Cyber Security Management Qs

ben drury
Flashcards by ben drury, updated more than 1 year ago



Resource summary

Question Answer
What is Cyber Security Management Manages the risks associated to protection principles
MITRE's ATT&CK Adverbial tactics, techniques and common knowledge - helps to understand security risk
Explain the CIA triangle Confidentiality - ensuring only eligible persons are able to access information Integrity - ensuring stored data is correct Availability - ensuring systems and data are constantly accessible
What is the Cyber Kill Chain? States the stages that should be completed for an attack to be deemed successful
What is a threat? an event that will potentially impact an organisations operations of assets through a system by unauthorised access, destruction, disclosure or modification
State 3 cyber threats. cyber criminals, script kiddies, terrorists, state and state sponsored
What are vulnerabilities? weaknesses in the system that can be accidentally or intentionally triggered
State 3 vulnerabilities. Poor cyber skills, Expansion of devices, insufficient training and skills, availability of hacking resources, un-patched systems, old systems, IOT devices
How will a strategy help for risk management? A strategy will help to defend against any threats or vulnerabilities that occur
What is a risk assessment? Estimate of risk to specific threat and identify sensible measures to reduce its impact
What does the term likelihood mean? the probability of a threat intentionally exploiting a given vulnerability
What does it mean by the impact of a threat? the magnitude of a harm a threat can cause
What is a Qualitative assessment? a set of methods for assessing risk based on non-numeric categories (brainstorming, interview, risk rating scales. SWOT)
What is a Quantitative assessment? an assessment employing set of method to access risk with the user of number (numeric)
What is a semi-quantitative assessment? combination of both qualitative and quantitative that employs methods using scales of number representation
What does the term SWOT analysis mean? study undertaken to identify internal strengths and weaknesses as well as external opportunities and threats
Explain what a risk is. quantified measure of the extent to which an entity is threatened by a threat
Stages of the cyber kill chain. Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, C2, Actions
What are the types of mitigation techniques used for countering possible attacks? techniques to detect, deny, disrupt, degrade, decieve and contain
What can be done for for explosives and ballistics protection? provide secure and protected areas that can defend in the case of a bomb situation
CBR defence, explain. Plan to act fast to lock down systems.
How does lighting affect security? deter intruders from gaining access
How could you deal with hostile vehicle mitigation access the control of site with use of a traffic management system, barriers
How could doors be used to protect against intruders? act as delay from intruders from forced or undetected entry
how can gates help improve physical security? deters and delays an intruders access, acts a barrier, protect guards
Stages of the incident response lifecycle. Preparation, Detection, Containment, Investigation, Remediation, Recovery
How will establishing a point of contact help with forensic readiness? ensures that is an individual in place that will take control of the plan and ensures procedures will be taken to comply and accurately document the process
What is a forensic plan? plan created beforehand to state the proceeders to take on the chance that a security incident occurs
Explain the term: Chain of Custody. a legal records for the evidence of an item taken to prove that no tampering has occurred
Tasks of the first responder. to accurately document and record all steps taken throughout the incident, seize any evidence
State 2 issues with the DPA - Developed before social media - Designed to guide an organisation, not acting directly towards an individual - small fines/penalties for non-compliance - no protection from targeted marketing - no protection from bulk data collection
Who does the General Data Protection Regulation apply to? applies to collectors, stores, processors of data and any EU citizen
True or False. Under the GDPR, the data controller does not need consent from the data subject. False
True or False. An individual has the right to have all of their data removed. True
How long does an organisation have to report a non-compliance incident? 72 hours and all affected users should be notified as soon as possible.
What are the cyber essentials relating to security? control areas can include: firewalls, internet gateways, secure passwords, user access, malware protection, patch management
What does the ICO do? State 3 things. - Promotes the openness of officer information and protection - Investigates breaches - Controls registrations - Promotes the best tactics and methods of protection privacy
What are IOT devices? a network of physical devices embedded with technology that can connect wirelessly and transmit data
What is an audit trail? a record of all changes made to a file or database
What does it mean by payload? the actual data of packet without the header information
Show full summary Hide full summary


Computing Hardware - CPU and Memory
SFDC App Builder 2
Parker Webb-Mitchell
Intake7 BIM L1
Stanley Chia
Data Types
Jacob Sedore
CCNA Answers – CCNA Exam
Abdul Demir
Software Processes
Nurul Aiman Abdu
Design Patterns
Erica Solum
Database Replication
Michael Mahfouz
Data Analytics
Shannon Anderson-Rush