Terms

Question 1

Advanced persistent threats

Answer 1

Sophisticated hacker attack that leaves behind malware. Goal is to remain in the system as long as possible before being detected

Question 2

Black hat

Answer 2

Person who attempts to gain access to a computer system with criminal intent.

Question 3

Penetration Testing

Answer 3

White Box - Tester has been provided range info
Black Box -No information has been given to the testers
Grey Box - Tester has been provided some limited info

Question 4

Bleeding edge tech

Answer 4

Tech so new they are likely to cause damage and become unstable

Question 5

Bot

Answer 5

Computer program designed for a specific task. Hacker using a bot is called a bot herder.

Question 6

Dark web

Answer 6

Websites that hide their server location

Question 7

DDos

Answer 7

Distributed denial of service. Cyber attacks designed to disrupt people’s use of computer systems

Question 8

Ethical hacking

Answer 8

Use of white hats to test venerability of computer systems.

Question 9

Exfiltrate

Answer 9

Move data with a degree of secrecy

Question 10

Internet of things

Answer 10

Incorporation of everyday items into a network. Lights

Question 11

Kill chain

Answer 11

Defense model that uses structure of attack to build a defense strategy

Question 12

Malware

Answer 12

Malicious software used by hackers

Question 13

Moore’s law

Answer 13

Over the history of computing, the processing power of computer doubles every 2 years

Question 14

Polymorphic malware

Answer 14

Malware that can change attributes to help avoid detection.

Question 15

Ransomware

Answer 15

Malware that holds data hostage until money is paid to hacker

Question 16

Residual risk

Answer 16

Risk remaining after controls are put in place

Question 17

Resilience

Answer 17

The ability to remain functional in the face of a threat

Question 18

Spear phishing

Answer 18

Email that targets a specific person or group that pretends to come from a legit source, i.e. boss to staff

Question 19

Spoofing

Answer 19

Concealing the true space of information by impersonation

Question 20

Spyware

Answer 20

Malware that gathers information and transmits data to hacker

Question 21

White hat

Answer 21

Security specialist who breaks into system by invitation

Question 22

SLAM

Answer 22

Simultaneous localization and mapping

Question 23

Kinect

Answer 23

Sensing device that could be used to solve the Slam issue in robots

Question 24

Waze

Answer 24

Uses social networking to provide real time traffic information

Question 25

Fin tech

Answer 25

Financial technology (Venmo, cash app, Apple Pay)

Question 26

Reg tech

Answer 26

Technology that automates compliance with regulations or identifies potential violations

Question 27

Block chain

Answer 27

Distributed open ledger

Question 28

Digital risk

Answer 28

Digital connectedness increase risk

Question 29

Risk Mgt Framework

Answer 29

Essential steps in the implementation and support of rm process

Question 30

Risk architecture

Answer 30

Communications and reporting structure

Question 31

Risk identification

Answer 31

What might happen

Question 32

Risk analysis

Answer 32

How might risk happen

Question 33

Risk appetite

Answer 33

Determining the acceptable level of risk for the org

Question 34

Risk tolerance

Answer 34

Line in the sand, level of risk past what can be absorbed by the org

Question 35

Business continuity

Answer 35

Plan to continue operations after an incident

Question 36

Loss control

Answer 36

Range of activities to reduce potential of risk

Question 37

Organizational resilience

Answer 37

Ability to deal with risk

Question 38

General purpose technology

Answer 38

GPT- Tech that is pervasive, improves over time, able to span new innovation Example autonomous cars (combustion engine with digital tech)

Question 39

Recombinant innovation

Answer 39

Combine or recombine ideas to come up with a new tech | Waze

Question 40

Internet of things

Answer 40

Network of manufactured good that can send and receive data over the internet. (Appliances)

Question 41

RASP

Answer 41

Risk Architecture, risk Strategy, risk Protocols

Question 42

Risk

Answer 42

The effect of uncertainty on objectives

Question 43

Loss Prevention

Answer 43

identify treatments that help prevent hazards, reduce the likelihood.

Question 44

Digitization Risk

Answer 44

Risk of digitizing business

Question 45

Cyber Risk

Answer 45

Risk of protecting digitized data

Question 46

Red Team

Answer 46

Group of penetration testers by ethical hackers

Question 47

Hacker

Answer 47

Person who engages in unauthorized access of data

Question 48

Malware

Answer 48

Malicious software than can be inserted into digital devices

Question 49

Patch Management

Answer 49

Controlled process used to deploy critical software updates

Question 50

BYOD

Answer 50

Bring your own devices - increase risk of data

Question 51

Threat Actors

Answer 51

Hacker type - whistle blowers/anti business groups, more interested in control than money

Question 52

Zero-Day attack

Answer 52

First attack with a new malware, anti-malware are not equipped to identify this exploit

Question 53

EGGE Cyber Security Team

Answer 53

Design for a good cyber security team 1) ethically diverse 2) geographically diverse 3) gender diverse 4) educationally diverse

Question 54

Containerization

Answer 54

Isolate sections of a device

Question 55

Cyber Defense Points

Answer 55

digital locations where cyber security controls can be added

Question 56

Single point of accountability

Answer 56

All critical data processes that have a single point of accountability

Question 57

Social Engineering

Answer 57

Manipulating people through personal interaction to gain access

Question 58

Decapitation

Answer 58

Prevents device from communicating

Question 59

DLP

Answer 59

Data Loss Prevention

Question 60

IDS

Answer 60

Intrusion detection system - monitors data passing

Question 61

Defense In Depth Strategy

Answer 61

multiple layers, check and balances

Question 62

Honey pot

Answer 62

Trap (danger as the victim needs to engage with the hacker)

Question 63

Polymorphic

Answer 63

Malware that can change to avoid detection

Question 64

SSL

Answer 64

Secure Socket layers - secure encrypted protocol to prevent content from being intercepted

Question 65

Drive by download

Answer 65

unintended download of virus through the internet

Question 66

Mobile Device Management

Answer 66

MDM - Tech used to secure devices, remote wipe

Question 67

SIEM

Answer 67

Security Incident & Event Mgt (process and capabilities required to clean up security incident)

Question 68

Security Incident vs Security Event

Answer 68

Incident is major and event is a minor disruption

Question 69

Augmented Reality

Answer 69

Overlaying of a virtual digital layer onto a view of the real world.

Question 70

Corporate Governance

Answer 70

Set of relationships between an company, management, the board, shareholders, and other stakeholders