Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IIBA - CCA > Cybersecurity Risks and Controls > Flashcards

Cybersecurity Risks and Controls Flashcards

1
Q

What are Security Controls?

A

Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Control Framework?

A

A set of controls that protects data within the IT infrastructure of a business or other entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key components of a control framework?

A
  • Objective setting
  • Event identification and response plans
  • Compliance with government and industry requirements
  • Monitoring processes
  • Control activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which controls categories are there?

A
  • Compensating controls
  • Corrective controls
  • Detective controls
  • Deterrent controls
  • Directive controls
  • Preventive controls
  • Recovery controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which control types are there?

A
  • Administrative controls (or Management controls)
  • Physical controls (or Operational controls)
  • Technical controls (or Logical controls)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is confidentiality?

A

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which control methods can be used to protect confidentiality?

A
  • Access restriction
  • Information categorization
  • Data classification
  • Awareness training
  • Password best practices
  • Data encryption
  • Multi-factor authentication
  • Biometric verification
  • Security tokens
  • Principle of Least Privilege
  • Identification, authentication, authorization through access controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Integrity?

A

Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the possible consequences of integrity loss?

A
  • Unintentional changes
  • Unauthorized changes
  • Accidental changes
  • Inconsistent behavior
  • Inaccurate information
  • Data corruption
  • Data destruction
  • Untrustworthy information
  • Poor business decisions
  • Processing errors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What control methods can be used to protect integrity?

A
  • Data encryption
  • Hashing algorithms
  • Segregation of duties
  • Approval checkpoints
  • Testing
  • Change management and version control
  • File permissions
  • Access controls
  • Detection
  • Response and recovery
  • Backups and redundancy
  • Secure storage
  • Log collection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the definition of availability?

A

Ensuring timely and reliable access to and use of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the possible consequences of information availability loss?

A
  • Data loss
  • Unreachable data
  • Service interruption or loss
  • Communication bottlenecks
  • Connection interruptions
  • Network intrusions
  • Loss of productivity
  • Loss of revenue
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What control methods can be used to protect availability?

A
  • Hardware maintenance and repair
  • System upgrades
  • Provide adequate communication bandwidth
  • Redundancy and failover
  • High availability
  • Disaster recovery
  • Business continuity
  • Incident management
  • Data backup
  • Security equipment
  • Anti-malicious code detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a cyber threat?

A

A potential cause of incident that results in harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s a vulnerability?

A

Weakness of an asset that can be exploited by a threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What’s a penetration testing?

A

An authorized, simulated attack, to gain assurance in the security of an IT system by attempting to breach some or all of its security, using the same tools and techniques that an adversary might.

17
Q

What are some technology controls for endpoint security?

A
  • Identity and Access Management (IAM) tools
  • Full Disc Encryption (FDE)
  • File Level Encryption (FLE)
  • Self-Encryption Device (SED)
  • Anti-Malware Protection (AMP)
18
Q

What are some process controls for endpoint security?

A
  • Device Handling and management policies
  • IAM governance
19
Q

What are some technology controls for security architecture?

A
  • Network segregation
  • Penetration testing
  • Defence in depth
20
Q

What are some process controls for security architecture?

A
  • Principle of least privilege
  • Design and architecture reviews
  • System and security audits
21
Q

What are some technology controls for firewalls?

A
  • Firewall analyzer
  • Network segmentation
  • Anti-virus
  • Data backup and disaster recovery
22
Q

What are some process controls for firewalls?

A
  • Policy
  • Formalized change control process for firewall rule management
  • Principle of least privilege
  • Defence in depth
23
Q

What are some technology controls for anti-virus and anti-malware?

A
  • Defence in depth
  • Workstation and network-based AV/AM software
  • Security Information and Event Management (SIEM) software
  • Intrusion detection and prevention software
24
Q

What are some process controls for anti-virus and anti-malware?

A
  • Hunt teams
  • Security operations center
  • Information security policies
  • Security awareness training
  • Principle of least privilege
25
Q

What are some technology controls for segregation security?

A
  • Disabling of non-essential services on servers and workstations
  • Firewalls and security appliances
  • Separation of management and operational networks
  • Network traffic whitelisting
  • Physical network isolation
26
Q

What are some process controls for segregation security?

A
  • Principle of least privilege
  • Need to know
27
Q

What are some technology controls for server security?

A
  • SSH keys
  • Firewalls
  • VPN and private networks
  • Public key Encryption and SSL/TLS encryption
  • Service and file auditing
  • Isolated execution environment
28
Q

What are some process controls for server security?

A
  • Policies and procedures related to employee behaviors
  • Audits and spot checks
  • Principle of least privilege
  • Segregation of duties
  • Physical access controls
  • Proactive patching and lifecycle management
29
Q

What are some technology controls for platform security?

A
  • Anti-virus/anti-malware
  • Identity and access management
  • Network segregation
  • Privileged account management
  • Firewalls
  • Virtual private networks (VPN)
  • Intrusion detection and prevention systems (IDS/IPS)
30
Q

What are some process controls for platform security?

A
  • Internal and external audit
  • Architecture standards and policies
  • System hardening policy
  • Patch management process and policy
31
Q

What is the definition of threat modelling?

A

Procedure for optimizing network/application/internet security by identifying objectives and vulnerabilities and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.

32
Q

What are the threat model steps?

A
  • Determine assessment scope
  • Identify threat agents
  • Understand existing countermeasures
  • Identify vulnerabilities
  • Prioritize risks
  • Identify countermeasures to reduce risks
33
Q

What are some technology controls for threat model security?

A
  • Security operating center (SOC)/Security information and event management (SIEM)
  • Intrusion detection and prevention systems
  • Next generation firewalls
  • Audit logging
34
Q

What are some process controls for threat model security?

A
  • Internal and external audits
  • Architecture standards and policies
  • System hardening policy
  • Patch management process and policy
35
Q

What are some technology controls for embedded systems security?

A
  • Anti-virus and anti-malware software
  • Firewall
  • Intrusion detection and prevention software
  • Virtual private network (VPN)
  • Key authentication
  • Hardware security modules (HSM)
  • Network segregation
36
Q

What are some process controls for embedded systems security?

A
  • Software development lifecycle
  • Security by design
37
Q

What are some technology controls for IoT security?

A
  • Anti-virus and anti-malware software
  • Firewall
  • Intrusion detection and prevention software
  • Virtual private network (VPN)
  • Key authentication
  • Network segregation
38
Q

What are some process controls for IoT security?

A
  • Software development lifecycle
  • Security by design
  • Security awareness training

IIBA - CCA (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions