Domain 1 Flashcards
What is Information Security?
The protection of information and information systems from unauthorized access, disclosure, alteration, and destruction.
What does the CIA Triad stand for?
Confidentiality, Integrity, Availability.
What is Confidentiality?
Ensuring that information is accessible only to authorized individuals.
What is Integrity?
Protecting information from unauthorized modification or destruction.
What is Availability?
Ensuring authorized users have timely and reliable access to information and systems.
What is an Asset?
Anything of value to an organization that needs to be protected.
What is a Threat?
A potential cause of an unwanted incident, which may result in harm to a system or organization.
What is a Vulnerability?
A weakness that can be exploited by a threat.
What is Risk?
The potential for loss or harm when a threat exploits a vulnerability.
What is a Control?
A safeguard or countermeasure to manage or reduce risk.
What is a Security Policy?
A formal statement defining how an organization manages and protects its information assets.
What is Authentication?
The process of verifying the identity of a user or system.
What is Authorization?
The process of granting or denying access to resources.
What is Identification?
Claiming an identity, such as entering a username.
What is Accountability?
The ability to trace actions back to responsible individuals.
What is Non-repudiation?
Ensuring that a party in a communication cannot deny the authenticity of their signature or message.
What is an Administrative Control?
Policies, procedures, and regulations that govern an organization’s operations and behavior.
What is a Technical Control?
Security mechanisms implemented through technology, such as firewalls and encryption.
What is a Physical Control?
Security measures that prevent physical access to systems and facilities, like locks and guards.
What is Due Care?
Taking reasonable actions to protect assets against threats.
What is Due Diligence?
The continuous management process of identifying and reducing security risks.
What is Separation of Duties?
Dividing tasks among multiple individuals to prevent fraud or error.
What is Least Privilege?
Providing users with the minimum access necessary to perform their job functions.
What is Need-to-Know?
Granting access to information only if it is necessary for job duties.
What is a Threat Actor?
An individual or group that performs malicious activities against systems or organizations.
What is an Insider Threat?
A security threat that originates from within the organization, often by a trusted individual.
What is a Security Awareness Program?
A training program that educates employees about cybersecurity risks and best practices.
What is an Acceptable Use Policy (AUP)?
A document outlining the proper use of an organization’s information systems and resources.
What is Malware?
Malicious software designed to cause harm to computers or networks.
What is a Security Incident?
An event that violates an organization’s security policies or threatens its assets.
What is Defense in Depth?
A strategy that employs multiple layers of security to protect assets.
What is Qualitative Risk Assessment?
A subjective approach to risk assessment based on opinion and non-numerical ratings.
What is Quantitative Risk Assessment?
A numerical approach to risk assessment using measurable data such as cost and frequency.
What is a Security Framework?
A structured set of guidelines for managing cybersecurity risk.
Name three Security Frameworks.
NIST CSF, ISO/IEC 27001, COBIT.
What is Threat Modeling?
The process of identifying potential threats to a system to prioritize defensive measures.
What is Business Impact Analysis (BIA)?
A process that identifies critical functions and assesses the impact of disruptions.
What is Risk Management?
The process of identifying, assessing, and controlling threats to an organization’s assets.
What is Security Baselining?
The practice of setting a minimum level of security to be maintained.
What is System Hardening?
The process of securing a system by reducing its vulnerabilities.
What is Patch Management?
The process of distributing and applying updates to software to fix vulnerabilities.
What is Configuration Management?
The process of maintaining the integrity of products and systems through consistency and control.
What is an Exploit?
A method by which a vulnerability is used to cause harm.
What is an Exposure Factor (EF)?
The percentage of asset loss expected from a specific threat event.
What is Single Loss Expectancy (SLE)?
The monetary loss expected from a single occurrence of a threat exploiting a vulnerability.
What is Annualized Loss Expectancy (ALE)?
The expected monetary loss for an asset due to a threat over the course of a year.
What is Risk Appetite?
The amount and type of risk an organization is willing to pursue or retain.
What is Information Security Governance?
The system by which cybersecurity activities are directed and controlled to align with business objectives.
What are preventive controls?
Controls that attempt to stop incidents before they occur.
What are detective controls?
Controls that identify incidents as they occur.
What are corrective controls?
Controls that restore systems after an incident.
How does the principle of least privilege help prevent data breaches?
It minimizes the impact of compromised accounts by restricting access rights.
How can security frameworks assist organizations?
They provide structured approaches for managing cybersecurity risks effectively.
Explain how patch management impacts system security.
Timely updates close vulnerabilities before attackers can exploit them.
Describe how non-repudiation is achieved technically.
Using digital signatures and audit logs to verify actions.
Explain why security policies must be enforced.
Without enforcement, policies have no effect and users may behave insecurely.
How is need-to-know enforced in access control systems?
By limiting data access permissions to only those needed for specific roles.
How do insider threats differ from external threats?
Insider threats come from trusted individuals within the organization, often harder to detect.
Give an example of a corrective control.
Restoring a backup after a ransomware attack.
Give an example of a preventive control.
Implementing strong authentication to prevent unauthorized access.
Give an example of a detective control.
Installing an intrusion detection system (IDS).
What are common consequences of failing due diligence in cybersecurity?
Increased liability, regulatory fines, reputational damage.
What is the relationship between business objectives and security objectives?
Security supports and enables business goals by protecting assets and operations.
How does a Business Impact Analysis (BIA) support risk management?
It identifies critical processes and the impact of disruptions, helping prioritize protections.
Why is asset classification important in cybersecurity?
It ensures security efforts match the value and sensitivity of different assets.
How can system hardening prevent malware infections?
By closing unnecessary ports, disabling services, and applying patches, reducing attack surfaces.
Why must security baselines be periodically reviewed?
To adjust to evolving threats, technology changes, and business needs.
Explain the difference between threat, vulnerability, and risk.
Threat is a potential danger, vulnerability is a weakness, and risk is the likelihood of the threat exploiting the vulnerability.
Why is defense in depth more effective than a single security measure?
Multiple layers of defense increase resilience against different attack vectors.
Describe the process of qualitative risk assessment.
Risks are assessed using subjective criteria such as likelihood and impact ratings.
Describe the process of quantitative risk assessment.
Risks are assessed using numerical metrics like annualized loss expectancy (ALE).
Give an example of separation of duties in IT.
One person manages user accounts, while another approves access permissions.
How does a security awareness program reduce risk?
It educates employees, making them less likely to fall victim to threats like phishing.
How can configuration management help with incident response?
Knowing baseline configurations speeds up identifying unauthorized changes during incidents.
How does threat modeling contribute to secure system design?
It identifies weaknesses early so defenses can be built in from the start.
Explain the concept of layered security in protecting a web application.
Using multiple controls like input validation, firewalls, and authentication to secure the application.
Describe the concept of risk appetite.
The level of risk an organization is willing to accept in pursuit of its goals.
What is an annualized loss expectancy (ALE) in quantitative risk assessment?
Expected monetary loss for an asset due to a specific threat over one year.
What is a single loss expectancy (SLE)?
The monetary loss expected from a single occurrence of a threat exploiting a vulnerability.
What is an exposure factor (EF)?
The percentage of asset loss expected if a specific threat occurs.
