Risk Management

Question 1

Threat Actors

Answer 1

Anyone or anything with the motive and resources to attack another’s IT infrastructure

Examples include:
Hackers
Hacktivists
Script kiddies
Insiders
Competitors
Shadow IT
Criminal syndicates
State actors (nation states)
Advanced persistent threat (APT)

Question 2

Vulnerability

Answer 2

Weakness in an asset.

Question 3

Threat

Answer 3

Action that a threat actor can use against a vulnerability to cause harm.

Question 4

Risk

Answer 4

LIkelihood of a threat actor taking advantage of a vulnerability by using a threat against an IT asset.

Question 5

Asset

Answer 5

Any part of IT infrastructure that has value

Question 6

Likelihood

Answer 6

Probability of assets being damaged over time.

Question 7

CIA Triad

Answer 7

Confidentiality
Integrity
Availability

Question 8

Exploit

Answer 8

Takes advantage of vulnerabilities

Question 9

Attack Vectors

Answer 9

Pathways to gain access to restricted systems

Question 10

What is TTP?

Answer 10

Adversary tactics, techniques, and procedures.

Question 11

What doe AIS stand for?

Answer 11

Automated Indicator Sharing

Question 12

What does AIS do?

Answer 12

Exchanges cybersecurity intelligence between entities

Question 13

What is OSINT?

Answer 13

Stands for open-source intelligence. It refers to publicly available cybersecurity intelligence sources.

Question 14

What does CVE stand for?

Answer 14

Common vulnerabilities and exposures

Question 15

What is the dark web or dart net?

Answer 15

An encrypted and anonymized Internet access mechanism allowing access to unindexed content

Question 16

What is STIX?

Answer 16

A cybersecurity intelligence (CI) sharing format, TAXII is an example which exchanges CI.

Question 17

What does STIX stand for?

Answer 17

Structured Threat Information eXpression

Question 18

What does TAXII stand for?

Answer 18

Trusted Automated eXchange of Intelligence Information

Question 19

What does RMF stand for?

Answer 19

Risk Management Framework

Question 20

What does an RMF do?

Answer 20

Provides guidance on identifying and managing risk

Question 21

What are the GDPR, HIPPA, and PCI-DSS designed to do?

Answer 21

These are security regulation standards that are designed to protect sensitive data.

Question 22

What is the purpose of organization security policies?

Answer 22

They are designed to protect assets.

Question 23

What are managerial security controls?

Answer 23

Administrative functions, such as background checks

Question 24

What are operational security controls?

Answer 24

An example is policy reviews

Question 25

Technical security controls

Answer 25

IT security solutions

Question 26

What are the security control types? (6)

Answer 26

Physical
Detective
Corrective
Preventive
Deterrent
Compensating