Getting Started Flashcards
What is the definition of a breach?
Any incident that results in unauthorized access to data, application, services, network or devices, by bypassing the underlying security mechanisms.
What is the definition of hacking?
An unauthorized user gets access to an information system.
What is the definition of phishing?
The fraudulent act of acquiring private and sensitive information.
What is the definition of identity theft?
Unauthorized collection of personal information and its subsequent use for criminal reasons.
What is the definition of ransomware?
Using malware to lock up a set of computer files and asking for payment to unlock the files.
What is the role of business analyst in cybersecurity?
- Defining security requirements
- Ensure data integrity throughout life cycle
- Identify interface and integration components that align to the security framework
- Define functional and non-functional requirements that enable security requirements
- Maintaining security controls
What are some of the common activities of business analysis in operations?
- Access and authorization review
- Process improvements
- Vulnerability scans and patches
- Technology upgrades and replacement
- Audits
What are cybersecurity frameworks and models?
Industry standards that provide a structure and set of recommendations or best practices for organizations to follow.
Give some examples of cybersecurity frameworks:
- NIST
- ISO/IEC 27001
- COBIT
- “Orange book”
- ISF standard of good practice
- ITIL
What is ISMS (Information Security Management System)?
A set of policies, procedures, technical and physical controls to protect the confidentiality, availability, and integrity of information.
List the available data privacy process controls.
- Contractual agreement
- Data Subject Rights processes
- Incident Response planning and breach notification processes
- Physical isolation of personal information processing
- Training and policy
- Register of processing activities
What are the best practices for data minimization?
- Eliminate unused/unneeded data
- Know why you need data
- Leverage access control to regulate use
- Remove obsolete data
- Disassociate or remove identifying information
What is a cyber risk?
Exposing your computer systems and network to danger
What is Risk management?
Identification, evaluation, and prioritization of risks, plus the definition of responses.
What is Risk appetite?
Amount of risk business is willing to accept