Section 1: Cybersecurity Introduction and Overview Flashcards

1
Q

primary objective of cybersecurity

A

The primary objective of cybersecurity is the protection of digital assets. In their cybersecurity frameworks, both the National Institute of Standards and Technology (NIST) and the European Union Agency for Network and Information Security (ENISA) have identified five key functions necessary for the protection of digital assets.
These functions coincide with incident management methodologies and include the following activities:
• Identify: Use organizational understanding to minimize risk to systems, assets, data and capabilities
• Protect: Design safeguards to limit the impact of potential events on critical services and infrastructure
• Detect: Implement activities to identify the occurrence of a cybersecurity event
• Respond: Take appropriate action after learning of a security event
• Recover: Plan for resilience and the timely repair of compromised capabilities and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

GRC MODEL

A

Governance, Risk Management and Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Governance

A

Setting and prioritizing policies, procedures, processes and controls within an enterprise with respect to information management. Usually led by senior management and board of directors, the goals of a governance program include:
• Provide strategic direction
• Ensure that objectives are achieved
• Ascertain whether risk is being managed appropriately • Verify that the organization’s resources are being used responsibly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Management

A

Process by which an organization manages risk to acceptable levels
• Development and implementation of internal controls to manage and mitigate risk
• Includes financial and investment risk, physical risk and cyberrisk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Compliance

A

The ability of an organization to adhere to, and to demonstrate adherence to, mandated requirements defined by laws and regulations
• Includes voluntary requirements resulting from contractual obligations and internal policies
• Ensure that risk to critical services or sensitive data is mitigated through adherence to appropriate security arrangements and implementation of requisite procedures used to manage the project delivery and project benefit risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Responsibilities of Cybersecurity Professionals

A
  • Analysis: Routinely scrutinizes policy, trends and intelligence
  • Problem solving: Using detection skills, anticipates how an adversary may think or behave
  • Technical application: Navigate the information security architecture to assess threats and vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Information Security?

A

Information security ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non-access when required (availability).
Protecting of information, regardless of its format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Cybersecurity?

A

Protection of digital assets
Cybersecurity is a component of information security and should be aligned with all aspects enterprise information security. This includes governance, management and assurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly