Foundations of Cybersecurity

Question 1

What are security frameworks?

Answer 1

Guidelines used for building plans to help mitigate risks and threats to data and privacy.

Question 2

What are security controls?

Answer 2

Safeguards designed to reduce specific security risks.

Question 3

What does the confidentiality, integrity, and availability (CIA) triad help inform?

Answer 3

How organizations consider risk when setting up systems and security policies.

Question 4

What is the NIST Cybersecurity Framework (CSF)?

Answer 4

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Question 5

What is compliance in cybersecurity?

Answer 5

The process of adhering to internal standards and external regulations

Question 6

Name two examples of compliance standards.

Answer 6

General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA).

Question 7

What is the primary purpose of the General Data Protection Regulation (GDPR)?

Answer 7

To protect the processing of E.U. residents’ data and their right to privacy.

Question 8

What does the Health Insurance Portability and Accountability Act (HIPAA) protect?

Answer 8

Patients’ health information, also known as protected health information (PHI).

Question 9

What is the role of the Federal Risk and Authorization Management Program (FedRAMP)?

Answer 9

To standardize security assessment, authorization, monitoring, and handling of cloud services and product offerings.

Question 10

What are the primary purposes of security frameworks?

Answer 10

Securing financial information, aligning security with business goals, identifying security weaknesses.

Question 11

What are the core components of security frameworks?

Answer 11

Identifying and documenting security goals, monitoring and communicating results.

Question 12

What is an example of a security control?

Answer 12

Implementing strict password policies on workstations to reduce the risk of password theft.

Question 13

What are assets in the context of cybersecurity?

Answer 13

Items perceived as having value to an organization.

Question 14

Why are disgruntled employees considered dangerous threat actors?

Answer 14

They often know where to find sensitive information, can access it, and may have malicious intent.

Question 15

What is privacy protection?

Answer 15

Safeguarding personal information from unauthorized use

Question 16

What ethical principle involves adhering to compliance regulations?

Answer 16

Laws.

Question 17

What is the primary goal of the Payment Card Industry Data Security Standard (PCI DSS)?

Answer 17

To ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment.

Question 18

What is the function of security governance?

Answer 18

Practices that help support, define, and direct security efforts of an organization.

Question 19

What is security architecture?

Answer 19

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats.

Question 20

What is a hacktivist?

Answer 20

A person who uses hacking to achieve a political goal.

Question 21

What does integrity in the CIA triad mean?

Answer 21

The idea that the data is correct, authentic, and reliable

Question 22

What does availability in the CIA triad mean?

Answer 22

The idea that data is accessible to those who are authorized to access it.

Question 23

What is the ethical obligation of security professionals regarding private information?

Answer 23

To secure private information, identify security vulnerabilities, manage organizational risks, and align security with business goals.

Question 24

What is protected health information (PHI)?

Answer 24

Information that relates to the past, present, or future physical or mental health or condition of an individual.

Question 25

What should a security professional do if asked to share employee information through personal communication channels against company policies?

Answer 25

Respectfully decline and remind the requester of the organization’s guidelines.