Cysa

Question 1

Focus of Privacy Controls

Answer 1

Privacy controls have a different focus. Instead of focusing on ways that an organization can protect its own information, privacy focuses on the ways that an organization can use and share information that it has collected about individuals. This data, known as personally identifiable information (PII), is often protected by regulatory standards and is always governed by ethical considerations.

Question 2

Generally Accepted Privacy Principles (GAPP)

Answer 2

Management says that the organization should document its privacy practices in a privacy policy and related documents.
Notice says that the organization should notify individuals about its privacy practices and inform individuals of the type of information that it collects and how that information is used.
Choice and consent says that the organization should obtain the direct consent of individuals for the storage, use, and sharing of PII.
Collection says that the organization should collect PII only for the purposes identified in the notice and consented to by the individual.
Use, retention, and disposal says that the organization should only use information for identified purposes and may not use information collected for one stated purpose for any other nondisclosed purpose.
Access says that the organization should provide individuals with access to any information about that individual in the organization’s records, at the individual’s request.
Disclosure says that the organization will disclose information to third parties only when consistent with notice and consent.
Security says that PII will be protected against unauthorized access.
Quality says that the organization will maintain accurate and complete information.
Monitoring and enforcement says that the organization will put business processes in place to ensure that it remains compliant with its privacy policy.

Question 3

Risk

Answer 3

is the combination of a threat and a corresponding vulnerability. Both of these factors must be present before a situation poses a risk to the security of an organization

Question 4

Vulnerabiilty

Answer 4

A vulnerability is a weakness in a device, system, application, or process that might allow an attack to take place.

Question 5

Threat

Answer 5

the world of cybersecurity is an outside force that may exploit a vulnerability.

Question 6

Risk

Answer 6

Risk = Threat x Vulnerability

Question 7

Adversarial threats

Answer 7

are individuals, groups, and organizations that are attempting to deliberately undermine the security of an organization. Adversaries may include trusted insiders, competitors, suppliers, customers, business partners, or even nation-states

Question 8

Accidental Threats

Answer 8

occur when individuals doing their routine work mistakenly perform an action that undermines security. For example, a system administrator might accidentally delete a critical disk volume, causing a loss of availability.

Question 9

Structural threats

Answer 9

occur when equipment, software, or environmental controls fail due to the exhaustion of resources (such as running out of gas), exceeding their operational capability

Question 10

Enviormental Threats

Answer 10

occur when natural or human-made disasters occur that are outside the control of the organization. These might include fires, flooding, severe storms, power failures, or widespread telecommunications disruptions

Question 11

Agent based Network acess control

Answer 11

Agent-based solutions, such as 802.1X, require that the device requesting access to the network run special software designed to communicate with the NAC service

Question 12

Agentles Nac

Answer 12

Agentless approaches to NAC conduct authentication in the web browser and do not require special software