Terms To Know

Question 1

What is CCPA

Answer 1

California Consumer Privacy Act: passed to give california consumers rights regarding their data, like the right to opt out of sale of their information

Question 2

What is NYDFS

Answer 2

Regulation that ensures all financial institutions in new york adhere to key quirements like limiting access privileges

Question 3

GDPR

Answer 3

General Data Protection Regulation: protect data of EU consumers

Question 4

AI

Answer 4

Artifical intelligence - simulation of human intelligence by computer systems: predictive analytics

Question 5

TDLC

Answer 5

Technology development life cycle is the systematic approach to manage tech related projects
- initiation
- planning
- design
- development
- testing
- deployment
- maintenance
- closure

Question 6

Github

Answer 6

Web-based platform that provides version control

Question 7

IBM AppScan

Answer 7

Application security testing tool to help identify and remediate vulnerabilities

Question 8

Linux

Answer 8

Operating system that is open source

Question 9

VI Editor

Answer 9

Text editor that provides a command-line interface for editing text files directly in terminal (for all unix like OS like Linux)

Question 10

Risk Assessment

Answer 10

A process to identify and prioritize risks within the tech environment

Question 11

ISO

Answer 11

International Standards Org: comprised of international representatives that help develop international standards like ISO/IEC 27001 which specifies requirements for protecting sensitive info

Question 12

SOX

Answer 12

Sarbanes-Oxley Act of 2002: requires publicly traded companies to ensure their internal business processes are properly managed

Question 13

OWASP TOP 10

Answer 13

List of top 10 most critical security risks to web applications

Question 14

NIST

Answer 14

National Institute of Standards and Technology - a cybersecurity framework that can improve cyber posture at an organization. Core functions: identify, protect, detect, respond, recover

Question 15

What is a risk?

Answer 15

The potential for loss or harm resulting from threats and vulnerabilities

Question 16

What is a threat?

Answer 16

An event that can exploit vulnerabilities like malware (malicious software)

Question 17

What is a vulnerability?

Answer 17

A weakness in the system that can be exploited by a threat

Question 18

What is private data, public data, secret data?

Answer 18

Private: sensitive data that is intended to be kept confidential like employee personnel files

Public: freely accessible data that doesnt require access like stock market prices

Secret: highly confidential data that is restricted that can damage business interests like trade secrets

Question 19

Explain the difference between likelihood and impact as pertaining to risks

Answer 19

Likelihood refers to the chance that risk event will occur

Impact refers to the severity if the risk were to be realized; assesses potential harm, loss, or damage (financial, reputational, or regulatory impact)

Question 20

Examples of regulatory frameworks

Answer 20

Basel Accords: international framework for banking with one focus being strengthen risk mgmt practices of banks

Dodd-Frank Wall Street Reform and Consumer Protection Act: put in place to prevent another recession, requires large financial institutions to undergo stress tests

CCPA

GDPR

Question 21

COBIT

Answer 21

Control Objectives for Information and Related Technologies: framework that helps companies improve IT governance