Security, Risk Management, Privacy

Question 1

first step when identifying IT security

Answer 1

classify data as:
confidential (limited to certain groups)
private (only certain individuals)
public

Question 2

important balance

Answer 2

security vs ease of use

Question 3

CIA triad

Answer 3

• confidentiality
• availability
• integrity

Question 4

types of attacks

Answer 4

• phishing
• ransomware
• malware
• DOS
• website attacks
• physical theft
• social engineering
• cyber warfare
• remote access attack

Question 5

types of phishing

Answer 5

phishing (general)
spear phishing (targeted)

Question 6

script kiddies

Answer 6

unskilled attacker who uses programs developed by others

Question 7

NIST

Answer 7

National Institute of Standards and Technology

Question 8

steps of the NIST framework

Answer 8

1. system characterization
2. threat identification
3. vulnerability identification
4. control analysis
5. likelihood determination
6. impact analysis
7. risk determination
8. control recommendations

Question 9

key to security

Answer 9

use a multi-layered approach

Question 10

examples of security layers

Answer 10

• law
• policies
• user training
• firewalls
• monitoring
• email filtering
• Intrusion Detection Systems
• antivirus/malware software
• physical controls

Question 11

plan when things go wrong?

Answer 11

Business Continuity Planning

Question 12

plan when things go really wrong?

Answer 12

Disaster REcovery plan