

A

A standard for transmitting specially formatted threat intelligence information across networks, often integrated into security monitoring tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

How do open source and closed source threat intelligence differ?

A

Open source is freely available to the public, while closed source requires a subscription or vendor sign-up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What are risk vectors in cybersecurity?

A

Points or factors through which threats can exploit vulnerabilities, including mission-critical IT systems, third-party access, and physical access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What must be considered to manage risks related to data?

A

Knowing what data you have, where it resides, and third-party access to the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is an access control vestibule or mantrap?

A

A security feature where a second internal door opens only after the first external door has closed and locked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Why is limiting booting from removable media important?

A

o prevent unauthorized access or actions like resetting an administrator password by booting from external media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is a Risk Management Framework (RMF)?

A

A structured approach to managing risks, including best practices and standards from organizations like CIS, NIST, and ISO/IEC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is NIST SP 830 revision one?

A

A guide for conducting risk assessments, providing step-by-step guidelines on understanding assets and related risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is the General Data Protection Regulation (GDPR)?

A

A regulation protecting the private information of EU citizens, applicable regardless of where the data is processed or stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is HIPAA?

A

The Health Insurance Portability and Accountability Act, designed to protect American patient medical information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is PCI DSS?

A

The Payment Card Industry Data Security Standard, applying to any organization dealing with cardholder information, providing recommendations for protecting this data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

How are security policies crafted within an organization?

A

By mirroring requirements from standards, laws, and regulations to manage risk effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are acceptable use policies (AUPs)?

A

Policies dictating how employees can use company resources, like email and internet access, for business purposes only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What are resource access policies?

A

Policies determining how employees can access apps, files, and other resources within the organization.

56
Q

What are account policies?

A

Policies specifying requirements for account security, such as multi-factor authentication and complex passwords.

57
Q

What are data retention policies?

A

Policies that dictate how long data must be retained to comply with industry regulations.

58
Q

What are change control and asset management policies?

A

Policies ensuring changes to IT systems are implemented in a controlled, repeatable, and definable manner.

59
Q

Why is it important to manage third-party components and entities in cybersecurity?

A

They represent additional attack vectors that can introduce vulnerabilities into the system.

60
Q

What is the purpose of a security control in cybersecurity?

A

To mitigate a threat, such as using a malware scanner to prevent malware infections.

61
Q

How are security controls applied differently?

A

They vary depending on whether they are implemented at the network level, user station, or web application server.

62
Q

What are the categories of security controls?

A

Managerial/Administrative, Operational, Technical, Physical, Detective, Corrective, Deterrent, and Compensating.

63
Q

What are managerial or administrative controls?

A

Controls that dictate what should be done, like performing employee background checks on new hires.

64
Q

What are operational controls?

A

Controls dictating how often something should be done, such as periodic reviews of security policies.

65
Q

What are technical security controls?

A

Controls that solve the problem of risk, such as deploying firewall configurations and malware scanners.

66
Q

What are physical security controls?

A

Controls like access control vestibules or mantraps to prevent unauthorized physical access.

67
Q

What are detective security controls?

A

Controls that detect security incidents, like log files or closed-circuit television logs.

68
Q

What are corrective security controls?

A

Controls that correct a negative incident, like patching known vulnerabilities.

69
Q

What are deterrent security controls?

A

Controls like device logon banners that deter unauthorized access by warning users of legal consequences.

70
Q

What are compensating controls?

A

Alternative controls used when the desired control is too expensive, complicated, or takes too long to implement, such as network isolation for insecure IoT devices.

71
Q

What is Shodan.io and its relevance to security controls?

A

A website that allows searching for vulnerable devices on the internet, illustrating the lack of proper security controls.

72
Q

What is the Cloud Security Alliance (CSA) Cloud Controls Matrix (CM)?

A

A framework providing guidelines for applying security controls in cloud environments.

73
Q

What is PCI DSS and its relevance to security controls?

A

The Payment Card Industry Data Security Standard, which includes requirements for protecting cardholder information through specific security controls.

74
Q

What are some examples of security controls in PCI DSS?

A

Change management, removing test data, and ensuring no sensitive data artifacts remain.

75
Q

What is an example of a risk, attack vector, and security control related to online banking credentials?

A

Risk: Theft of banking credentials. Attack Vector: Phishing campaigns. Security Controls: User security awareness, antivirus software, spam filters.

76
Q

What is the first step in managing risk in an enterprise?

A

Conducting a risk assessment to prioritize threats against assets and determine actions to mitigate those threats.

77
Q

Can risk assessments be conducted for smaller units within an enterprise?

A

Yes, risk assessments can be done for specific projects, departments, systems, or company mergers/acquisitions.

78
Q

What are some targets of risk assessments?

A

Individual servers, legacy systems, theft of intellectual property, and software licensing compliance.

79
Q

Why is awareness of cybersecurity threats important for those conducting risk assessments?

A

It ensures that they can identify and evaluate potential risks and implement appropriate security controls.

80
Q

What is residual risk?

A

The remaining risk after security controls have been implemented.

81
Q

Why is continuous monitoring of security controls important?

A

Because a security control effective today may no longer be effective in the future, necessitating periodic reviews.

82
Q

What are some types of risks to consider in a risk assessment?

A

Environmental risks, person-made risks, internal risks, and external risks.

83
Q

What is risk treatment?

A

The process of deciding how to address or manage identified risks.

84
Q

What is risk mitigation or reduction?

A

Implementing security controls proactively to minimize the impact of potential threats.

85
Q

What is risk transference or sharing?

A

Transferring some risk to another party, such as through insurance.

86
Q

What is risk avoidance?

A

Choosing not to partake in an activity because the potential benefits do not outweigh the risks.

87
Q

What is risk acceptance?

A

Accepting the risk as it is, without implementing any additional security controls, because it falls within the organization’s risk appetite.

88
Q

How does risk acceptance differ from risk mitigation?

A

Risk acceptance involves taking on the risk without additional controls, while risk mitigation involves implementing controls to reduce the risk.

89
Q

: Give an example of risk avoidance.

A

Not partaking in swimming in a lake to avoid the risk of drowning.

90
Q

What is a practical example of risk mitigation?

A

Wearing a life jacket while swimming to reduce the risk of drowning.

91
Q

What should be considered when managing risk in an organization?

A

Conducting risk assessments, understanding different types of risks, and determining appropriate risk treatments.

92
Q

What is a qualitative risk assessment?

A

A risk assessment based on subjective opinions, considering factors like the likelihood of a threat occurring and the impact of that threat on an asset.

93
Q

What factors are considered in a qualitative risk assessment?

A

Likelihood of a threat occurring, impact of the threat, and severity level rating.

94
Q

Why might severity ratings differ in qualitative risk assessments?

A

Because they are subjective and can vary depending on who is conducting the assessment.

95
Q

What is a risk register?

A

A centralized list of risks with severity level ratings, responsible parties for incident response, and mitigating controls in place.

96
Q

What information is typically included in a risk register?

A

Risk number, date, title, likelihood (high/low/medium), impact (high/low/medium), risk owner, and mitigation measures.

97
Q

How are risks typically rated in a qualitative risk assessment?

A

Using qualitative numbers like high, low, and medium for likelihood and impact.

98
Q

What is a risk heat map?

A

A visual representation of risks from a risk register, using colors to imply the level of risk

99
Q

How are risks identified in a risk heat map?

A

By referencing the risk numbers from the risk register within colored blocks on the heat map.

100
Q

What does a red block on a risk heat map indicate?

A

A high level of risk or high impact.

101
Q

What is a risk matrix?

A

A centralized location for all risk details, similar to a risk heat map but without using colors.

102
Q

How do qualitative and quantitative risk assessments differ?

A

Qualitative assessments are subjective and based on severity levels, while quantitative assessments are based on hard numbers.

103
Q

Can a risk register contain dollar values?

A

Yes, but it is usually qualitative in nature.

104
Q

What might an incident response plan (IRP) number in a risk register refer to?

A

A specific plan in place to respond to a particular risk.

105
Q

Why is a risk heat map useful?

A

It provides a visually compelling way to understand the relative severity of different risks.

106
Q

What is the main advantage of using a qualitative risk assessment?

A

It helps manage risks based on subjective evaluations when quantitative data is not available or sufficient.

107
Q

Why is it important to consider security at all phases of the information lifecycle?

A

Because adding Band-Aid solutions at the end is more costly, takes more time, and is less effective than integrating security throughout the lifecycle.

108
Q

What is a crucial aspect to consider when collecting data under regulations like GDPR?

A

Obtaining clear and explicit consent from European Union citizens for collecting and using their data.

109
Q

What are the phases of the information lifecycle?

A

Collection, storage, processing, sharing, archival, and deletion of data.

110
Q

What is personally identifiable information (PII)?

A

Information that can uniquely identify an individual, such as social security numbers, email addresses, credit card numbers, and home addresses.

111
Q

What is protected health information (PHI)?

A

Medical information that can be tracked back to a person, including health insurance numbers, blood type, and patient medical conditions.

112
Q

What is anonymization in data privacy?

A

The process of removing or replacing sensitive information that can tie data back to an individual while retaining the rest for analysis.

113
Q

How does GDPR treat anonymized data collection and use?

A

GDPR allows anonymized data collection and use without user consent.

114
Q

What is pseudo-anonymization?

A

Replacing unique identifiers in data with other identifiers or removing them to anonymize the data while keeping other non-identifiable information.

115
Q

What is data minimization?

A

Limiting the amount of data stored or retained to only what is necessary and legally allowed.

116
Q

What is tokenization in data privacy?

A

Using a unique token to represent sensitive information, such as credit card numbers, to ensure the actual data is not transmitted or exposed.

117
Q

What is data masking?

A

Anonymization technique where sensitive information is hidden, like masking credit card numbers or passwords.

118
Q

What is data sovereignty?

A

The concept of where data is physically stored, as different laws and regulations may apply based on its location.

119
Q

Why is it important to know where data is stored in the cloud?

A

Because data replication to other countries might subject the data to different laws and regulations.

120
Q

What is geo-replication in cloud storage?

A

The process of storing data in multiple locations, often in different geographical regions, to ensure redundancy and compliance with data sovereignty requirements.

121
Q

What does the GDPR require regarding data deletion for EU citizens?

A

EU citizens have the right to access, correct, and request the removal of their data.

122
Q

Why must security be considered throughout the entire information lifecycle?

A

To ensure data privacy and compliance with regulations from the point of collection to its archival and deletion.

123
Q

What is the primary purpose of network scanners?

A

To identify devices on a network and the services they are running, helping to detect rogue devices or unnecessary services.

124
Q

Why are network scanners considered “loud” on a network?

A

Because they generate significant network traffic by scanning and probing each machine incrementally, which can trigger alarms on intrusion detection systems.

125
Q

What kind of information can network scanners return?

A

IP addresses, MAC addresses, operating system types, and lists of open ports.

126
Q

What is OS fingerprinting in the context of network scanning?

A

It is the process of identifying the operating system of a device based on network traffic patterns and responses to probes.

127
Q

How can a completely locked-down host with a firewall affect network scanning results?

A

Most scanning tools won’t be able to detect that the host is up and running if it doesn’t allow any incoming connections.

128
Q

What is a baseline in network scanning?

A

: A baseline is an initial scan of the network when everything is known to be in its correct state, used for comparison with future scans to identify changes.

129
Q

Why is it important to conduct periodic network scans?

A

To continuously monitor and manage risk by detecting unauthorized devices or changes in network configuration.

130
Q

What is Nmap?

A

Nmap (Network Mapper) is a free and open-source network scanning utility used to discover hosts and services on a network.

131
Q

What is Zenmap?

A

Zenmap is the graphical user interface (GUI) for Nmap, providing a front-end interface to the Nmap command-line tool.

132
Q

: How can Nmap be used to scan a network?

A

By using the Nmap command-line tool or Zenmap GUI to specify a target host or subnet and retrieve information about discovered hosts and open ports.

133
Q

What kind of output does Zenmap provide?

A

Zenmap provides a list of discovered hosts, their operating systems, and any open ports in a graphical interface.

134
Q

How can network scanning help in identifying unauthorized devices?

A

By comparing current scan results to the baseline to identify new devices or changes, such as the presence of unexpected Linux hosts on a Windows-dominated network.

135
Q
A