Module 3

Question 1

What are Security Frameworks?

Answer 1

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 2

What is the name for guidelines used for building plans to help mitigate risk and threats to data and privacy?

Answer 2

Security Frameworks

Question 3

What is a Security Life Cycle?

Answer 3

A constantly evolving set of policies and standards that define how an organisation manages risks, follows established guidelines, and meets regulatory compliance or laws.

Question 4

What is the name for a constantly evolving set of policies and standards that define how an organisation manages risks, follows established guidelines, and meets regulatory compliance or laws.

Answer 4

Security Life Cycle

Question 5

What are the purposes of Security Frameworks?

Answer 5

• Protecting PII
• Securing financial information
• Identifying security weaknesses
• Managing organisational risks
• Aligning security with business goals

Question 6

What are the Four Core Components of Frameworks?

Answer 6

• Identifying and documenting security goals
• Setting guidelines to achieve security goals
• Implementing strong security processes
• Monitoring and communicating results

Question 7

What are Security Controls?

Answer 7

Safeguards designed to reduce specific security risks

Question 8

What is the CIA Triad?

Answer 8

A foundational model that helps inform how organisations consider risk when setting up systems and security policies

Question 9

What does the “CIA” in “CIA Triad” stand for?

Answer 9

Confidentiality. Integrity. Availability.

Question 10

What is meant by Confidentiality?

Answer 10

Only authorised users can access specific assets or data

Question 11

What is meant by Integrity?

Answer 11

Data is correct, authentic, and reliable

Question 12

What is meant by Availability?

Answer 12

Data is accessible to those who are authorised to access it

Question 13

What is an “Asset”?

Answer 13

An item perceived as having value to an organisation

Question 14

What is the NIST Cybersecurity Framework (CSF)?

Answer 14

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 15

What does NIST stand for?

Answer 15

National Institute of Standards and Technology

Question 16

Why are disgruntled employees some of the most dangerous threat actors?

Answer 16

They often have access to sensitive information and know where to find it

Question 17

What is the NIST?

Answer 17

A U.S-based agency that develops Compliance Frameworks that organisations worldwide can use to help manage risk.

Question 18

What are two examples of NIST frameworks?

Answer 18

• NIST CSF (Cybersecurity Framework)
• NIST RMF (Risk Management Framework)

Question 19

What are he Federal Energy Regulatory Commission - North American Electric Reliability Corporation (FERC-NERC)?

Answer 19

A regulation that applies to organisations that work with electricity or that are involved with the North American Power Grid.

Question 20

What does “CIP” stand for?

Answer 20

Critical Infrastructure Protection

Question 21

What does FERC stand for?

Answer 21

The Federal Energy Regulatory Commission

Question 22

What does NERC stand for?

Answer 22

North American Electric Reliability Corporation

Question 23

What does FedRAMP stand for?

Answer 23

The Federal Risk and Authorization Management Program

Question 24

What is the Federal Risk and Authorization Management Program (FedRAMP) ?

Answer 24

U.S. government program that standardises security assessment, authorisation, monitoring, and handling of cloud services and product offerings

Question 25

What is the purpose of the Federal Risk and Authorization Management Program (FedRAMP)?

Answer 25

To provide consistency across the government sector and third-party cloud providers

Question 26

What does CIS stand for?

Answer 26

Center for Internet Security

Question 27

What is the Center for Internet Security (CIS) ?

Answer 27

A nonprofit with multiple areas of emphasis that provides a set of controls that can be used to safeguard systems and networks against attacks

Question 28

What is the purpose of the Center for Internet Security (CIS)?

Answer 28

• To help organisations establish a better plan of defence
• Provide actionable controls that security professionals may follow if a security incident occurs

Question 29

What does GDPR stand for?

Answer 29

General Data Protection Regulation

Question 30

What’s is the General Data Protection Regulation (GDPR)?

Answer 30

An E.U. general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and put of E.U. territory

Question 31

Under GDPR, how long does an organisation have to alert an E.U. citizen if their data compromised?

Answer 31

72 hours

Question 32

What does PCI DSS stand for?

Answer 32

Payment Card Industry Data Security Standard

Question 33

What is the Payment Card Industry Data Security Standard (PCI DSS)?

Answer 33

An international security standard meant to ensure that organisations storing, accepting, processing, and transmitting credit card information do so in a secure environment

Question 34

What is the aim of the Payment Card Industry Data Security Standard (PCI DSS)?

Answer 34

To reduce credit card fraud

Question 35

What does HIPAA stand for?

Answer 35

The Health Insurance Portability and Accountability Act

Question 36

What is the Health Insurance Portability and Accountability Act (HIPAA)?

Answer 36

A U.S. federal law established to protect patients’ health information

Question 37

When was HIPAA established?

Answer 37

1996

Question 38

What three rules is HIPAA governed by?

Answer 38

1. Privacy
2. Security
3. Breach notification

Question 39

What does HITRUST stand for?

Answer 39

Health Information Trust Alliance

Question 40

What is the Health Information Trust Alliance (HITRUST)?

Answer 40

A security framework and assurance program that helps institutions meet HIPAA compliance

Question 41

What is the name of a security framework and assurance program that helps institutions meet HIPAA compliance?

Answer 41

Health Information Trust Alliance (HITRUST)

Question 42

What does ISO stand for?

Answer 42

International Organization for Standardization

Question 43

Why was the International Organization for Standardization (ISO) created?

Answer 43

• To establish international standards related to technology, manufacturing, and management across borders
• To help organisations improve their processes and procedures for staff retention, planning, waste, and services

Question 44

Who developed the System and Organizations Controls (SOC type 1, SOC type 2)?

Answer 44

The American Institute of Certified Public Accountants (AICPA) auditing standards board.

Question 45

What are the System and Organizations Controls (SOC type 1, SOC type 2)?

Answer 45

A series of reports that focus on an organisation’s user access policies at different organisational levels

Question 46

What are the System and Organizations Controls (SOC type 1, SOC type 2) used for?

Answer 46

Used to assess an organisation’s financial compliance and levels of risk.

They also cover:
- Confidentiality
- Privacy
- Integrity
- Security
- Overall data safety

Question 47

When was the United States Presidential Executive Order 14028 released?

Answer 47

May 12th, 2021, by President Joe Biden

Question 48

What are Security Ethics?

Answer 48

Guidelines for making appropriate decisions as a security professional.

Question 49

What is the name given to guidelines for making appropriate decisions as a security professional?

Answer 49

Security Ethics

Question 50

What are ethical principles in security?

Answer 50

• Confidentiality
• Privacy protections
• Laws

Question 51

What are Laws?

Answer 51

Rules that are recognised by a community and enforced by a governing entity.

Question 52

What is the name given to rules that are recognised by a community and enforced by a governing entity?

Answer 52

Laws

Question 53

What is the name given to a person who is not a member of law enforcement who decides to stop a crime on their own.

Answer 53

Vigilante

Question 54

What is a Vigilante?

Answer 54

A person who is not a member of law enforcement who decides to stop a crime on their own.

Question 55

According to the International Court of Justice (ICJ), a person or group can deploy a counterattack if:

Answer 55

The counterattack…

• Will only affect the party that attacked first
• Is a direct communication asking the initial attacker to stop
• Does not escalate the situation
• Effects can be reversed

Question 56

What does ICJ stand for?

Answer 56

International Court of Justice

Question 57

Explain “Confidentiality” in relation to ethics

Answer 57

Relating to ethics, confidentiality means that there needs to be a high level of respect for privacy to safeguard private assets and data.

Question 58

What is Privacy Protection?

Answer 58

Safeguarding personal information from unauthorised use.

Question 59

What is the name given to safeguarding personal information from unauthorised use?

Answer 59

Privacy Protection

Question 60

Explain Privacy Protection in relation to ethics

Answer 60

Security professionals hold an ethical obligation to
- secure private information
- identify security vulnerabilities
- manage organisational risks
- align security with business goals

Question 61

Explain Laws in relation to ethics

Answer 61

Security professionals have an ethical obligation to protect their organisation, its internal infrastructure, and the people within the organisation.

Question 62

Whay must security professionals do to fulfil their ethical responsibilities in relation to Laws?

Answer 62

• Remain unbiased and conduct work honestly, responsibly, and with the highest respect for the law.
• Be transparent and just, and rely on evidence.
• Ensure they are consistently invested in the work they are doing in order to appropriately and ethically address issues that arise.
• Stay informed and strive to advance their skills so they can contribute to the betterment of the cyber landscape