midterm rand Flashcards
What was the effect of employee training on breach costs?
Organizations with high levels of employee training had breach costs USD 950,000 lower than those with low training levels.
What factor led to the biggest cost savings in preventing data breaches?
Extensive use of AI and automation in prevention, saving an average of USD 2.2 million.
How much lower were breach costs when AI and automation were used in detection, investigation, and response?
Between 33-43% lower compared to organizations that didn’t use AI.
What type of data breach was the most expensive?
Breaches involving public cloud data, costing USD 5.17 million on average.
What type of stored data took the longest to contain?
Public cloud data breaches, taking 23.3% longer than on-premises breaches.
What is the definition of risk?
The effect of uncertainty on objectives
What is risk management?
Coordinated activities to direct and control an organization regarding risk.
What are the three main components of risk?
Threat, vulnerability, and impact.
What is a threat?
A potential cause of an unwanted incident
What is vulnerability?
A weakness that can be exploited by a threat
What is impact in risk management?
The consequences of an event affecting objectives
What are the steps in risk management?
Identify, assess, evaluate, treat, monitor, and review
What is risk avoidance?
A strategy to eliminate the risk by not engaging in the activity
What is risk reduction?
Taking actions to minimize the likelihood or impact of a risk
What is risk transfer?
Shifting the risk to a third party (e.g., insurance)
What does ISO 31000 focus on?
Risk management principles, framework, and processes
What is risk acceptance?
A decision to take no action and accept the potential consequences
What does ISO/IEC 27005 focus on?
Information security risk management
What is the NIST Risk Management Framework (SP 800-37)?
A structured process integrating security and privacy risk management
What is a control in risk management?
A measure taken to reduce risk
What is qualitative risk analysis?
A subjective assessment of risk impact and likelihood
What is inherent risk?
The risk level before any mitigation measures
What is residual risk?
The remaining risk after risk treatment measures are applied
What is risk aggregation?
The process of combining multiple risks for a holistic view
What is quantitative risk analysis?
A numerical approach to assessing risk
What is an advanced persistent threat (APT)?
A prolonged cyberattack by a well-funded group
What is the MITRE ATT&CK framework?
A knowledge base of cyber adversary tactics and techniques
What is an intrusion detection system (IDS)?
A system that monitors for malicious activity or policy violations
What is an intrusion prevention system (IPS)?
A system that actively blocks detected threats
What is the principle of least privilege (PoLP)?
Giving users only the access they need to perform their jobs
What is the difference between black-box and white-box testing?
Black-box: No internal knowledge. White-box: Full knowledge of system
What is the NIST Cybersecurity Framework (CSF)?
A framework providing guidelines for managing cybersecurity risk
What are some common risk management standards?
ISO 31000, ISO/IEC 27005, NIST SP 800-39
What is residual risk?
The remaining risk after implementing risk treatment measures
What is a risk register?
A document listing identified risks, their severity, and mitigation strategies
What is the difference between qualitative and quantitative risk analysis?
Qualitative is subjective, while quantitative assigns numerical values
What does the NIS Directive define as risk?
Any reasonably identifiable event with a potential adverse effect on information systems
What is an example of a sector-specific risk management standard?
ISO 14971 for medical devices
What is the Common Criteria (CC) framework used for?
Evaluating the security of ICT products
What is the EBIOS method?
A French risk assessment methodology
What is the BowTie method?
A widely used qualitative risk analysis model
What is ISO 31000 known for?
Risk management principles and guidelines
What are ICT products?
ICT (Information and Communication Technology) products include hardware, software, and services used for communication, data processing, and information management
Why are ICT products important in risk management?
They are essential for securing digital infrastructure, protecting data, and ensuring business continuity
Can you give examples of ICT products?
/Hardware: Computers, servers, networking devices, IoT devices
/Software: Operating systems, cybersecurity tools, cloud platforms
/Services: Cloud computing, cybersecurity solutions, data storage services