Cybersecurity and Governance Flashcards

1
Q

The objective of security:

A

to provide confidentiality, integrity, availability, authenticity, and nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality

A

Keeping unauthorized access entities (be they people or processes) from gaining access to information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Integrity

A

An asset is free from unauthorized alterations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Availability

A

Protection ensures reliability and timely access to data and resources to authorized individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authenticity

A

Protections ensure we can trust that something comes from its claimed source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Nonrepudiation

A

Which is closely related to authenticity, means that someone cannot disallow being the source of given action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerability

A

This is a weakness in a system that allows a threat source to compromise its security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Threat

A

This is any potential danger that is associated with the exploitation of a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Threat Source

A

(Threat agent or threat actor) is any entity that can exploit a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Risk

A

A Risk is the likelihood of a threat source exploiting a vulnerability and the corresponding business impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Control or Countermeasure

A

A Control or Countermeasure is put into place to mitigate (reduce) the potential risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Information Security Management System (ISMS)

A

ISMS is a collection of policies, procedures, baselines, and standards that an organization puts in place to make sure that its security efforts are aligned with business needs, streamlined and effective and that no security controls are missing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Enterprise Security Architecture

A

Enterprise Security Architecture implements an information security strategy and consists of layers of solutions, processes, and procedures and the way they are linked across an enterprise strategically, tactically, and operationally. Enterprise Security Architecture should tie in strategic alignment, business enablement, process enhancement, and security effectiveness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security Governance

A

Security governance is a framework that provides oversight, accountability, and compliance.

Security Governance is a framework that supports the security goals of an organization being set and expressed by senior management, communicated throughout the different levels of the organization, and consistently applied and assessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Senior management

A

Senior management always carries the ultimate responsibility for the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security Policy

A

A security policy is a statement by management dictating the role security plays in the organization.

17
Q

Standards and Documents

A

Standards and Documents that describe specific requirements that are compulsory in nature and support the organization’s security policies.

18
Q

Baseline

A

A Baseline is minimum level of security.

19
Q

Guidelines

A

Guidelines are recommendations and general approaches that provide advice and flexibility.

20
Q

Procedures

A

Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal.

21
Q

Job Rotation

A

Job Rotation and mandatory vacations are administrative security controls that can help detect fraud.

22
Q

Separation of Duties

A

Separation of Duties ensures no single person has total control over a critical activity or task.

23
Q

Split knowledge and Dual Control

A

Split knowledge and Dual Control are two variations of separation of duties.

24
Q

Social Engineering

A

Social Engineering is an attack carried out to manipulate a person into providing sensitive data to an unauthorized individual.

25
Q

Security Awareness

A

Security Awareness training should be comprehensive, tailored for specific groups, and organization wide.

26
Q

Gamification

A

Gamification is the application of elements of game play to other activities such as security awareness training.

27
Q

Security Champions

A

Security Champions, which are members of an organization that though their job description does not include security, inform, and encourage the adoption of security practices within their own teams.

28
Q

Professional Ethics

A

Professional Ethics codify the right way for a group of people to behave.