Risk Management Flashcards

1
Q

Threat Actors

A

Anyone or anything with the motive and resources to attack another’s IT infrastructure

Examples include:
Hackers
Hacktivists
Script kiddies
Insiders
Competitors
Shadow IT
Criminal syndicates
State actors (nation states)
Advanced persistent threat (APT)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability

A

Weakness in an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Threat

A

Action that a threat actor can use against a vulnerability to cause harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk

A

LIkelihood of a threat actor taking advantage of a vulnerability by using a threat against an IT asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Asset

A

Any part of IT infrastructure that has value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Likelihood

A

Probability of assets being damaged over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CIA Triad

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Exploit

A

Takes advantage of vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Attack Vectors

A

Pathways to gain access to restricted systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is TTP?

A

Adversary tactics, techniques, and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What doe AIS stand for?

A

Automated Indicator Sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does AIS do?

A

Exchanges cybersecurity intelligence between entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is OSINT?

A

Stands for open-source intelligence. It refers to publicly available cybersecurity intelligence sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does CVE stand for?

A

Common vulnerabilities and exposures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the dark web or dart net?

A

An encrypted and anonymized Internet access mechanism allowing access to unindexed content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is STIX?

A

A cybersecurity intelligence (CI) sharing format, TAXII is an example which exchanges CI.

17
Q

What does STIX stand for?

A

Structured Threat Information eXpression

18
Q

What does TAXII stand for?

A

Trusted Automated eXchange of Intelligence Information

19
Q

What does RMF stand for?

A

Risk Management Framework

20
Q

What does an RMF do?

A

Provides guidance on identifying and managing risk

21
Q

What are the GDPR, HIPPA, and PCI-DSS designed to do?

A

These are security regulation standards that are designed to protect sensitive data.

22
Q

What is the purpose of organization security policies?

A

They are designed to protect assets.

23
Q

What are managerial security controls?

A

Administrative functions, such as background checks

24
Q

What are operational security controls?

A

An example is policy reviews

25
Q

Technical security controls

A

IT security solutions

26
Q

What are the security control types? (6)

A
Physical
Detective
Corrective
Preventive
Deterrent
Compensating