Lesson 3 - Hands on Scenarios Flashcards
To be prepared when tech topics come up
Zero Trust: You’re in a meeting discussing network security, and someone mentions ‘Zero Trust’.
Core Principles:
- Assume all network traffic is untrusted
- Enforce least-privilege access
- Continuously verify identity and access
Benefits:
- Reduces insider and outsider threats
- Enhances visibility across the network
- Limits lateral movement of attackers.
Cloud Computing: Someone asks about the main advantages of cloud computing in digital transformation.
Core Principles:
Provides scalable and on-demand resources
Operates on a pay-as-you-go model
Enables remote data storage and processing
Benefits:
Reduces IT infrastructure costs
Increases flexibility and collaboration
Facilitates rapid deployment and scaling
Multi-Factor Authentication (MFA): You’re reviewing security protocols, and MFA is mentioned as a requirement.
Core Principles:
Requires two or more verification factors
Combines knowledge (password), possession (device), and inherence (biometrics)
Strengthens access control by adding layers.
Benefits:
Prevents unauthorized access
Mitigates risk of compromised credentials
Enhances overall system security.
Digital Transformation: Someone in the meeting asks what digital transformation actually involves.
Core Principles: Leverages technology to improve processes; Focuses on user experience and operational efficiency; Integrates new digital tools into legacy systems. Benefits: Increases agility and responsiveness; Reduces operational costs; Improves customer experience.
Incident Response: A team member brings up the importance of having a robust incident response plan.
Core Principles: Detect incidents quickly and accurately; Contain and eliminate the threat; Recover systems to normal operations. Benefits: Minimizes damage and downtime; Protects sensitive data; Improves compliance with security regulations.
Network Segmentation: During a discussion on network security, someone suggests segmenting the network.
Core Principles: Divides the network into isolated segments; Controls data flow between segments; Limits access based on roles or needs. Benefits: Reduces attack surface; Enhances containment of security breaches; Improves regulatory compliance.
Artificial Intelligence (AI) in Cybersecurity: You’re in a meeting about new technologies, and AI in cybersecurity comes up.
Core Principles: Analyzes vast amounts of data for threats; Learns from past incidents to improve detection; Automates response to common security issues. Benefits: Enhances threat detection accuracy; Reduces response time; Allows for proactive rather than reactive security.
DevSecOps: Someone asks how DevSecOps differs from traditional DevOps in a project planning meeting.
Core Principles: Integrates security into every phase of development; Emphasizes automation and continuous monitoring; Balances development, security, and operations. Benefits: Reduces security vulnerabilities early; Speeds up delivery with secure coding practices; Increases collaboration among teams.
API Security: In a discussion about web applications, API security is raised as a concern.
Core Principles: Uses encryption (e.g., HTTPS) for secure communication; Requires strong authentication, such as API keys; Implements rate limiting to prevent abuse. Benefits: Prevents unauthorized access; Protects sensitive data in transit; Ensures availability and reliability of services.
Role-Based Access Control (RBAC): Someone mentions RBAC as a way to manage user permissions.
Core Principles: Assigns permissions based on job roles; Restricts access to necessary resources only; Regularly reviews and updates roles as needed. Benefits: Simplifies user management; Reduces risk of unauthorized access; Enhances security by minimizing unnecessary access.
Virtualization: A colleague asks about the benefits of using virtualization in the IT environment.
Core Principles: Creates virtual versions of physical resources; Runs multiple virtual machines on one physical host; Improves resource utilization and flexibility. Benefits: Reduces hardware costs; Allows for easy scaling and deployment; Enhances disaster recovery capabilities.
Encryption: You’re discussing data security, and encryption is mentioned as a protective measure.
Core Principles: Converts data into unreadable format without a key; Uses symmetric or asymmetric keys; Ensures data confidentiality and integrity. Benefits: Protects data from unauthorized access; Secures data in transit and at rest; Meets regulatory compliance requirements.
Intrusion Detection System (IDS): During a security review, the importance of an IDS is brought up.
Core Principles: Monitors network traffic for suspicious activity; Uses signature and anomaly detection methods; Alerts administrators of potential threats. Benefits: Provides early warning of possible breaches; Helps identify policy violations; Supports compliance with security standards.
Data Governance: In a meeting on digital transformation, data governance is highlighted as a priority.
Core Principles: Establishes data policies and standards; Ensures data quality, integrity, and security; Defines roles and responsibilities for data management. Benefits: Enhances data accuracy and reliability; Improves regulatory compliance; Supports better decision-making across the organization.
Backup and Disaster Recovery: A team member mentions the importance of backup and disaster recovery for business continuity.
Core Principles: Regularly backs up critical data and systems; Plans for both data recovery and system restoration; Tests recovery procedures periodically. Benefits: Reduces downtime in the event of a disaster; Ensures data availability and integrity; Minimizes financial and operational impact.