Module 2: Cybersecurity & the Business

Question 1

Define ‘Risk’ in the context of cybersecurity.

Answer 1

A measure of the extent to which an entity is threatened by a potential circumstance or event, typically considering the adverse impacts and likelihood of occurrence.

Question 2

What is ‘Residual Risk’?

Answer 2

Residual Risk refers to the portion of risk remaining after security measures have been applied.

Question 3

What is the purpose of the ‘Govern’ phase in the NIST Cybersecurity Framework?

Answer 3

Covers people, process, and technology elements, including roles, responsibilities, policies, procedures, and oversight, in addition to technology.

Question 4

What is the purpose of the ‘Identify’ phase in the NIST Cybersecurity Framework?

Answer 4

Involves asset management, business environment, governance, risk assessment, and risk management strategy.

Question 5

What is the purpose of the ‘Protect’ phase in the NIST Cybersecurity Framework?

Answer 5

Focuses on access control, awareness training, data security, information protection processes, and protective technology.

Question 6

What is the purpose of the ‘Detect’ phase in the NIST Cybersecurity Framework?

Answer 6

Involves detecting anomalies and events, continuous security monitoring, and establishing detection processes.

Question 7

What is the purpose of the ‘Respond’ phase in the NIST Cybersecurity Framework?

Answer 7

Includes response planning, communications, analysis, mitigation, and improvements after detecting a security incident.

Question 8

What is the purpose of the ‘Recover’ phase in the NIST Cybersecurity Framework?

Answer 8

Focuses on recovery planning, communication, and improvement after an incident to return to normal operations.

Question 9

What are the six phases of the NIST Cybersecurity Framework?

Answer 9

Govern, Identify, Protect, Detect, Respond, Recover