Cybersecurity: Module 1 Flashcards
What is the process of Compliance?
the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.
What are Security Frameworks?
guidelines used for building plans to help mitigate risks and threats to data and privacy.
What are Security Controls?
safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.
What is Security Posture? What does a strong Security posture do?
an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization
What is a Threat Actor?
malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.
What is an Internal Threat?
can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.
Network Security is the practice of… What does it include?
the practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.
What is the Cloud?
The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet.
What are Transferable Skills
skills from other areas of study or practice that can apply to different careers
What are Technical Skills
may apply to several professions, however, they typically require knowledge of specific tools, procedures, and policies.
What type of skill is communication? and what does it allow?
A transferable skill that will allow you to communicate and collaborate with others.
What type of skill is Problem-solving? and what does it allow you to do?
transferable skill that will allow you to identify and solve problems. This skill will allow you to recognize attack patterns & then determine the most efficient solution to minimize risk.
Dont be afraid to _ & _…
Take risks and try new things! Please understand that it is rare to find a perfect solution to a problem and you will likely need to compromise.
What type of skill is Time Management? and what does it allow you to do?
A transferable skill that involves having a heightened sense of urgency and prioritizing tasks appropriately. Effective time-management will help you minimize potential damage and risk critical assests and data.
What type of skill is a Growth Mindset? What does it mean if you have this?
A transferable skill that means you have a willingness to learn. You will need to continue to learn throughout your career.
What type of skill is a Diverse Perspective? How will this benefit you?
A transferable skill that involves having respect and an inclusive mindset with mutual respect. You will find better solutions to security problems with others.
What type of skill is Programming languages? And what does it involve?
A technical skill that involves knowing how to search data to identify potential threats or organize and analyze information to identify patterns.
What type of skill is Security Information and Event Management (SIEM) tools and what do they do/how do they help?
A technical skill. SIEM tools collect and analyze log data or records of events of unusual data. These tools help professionals identify and analyze potential security threats, risks and vulnerabilities.
What are (IDS)? What type of skill are they and why are they important? Give an example (4 part Question)…
Intrusion Detection Systems. A technical skill. Analysts use IDS to monitor system activity and alerts for possible intrusions. IDS are a key tool that every organization uses to protect assets and data. Ex: I use IDS to monitor networks for malicious activity like unauthorized access to a network.
What type of skill is Threat Landscape Knowledge? What does it involves and what does it allow?
A technical skill. It involves being aware of current trends related to threat actors, malware, or threat methodologies. It will allow you to build stronger defense against threat actor tactics and techniques.
What is an Incident Response process? Give an example. What type of skill is this?
An incident response process is following established policies and procedures to respond to incidents appropriately. Ex: I receive an alert about a possible malware attack so I follow the organization’s outlined procedures to start the incident response. It is a technical skill.
What is Cybersecurity?
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
What is Cloud Security? What does it focus on?
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users. It focuses on the protection of data, applications, and infrastructure in the cloud.
Personally identifiable information (PII)
Any information used to infer an individual’s identity (name, address, DOB…)
Sensitive personally identifiable information (SPII)
A specific type of PII that falls under stricter handling guidelines (SSN, Bank acc numbers, medical information…)
What occurs during a security audit?
