Unit 5 - Module 1 - Assets

Question 1

What do you call anything that can impact the confidentiality, integrity, or availability of an asset?

Answer 1

Risk

Question 2

What are the 3 main things to think about when security risk planning ?

Answer 2

Assets
Threats
Vulnerabilities

Question 3

What do you call an item perceieved as having value to an organization?

Answer 3

Asset

Question 4

What do you call any circumstance or event that can negatively impact assets?

Answer 4

Threat

Question 5

What do you call a weakness that can exploited by a threat?

Answer 5

Vulnerability

Question 6

What is the process of tracking assets and the risks that affect them?

Answer 6

Asset Managment

Question 7

What do you call a catalog of assets that need to be protected?

Answer 7

Asset Inventory

Question 8

What do you call the practice of labeling assets based on senesitivity and importance to an oranganization?

Answer 8

Asset Classification

Question 9

What are the 4 orders of asset classification?

Answer 9

1) Public - is the lowest level of classification. These assets have no negative consequences to the organization if they’re released.
2) Internal-Only -describes assets that are available to employees and business partners.
3) Confidential - refers to assets whose disclosure may lead to a significant negative impact on an organization.
4) Restricted - is the highest level. This category is reserved for incredibly sensitive assets, like need-to-know information.

Question 10

What do you call information that is translated, processed, or stored by a computer?

Answer 10

Data

Question 11

What do you call data being accessed by one or more users?

Answer 11

Data in use

Question 12

What do you call data traveling from one point to another?

Answer 12

Data in transit

Question 13

What do you call data not currently being accessed?

Answer 13

Data at rest

Question 14

What do you call the practice of keeping data in all states away from unauthorized users?

Answer 14

Information security ( InfoSec )

Question 15

What are 4 cloud security challenges?

Answer 15

Misconfiguration - Customers of cloud-based services are responsible for configuring their own security environment. Oftentimes, they use out-of-the-box configurations that fail to address their specific security objectives.

Cloud-native breaches - are more likely to occur due to misconfigured services.

Monitoring access might be difficult - depending on the client and level of service.

Meeting regulatory standards - is also a concern, particularly in industries that are required by law to follow specific requirements such as HIPAA, PCI DSS, and GDPR.

Question 16

What do you call a set of rules that reduces risk and protects information?

Answer 16

Policy

Question 17

What are refrences that inform how to set policies?

Answer 17

Standards

Question 18

What do you call step-by-step intructions to perform a specific security task?

Answer 18

Procedures

Question 19

What are the 3 primary elements that security plans include?

Answer 19

Standards
Policies
Procedures

Question 20

What do you call the process of adhering to internal standards and external regulations?

Answer 20

Compliance

Question 21

What do you call the rules set by a government or other authority to control the way something is done?

Answer 21

Regulations

Question 22

What framework is voluntary that consists of standards, guildlines, and best practices to manage cyberseucirty risk?

Answer 22

NIST Cybersecurity Framework ( CSF )

Question 23

What are the 3 NIST CSF components?

Answer 23

1) Core
2) Tiers
3) Profiles - The CSF profiles are pre-made templates of the NIST CSF that are developed by a team of industry experts.

Question 24

What are the 5 functions of the NIST CSF core?

Answer 24

Identify
Protect
Detect
Respond
Recover