Week 02

Question 1

Risk Management

What is risk management?

Answer 1

The process of identifying, assessing, and mitigating potential threats to minimize their impact on an organization.

Question 2

Cybersecurity Governance:

What is meant by cybersecurity governance?

Answer 2

The framework and policies for managing and overseeing an organization’s security strategies and practices.

Question 3

Compliance

What is compliance?

Answer 3

Adhering to external regulations and standards to meet legal or industry-specific cybersecurity requirements.

Question 4

Incident handling

What is incident handling?

Answer 4

The process of responding to and managing a security breach or attack in real-time.

Question 5

Investigation

What does investigation of cybersecurity incident mean?

Answer 5

The detailed analysis conducted after an incident to determine its cause, impact, and necessary actions for prevention.

Question 6

Asset

What is an asset?

Answer 6

Anything that has a value and requires protection

Question 7

Risk Analysis vs Risk Assessment

What is the difference between Risk analysis and risk assessment?

Answer 7

Risk Assessment: The process of identifying and evaluating potential risks to an organization.
Risk Analysis: The detailed examination of identified risks to understand their likelihood and potential impact.

Question 8

Security Posture

How do you define the security posture of an entity?

Answer 8

The overall strength and readiness of an organization’s security measures to protect against and respond to cyber threats.

Question 9

PDCA vs SETA

PDCA vs SETA

Answer 9

PDCA (Plan-Do-Check-Act): A continuous improvement cycle used in management to plan, implement, monitor, and improve processes.
SETA (Security Education, Training, and Awareness): A program designed to educate employees on security policies, improve skills, and raise awareness of security risks.

Question 10

Audit

What is an audit?

Answer 10

A systematic evaluation of an organization’s compliance with policies, regulations, and standards, especially related to security and operations.

Question 11

Compliance

What do we mean by security compliance?

Answer 11

Ensuring that the organization meets external legal, regulatory, and industry requirements.

Question 12

Data Custodian

Who is a data custodian?

Answer 12

The entity responsible for maintaining and safeguarding data, including its storage, backup, and security.

Question 13

Data Owner/Controller

Who is a data owner?

Answer 13

The person or entity that owns the data and is responsible for defining access and use policies.

Question 14

Data Subject

What does the term Data Subject refer to?

Answer 14

The individual to whom the data pertains.

Question 15

PII (Personally Identifiable Information)

What does PII (Personally Identifiable Information) mean?

Answer 15

Data that can be used to identify an individual, such as name, address, or social security number.

Question 16

Policy

Define policy

Answer 16

A formal set of rules and guidelines to manage and protect information systems and data.

Question 17

Security Control Framework

What does Security Control Framework mean?

Answer 17

A structured set of standards, guidelines, and practices to manage and reduce security risks.

Question 18

Standards

What does the term Standards mean?

Answer 18

Specific, detailed technical specifications and requirements that ensure security and operational consistency.

Question 19

Due Care vs due diligence

Whats the difference between due care and due diligence?

Answer 19

Due Care: The practice of ensuring that all necessary precautions are taken to protect assets and data.
Due Diligence: The continuous, proactive efforts to identify risks and vulnerabilities before they become a threat.

Question 20

RPO and RTO

Define RPO and RTO

Answer 20

RPO (Recovery Point Objective): The maximum acceptable amount of data loss measured in time before an incident.
RTO (Recovery Time Objective): The target time to restore operations after an outage or disaster.

Question 21

MAD vs MTD

What does MAD and MTD refer to?

Answer 21

MAD (Maximum Acceptable Downtime) or MTD (Maximum Tolerable Downtime): The longest period that an organization can tolerate system downtime before it severely impacts operations.

Question 22

Residual Risk

What is residual risk?

Answer 22

The remaining risk after security measures and controls have been applied.