ISC S3 Flashcards
Main points in S3 after completing modules.
What is the difference between asymmetric and symmetric encryption?
Asymmetric: Public and private Key
Symmetric: Shared keys
Define Confidentiality according to NIST?
Restrictions on data
What is privacy according to NIST?
Right to control information
What are three examples of preventative controls in terms of cybersecurity?
- Network access
- Encryption
- User access
What is Data Obfuscation and what are the three types and their definitions?
Replacing data with less valuable data.
Encryption: Scrambles data with cryptography
Tokenization: Replace data with substitute data using code or token
Masking: Swaps data with similar data but maintain structure
What is Data Loss Prevention (DLP) and types of DLP?
Prevent info to be transferred out.
e.g., Endpoint-based, Cloud-based, Network-based
What are data protection controls?
- Digital security
- Change management
- Backup
- User access
What is a Incident Response Timeline?
Map out when an incident starts, is detected, and contained.
What are the 7 phases of an Incident Response Timeline?
- Preparation
- Detection
- Containment
- Eradication
- Reporting
- Recovery
- Learning
(1) What are the two types of incident response team models and (2) what is a secondary function applicable to these models?
- Centralized and Distributed response teams
- Coordinating team
What is the difference between a cybersecurity event vs. cybersecurity incident?
Event - Benign or adverse (negative) occurrence
Incident - Threat to organization’s computer or network security
What are some events Cyber Insurance Policies cover?
- Data breaches
- Cyber Extortions
- Replacement costs for information systems
- Incident Response Costs (Expenses to recover lost or stolen data)
What are system availability controls?
Controls that ensure heavily relied upon networks are not disrupted due to physical damage, security incidents, or intentional damage.
