Introduction

Question 1

What is the aim of cyber security?

Answer 1

To protect assets from harm or tampering. These assets can be in the form of physical hardware, software and data.

Question 2

How are computers protected from harm?

Answer 2

Through controls and countermeasures after considering threats and vulnerabilities.

Question 3

What are the five functions of security?

Answer 3

Identify
Protect
Detect
Respond
Recover

Question 4

What are the aims of security?

Answer 4

Confidentiality
Integrity
Availability
Authenticity
Accountability
Reliability

Question 5

What is a threat?

Answer 5

Circumstance that has the potential to cause harm such as human attacks or natural disasters

Question 6

What is a vulnerability?

Answer 6

A weakness that might be exploited in a system.

Question 7

What are the four principles of Computer Security?

Answer 7

Easiest Penetration
Adequate Protection
Weakest Link
Effectiveness

Question 8

What is the principle of Easiest Penetration?

Answer 8

An intruder must be expected to attempt any available means of penetration and the one that succeeds may not be the obvious one.

Question 9

What is the principle of Adequate Protection?

Answer 9

Computer items must be protected until they lose their value and they must be protected to a degree consistent with their value

Question 10

What is the principle of Weakest Link?

Answer 10

Security in a system is as strong as its weakest link.

Question 11

What is the principle of effectiveness?

Answer 11

Controls must be used used, be appropriate and be applied properly.

Question 12

Why are users not to blame for security attacks?

Answer 12

Advice is usually technical and most users aren’t technically minded.

Users are naive

Question 13

What does the identify function aid?

Answer 13

Allows organizations to understand their assets, data and capabilities which, in turn, allows them to manage the risks posed to them.

Question 14

What kinds of activities does the Identify function support?

Answer 14

Identification of assets to create an asset management program.

Identification of policies to create a governance program

Identification of a risk management strategy for the organization.

Question 15

What does the protect function support?

Answer 15

The ability to limit or contain the impact of potential cybersecurity breaches, and have safeguards in place for critical services.

Question 16

What kind of activities support the protect function?

Answer 16

Place controls into the network

Awareness training for staff to improve their understanding of cybersecurity threats and issues.

Question 17

What is the detect function concerned with?

Answer 17

The appropriate activities to identify the occurrence of a cybersecurity event in a timely manner.

Question 18

What type of activities does the detect function consist of?

Answer 18

Continuous monitoring of the network

Correct detection and evaluation of anomalies

Effective systems in place that notify of important events.

Question 19

What does the respond function support?

Answer 19

The appropriate activities to take action regarding a detected cybersecurity incident to minimize the impact.

Question 20

What type of activities support the respond function?

Answer 20

response planning processes are executed during & after an incident

Management of communications during and after the event.

Question 21

What does the recover function concern itself with?

Answer 21

Identifies the appropriate activities to maintains plans for resilience and to restore services impaired during cybersecurity incidents.

Question 22

What activities support the recover function?

Answer 22

Recovery planning processes and procedures are in place

Lessons learned are incorporated into processes for improvement.

Question 23

What is confidentiality concerned with?

Answer 23

Only authorized parties can access the data

Question 24

What is integrity concerned with?

Answer 24

Only authorized parties can make changes to the data

Question 25

What is availability concerned with?

Answer 25

Authorized parties must be able to access assets.

Question 26

What is authenticity concerned with?

Answer 26

Authorized users are who they say they are

Question 27

What is reliability concerned with?

Answer 27

Authorized users get expected results when using systems.

Question 28

What is accountability concerned with?

Answer 28

Responsibility for actions can be traced to the user.