flash cards messer

Question 1

PCI DSS

Answer 1

Payment Card Industry Data Security Standard

Question 2

NIST CSF

Answer 2

National institute of standard Technology Cyber Security Framework

Question 3

ISO 22301

Answer 3

Security & Resilience business continuity management

It provides a practical framework for setting up and managing an effective business continuity management system

Question 4

ISO 27701

Answer 4

Information security rules and requirements (compliance/regulation)

privacy information management

Question 5

ISO 31000

Answer 5

Risk management best practices

suggestions for management risk response within a organization

Question 6

ISO 27001

Answer 6

information security management systems

rules and requirements used by many governing bodies to create compliance/regulations

Question 7

ISO 27002

Answer 7

is an international standard that provides guidance for organizations looking to establish, implement, and improve an Information Security Management System (ISMS) focused on cybersecurity.

Question 8

compensation

Answer 8

Think of compensation as a safety net - in this case, it’s like having insurance to cover the risk of using outdated encryption on a critical server that can’t be upgraded.

Question 9

shadow IT

Answer 9

employees set up their own tech systems (shadow IT) without permission, like sneaking in a new service without IT approval.

Question 10

dark web

Answer 10

Imagine a secret underground market

Question 11

ISAC

Answer 11

To stay proactive in understanding threats, a security manager should review industry information-sharing and collaboration groups like ISACs, which provide specific threat information for their sector, akin to a neighborhood watch program for businesses.

Question 12

TAXII

Answer 12

is a protocol for transferring Cyber Threat Intelligence from a server to client(C) STIX - Structured method of describing cyber security threats in a consistent matter. While it helps logically organize information it isn’t a source of sharing information.

Question 13

Vulnerability feeds

Answer 13

only show software/hardware vulnerabilities. Nothing about their human targets.

Question 14

STIX -

Answer 14

Structured method of describing cyber security threats in a consistent matter. While it helps logically organize information it isn’t a source of sharing information.

Question 15

persistent threat

Answer 15

Think of an advanced persistent threat like a sophisticated spy who is highly skilled, patient, and persistent in infiltrating a system over a long period without being detected.

Question 16

CVSS

Answer 16

a severity score for vulnerabilities, like a grade for how serious a security issue is, while SIEM is like a security guard monitoring logs in real-time.

Question 17

Autopsy

Answer 17

is a tool for performing data forensics.

Question 18

Nmap

Answer 18

short for network mapper, is capable of port scanning the network and determining what services are running on any hosts that are detected.

Question 19

watering -hole attack

Answer 19

imagine the fantasy football website as a watering hole in the wild where predators wait to attack unsuspecting animals; in this scenario, the highest concern is a watering-hole attack.

Question 20

Smishing

spim

vishing

spear

Answer 20

Smishing is text/instant message (SMS) phishing.

• SPIM is text/instant message spam.
• Vishing is VOIP (voice) phishing. It requires someone to call you.
• Spear phishing is a phishing attack that targets a specific individual or group.

Question 21

RAT Remote access trojans

Answer 21

are malware designed to allow an attacker to remotely control an infected computer.