Cyber Security and Risk Management Module 1 & 2
24 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of creating a risk heat map?

  • To share risks with third parties
  • To avoid all types of risks
  • To provide a visual representation of the nature and impact of risks (correct)
  • To document security posture
  • Risk acceptance involves eliminating a potential risk completely.

    False

    What is the first major process in risk management?

    Risk identification

    Risk _____ involves contracting with a third party to bear some or all costs of a risk.

    <p>sharing</p> Signup and view all the answers

    Match the following processes in risk management with their descriptions:

    <p>Risk Identification = Examining and documenting risks Risk Assessment = Determining the extent of exposure to risks Risk Control = Applying controls to reduce risks Risk Treatment = Applying agreed-upon controls and confirming efficacy</p> Signup and view all the answers

    What does risk mitigation typically involve?

    <p>Taking actions to limit or optimize a risk</p> Signup and view all the answers

    Monitoring and review in risk management helps determine if the controls are effective.

    <p>True</p> Signup and view all the answers

    What is the main aim of risk evaluation?

    <p>To assess whether the risks align with the organization's risk appetite and tolerance.</p> Signup and view all the answers

    Which of the following best describes the objective of information security?

    <p>Protecting networks, devices, and programs from unauthorized access</p> Signup and view all the answers

    One of the main functions of counterintelligence is to support an opposition's intelligence program.

    <p>False</p> Signup and view all the answers

    What is the purpose of risk mitigation strategies?

    <p>To reduce the probability or impact of risks.</p> Signup and view all the answers

    The process of __________ involves acknowledging risks and their effects.

    <p>accepting</p> Signup and view all the answers

    Match the risk response strategies with their definitions:

    <p>Avoid = Eliminating the risk or its source Transfer = Shifting the risk or its consequences to a third party Mitigate = Reducing the probability or impact of the risk Accept = Acknowledging the risk and its effects</p> Signup and view all the answers

    Which step in ISO 31000's seven-step process involves defining risk scenarios?

    <p>Risk identification</p> Signup and view all the answers

    Quantitative risk analysis focuses solely on qualitative descriptions of potential risks.

    <p>False</p> Signup and view all the answers

    Provide one example of a simulation used in risk analysis.

    <p>What if scenarios.</p> Signup and view all the answers

    Which of the following is NOT one of the four basic types of threat categories?

    <p>Cyber threats</p> Signup and view all the answers

    Risk management plans only outline the financial aspects of managing risk.

    <p>False</p> Signup and view all the answers

    Name two characteristics of risk categories.

    <p>Information Exposure/Loss, Unauthorized Use</p> Signup and view all the answers

    The attribute that assures a sender of data is provided with proof of delivery is called _______.

    <p>non-repudiation</p> Signup and view all the answers

    Match the risk categories with their descriptions:

    <p>Information Exposure/Loss = Data being accessed or rendered unusable Unauthorized Use = Access granted without permission Exposure to Legal Action = Risks associated with non-compliance Weak Processes = Ineffective procedures that lead to risk</p> Signup and view all the answers

    Which aspect of information assurance ensures that authorized users have proper access?

    <p>Availability</p> Signup and view all the answers

    Confidentiality refers to ensuring that information is available to all personnel.

    <p>False</p> Signup and view all the answers

    What role does authentication play in information security?

    <p>It verifies the validity of a transmission or the authority of an individual to access specific information.</p> Signup and view all the answers

    Study Notes

    Module 1

    • Information security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of sensitive records.
    • Cyber security applies technologies, processes, and controls to protect systems, networks, programs, devices, and data from cyber-attacks.
    • Costs of cyber security breaches are increasing.
    • Cyber-attacks are becoming more sophisticated.
    • Cyber security is a critical business issue.
    • Cybercrime is a large business.
    • Common cyber threats include malware (ransomware, botnet software, trojan), backdoors, form jacking, cryptojacking, DDoS (Distributed Denial-of-Service) attacks, and DNS (Domain Name System) Poisoning attacks.
    • Types of cyber security include network security, cloud security, IoT security, and application security.

    Module 2

    • Risk management is a continuing process to identify, analyze, evaluate, and treat loss exposure, and monitor risk control to mitigate losses.
    • Steps to manage SDLC risk:
      • Define risk management plan (risk identification, analysis, implementation, monitoring, and improvement)
      • Identify and document risks (brainstorming, interviews, surveys, checklists, historical data, expert opinions)
      • Analyze and prioritize risks (risk matrices, simulations, decision trees)
      • Plan and implement risk responses (avoid, transfer, mitigate, accept)
      • Monitor and control risks
      • Learn and improve from risks
    • A risk register helps track identified risks in software.

    Module 3

    • Risk management plan details an organization's risk approach, roles of risk management teams, resources for the process, and internal policies/procedures.
    • Three Major Processes in Risk Management:
      • Risk identification
      • Risk assessment
      • Risk control
    • Four basic threat categories: insider threats, external threats, man-made threats, and natural disasters.

    Module 4

    • Risk assessment methodologies include both qualitative and quantitative methods.
    • Qualitative: Descriptions, quicker, less rigorous, subjective results.
    • Quantitative: Numbers, measurable, more rigorous, objective results.
      • SLE (Single Loss Expectancy) calculation: Asset Value (AV) * Exposure Factor (EF)
      • ALE (Annual Loss Expectancy) calculation: SLE * Average Rate of Occurrence (ARO)
    • Information Assurance (IA) protects data integrity, availability, authenticity, non-repudiation, and confidentiality
    • Information security protects against unauthorized access, use, disclosure, disruption, modification or destruction of data.
    • Differences between IA and IS: IA is concerned with overall organizational risk and standards, while IS focuses on methods to reduce risks.

    Module 5

    • Information assurance is the practice of assuring and managing risks related to confidential information throughout the process of transmission, processing, and storing data.
    • Key characteristics of information assurance include availability, integrity, authentication, confidentiality and non-repudiation of data.
    • Information assurance is more focused on organizational risk management and data quality while information security focuses on technical solutions to reduce risks.

    Module 6

    • Security controls are countermeasures to reduce threats exploiting vulnerabilities.
    • Risk mitigation is reducing the likelihood that a threat will exploit a vulnerability, resulting in loss.
    • Threats are events that compromise confidentiality, integrity, and availability.
    • Vulnerabilities are weaknesses or flaws in hardware, software, or organizational processes.
    • Security incidents are occurrences that jeopardize CIA of information systems or violate security policies.
    • Types of security controls:
      • Physical: Walls, locks, surveillance.
      • Administrative: Policies/procedures.
      • Technical: Software, firewalls, encryption, access control.
    • Configuration rules, administrative controls, and physical security controls to prevent unauthorized access.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    IAS412 Midterm Reviewer PDF

    Description

    This quiz covers the fundamentals of information security and cyber security, including common threats and types of security. It also delves into the importance of risk management processes for mitigating losses in the digital landscape. Test your knowledge on these critical business issues.

    More Like This

    Use Quizgecko on...
    Browser
    Browser