Getting Started Flashcards

1
Q

What is the definition of a breach?

A

Any incident that results in unauthorized access to data, application, services, network or devices, by bypassing the underlying security mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the definition of hacking?

A

An unauthorized user gets access to an information system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the definition of phishing?

A

The fraudulent act of acquiring private and sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the definition of identity theft?

A

Unauthorized collection of personal information and its subsequent use for criminal reasons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the definition of ransomware?

A

Using malware to lock up a set of computer files and asking for payment to unlock the files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the role of business analyst in cybersecurity?

A
  • Defining security requirements
  • Ensure data integrity throughout life cycle
  • Identify interface and integration components that align to the security framework
  • Define functional and non-functional requirements that enable security requirements
  • Maintaining security controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some of the common activities of business analysis in operations?

A
  • Access and authorization review
  • Process improvements
  • Vulnerability scans and patches
  • Technology upgrades and replacement
  • Audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are cybersecurity frameworks and models?

A

Industry standards that provide a structure and set of recommendations or best practices for organizations to follow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Give some examples of cybersecurity frameworks:

A
  • NIST
  • ISO/IEC 27001
  • COBIT
  • “Orange book”
  • ISF standard of good practice
  • ITIL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is ISMS (Information Security Management System)?

A

A set of policies, procedures, technical and physical controls to protect the confidentiality, availability, and integrity of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

List the available data privacy process controls.

A
  • Contractual agreement
  • Data Subject Rights processes
  • Incident Response planning and breach notification processes
  • Physical isolation of personal information processing
  • Training and policy
  • Register of processing activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the best practices for data minimization?

A
  • Eliminate unused/unneeded data
  • Know why you need data
  • Leverage access control to regulate use
  • Remove obsolete data
  • Disassociate or remove identifying information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a cyber risk?

A

Exposing your computer systems and network to danger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Risk management?

A

Identification, evaluation, and prioritization of risks, plus the definition of responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Risk appetite?

A

Amount of risk business is willing to accept

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Risk capacity?

A

Amount of risk the business requires

17
Q

What is Risk Management Framework (RMF)?

A

Security and risk management processes into development lifecycle

18
Q

How to build a Disaster Recovery and Business Continuity plan?

A

1) Define the recovery process and procedures
2) Define Recovery Point Objectives (RPO)
3) Define Recovery Time Objectives (RTO)
4) Coordinate regularly scheduled DR simulations

19
Q

What is a RACI matrix?

A

A matrix for identifying who’s Responsible, Accountable, Consulted and Informed for each item.