Foundations of Cybersecurity Flashcards
Module Three
What are security frameworks?
Guidelines used for building plans to help mitigate risks and threats to data and privacy.
What are security controls?
Safeguards designed to reduce specific security risks.
What does the confidentiality, integrity, and availability (CIA) triad help inform?
How organizations consider risk when setting up systems and security policies.
What is the NIST Cybersecurity Framework (CSF)?
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
What is compliance in cybersecurity?
The process of adhering to internal standards and external regulations
Name two examples of compliance standards.
General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA).
What is the primary purpose of the General Data Protection Regulation (GDPR)?
To protect the processing of E.U. residents’ data and their right to privacy.
What does the Health Insurance Portability and Accountability Act (HIPAA) protect?
Patients’ health information, also known as protected health information (PHI).
What is the role of the Federal Risk and Authorization Management Program (FedRAMP)?
To standardize security assessment, authorization, monitoring, and handling of cloud services and product offerings.
What are the primary purposes of security frameworks?
Securing financial information, aligning security with business goals, identifying security weaknesses.
What are the core components of security frameworks?
Identifying and documenting security goals, monitoring and communicating results.
What is an example of a security control?
Implementing strict password policies on workstations to reduce the risk of password theft.
What are assets in the context of cybersecurity?
Items perceived as having value to an organization.
Why are disgruntled employees considered dangerous threat actors?
They often know where to find sensitive information, can access it, and may have malicious intent.
What is privacy protection?
Safeguarding personal information from unauthorized use
What ethical principle involves adhering to compliance regulations?
Laws.
What is the primary goal of the Payment Card Industry Data Security Standard (PCI DSS)?
To ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment.
What is the function of security governance?
Practices that help support, define, and direct security efforts of an organization.
What is security architecture?
A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats.
What is a hacktivist?
A person who uses hacking to achieve a political goal.
What does integrity in the CIA triad mean?
The idea that the data is correct, authentic, and reliable
What does availability in the CIA triad mean?
The idea that data is accessible to those who are authorized to access it.
What is the ethical obligation of security professionals regarding private information?
To secure private information, identify security vulnerabilities, manage organizational risks, and align security with business goals.
What is protected health information (PHI)?
Information that relates to the past, present, or future physical or mental health or condition of an individual.
What should a security professional do if asked to share employee information through personal communication channels against company policies?
Respectfully decline and remind the requester of the organization’s guidelines.
