Week 02 Flashcards
All flashcards for Week 02
Risk Management
What is risk management?
The process of identifying, assessing, and mitigating potential threats to minimize their impact on an organization.
Cybersecurity Governance:
What is meant by cybersecurity governance?
The framework and policies for managing and overseeing an organization’s security strategies and practices.
Compliance
What is compliance?
Adhering to external regulations and standards to meet legal or industry-specific cybersecurity requirements.
Incident handling
What is incident handling?
The process of responding to and managing a security breach or attack in real-time.
Investigation
What does investigation of cybersecurity incident mean?
The detailed analysis conducted after an incident to determine its cause, impact, and necessary actions for prevention.
Asset
What is an asset?
Anything that has a value and requires protection
Risk Analysis vs Risk Assessment
What is the difference between Risk analysis and risk assessment?
Risk Assessment: The process of identifying and evaluating potential risks to an organization.
Risk Analysis: The detailed examination of identified risks to understand their likelihood and potential impact.
Security Posture
How do you define the security posture of an entity?
The overall strength and readiness of an organization’s security measures to protect against and respond to cyber threats.
PDCA vs SETA
PDCA vs SETA
PDCA (Plan-Do-Check-Act): A continuous improvement cycle used in management to plan, implement, monitor, and improve processes.
SETA (Security Education, Training, and Awareness): A program designed to educate employees on security policies, improve skills, and raise awareness of security risks.
Audit
What is an audit?
A systematic evaluation of an organization’s compliance with policies, regulations, and standards, especially related to security and operations.
Compliance
What do we mean by security compliance?
Ensuring that the organization meets external legal, regulatory, and industry requirements.
Data Custodian
Who is a data custodian?
The entity responsible for maintaining and safeguarding data, including its storage, backup, and security.
Data Owner/Controller
Who is a data owner?
The person or entity that owns the data and is responsible for defining access and use policies.
Data Subject
What does the term Data Subject refer to?
The individual to whom the data pertains.
PII (Personally Identifiable Information)
What does PII (Personally Identifiable Information) mean?
Data that can be used to identify an individual, such as name, address, or social security number.
Policy
Define policy
A formal set of rules and guidelines to manage and protect information systems and data.
Security Control Framework
What does Security Control Framework mean?
A structured set of standards, guidelines, and practices to manage and reduce security risks.
Standards
What does the term Standards mean?
Specific, detailed technical specifications and requirements that ensure security and operational consistency.
Due Care vs due diligence
Whats the difference between due care and due diligence?
Due Care: The practice of ensuring that all necessary precautions are taken to protect assets and data.
Due Diligence: The continuous, proactive efforts to identify risks and vulnerabilities before they become a threat.
RPO and RTO
Define RPO and RTO
RPO (Recovery Point Objective): The maximum acceptable amount of data loss measured in time before an incident.
RTO (Recovery Time Objective): The target time to restore operations after an outage or disaster.
MAD vs MTD
What does MAD and MTD refer to?
MAD (Maximum Acceptable Downtime) or MTD (Maximum Tolerable Downtime): The longest period that an organization can tolerate system downtime before it severely impacts operations.
Residual Risk
What is residual risk?
The remaining risk after security measures and controls have been applied.
