13411037
| Question | Answer |
| What is Cyber Security Management | Manages the risks associated to protection principles |
| MITRE's ATT&CK | Adverbial tactics, techniques and common knowledge - helps to understand security risk |
| Explain the CIA triangle | Confidentiality - ensuring only eligible persons are able to access information Integrity - ensuring stored data is correct Availability - ensuring systems and data are constantly accessible |
| What is the Cyber Kill Chain? | States the stages that should be completed for an attack to be deemed successful |
| What is a threat? | an event that will potentially impact an organisations operations of assets through a system by unauthorised access, destruction, disclosure or modification |
| State 3 cyber threats. | cyber criminals, script kiddies, terrorists, state and state sponsored |
| What are vulnerabilities? | weaknesses in the system that can be accidentally or intentionally triggered |
| State 3 vulnerabilities. | Poor cyber skills, Expansion of devices, insufficient training and skills, availability of hacking resources, un-patched systems, old systems, IOT devices |
| How will a strategy help for risk management? | A strategy will help to defend against any threats or vulnerabilities that occur |
| What is a risk assessment? | Estimate of risk to specific threat and identify sensible measures to reduce its impact |
| What does the term likelihood mean? | the probability of a threat intentionally exploiting a given vulnerability |
| What does it mean by the impact of a threat? | the magnitude of a harm a threat can cause |
| What is a Qualitative assessment? | a set of methods for assessing risk based on non-numeric categories (brainstorming, interview, risk rating scales. SWOT) |
| What is a Quantitative assessment? | an assessment employing set of method to access risk with the user of number (numeric) |
| What is a semi-quantitative assessment? | combination of both qualitative and quantitative that employs methods using scales of number representation |
| What does the term SWOT analysis mean? | study undertaken to identify internal strengths and weaknesses as well as external opportunities and threats |
| Explain what a risk is. | quantified measure of the extent to which an entity is threatened by a threat |
| Stages of the cyber kill chain. | Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, C2, Actions |
| What are the types of mitigation techniques used for countering possible attacks? | techniques to detect, deny, disrupt, degrade, decieve and contain |
| What can be done for for explosives and ballistics protection? | provide secure and protected areas that can defend in the case of a bomb situation |
| CBR defence, explain. | Plan to act fast to lock down systems. |
| How does lighting affect security? | deter intruders from gaining access |
| How could you deal with hostile vehicle mitigation | access the control of site with use of a traffic management system, barriers |
| How could doors be used to protect against intruders? | act as delay from intruders from forced or undetected entry |
| how can gates help improve physical security? | deters and delays an intruders access, acts a barrier, protect guards |
| Stages of the incident response lifecycle. | Preparation, Detection, Containment, Investigation, Remediation, Recovery |
| How will establishing a point of contact help with forensic readiness? | ensures that is an individual in place that will take control of the plan and ensures procedures will be taken to comply and accurately document the process |
| What is a forensic plan? | plan created beforehand to state the proceeders to take on the chance that a security incident occurs |
| Explain the term: Chain of Custody. | a legal records for the evidence of an item taken to prove that no tampering has occurred |
| Tasks of the first responder. | to accurately document and record all steps taken throughout the incident, seize any evidence |
| State 2 issues with the DPA | - Developed before social media - Designed to guide an organisation, not acting directly towards an individual - small fines/penalties for non-compliance - no protection from targeted marketing - no protection from bulk data collection |
| Who does the General Data Protection Regulation apply to? | applies to collectors, stores, processors of data and any EU citizen |
| True or False. Under the GDPR, the data controller does not need consent from the data subject. | False |
| True or False. An individual has the right to have all of their data removed. | True |
| How long does an organisation have to report a non-compliance incident? | 72 hours and all affected users should be notified as soon as possible. |
| What are the cyber essentials relating to security? | control areas can include: firewalls, internet gateways, secure passwords, user access, malware protection, patch management |
| What does the ICO do? State 3 things. | - Promotes the openness of officer information and protection - Investigates breaches - Controls registrations - Promotes the best tactics and methods of protection privacy |
| What are IOT devices? | a network of physical devices embedded with technology that can connect wirelessly and transmit data |
| What is an audit trail? | a record of all changes made to a file or database |
| What does it mean by payload? | the actual data of packet without the header information |
Want to create your own Flashcards for free with GoConqr? Learn more.