Cybersecurity and Business Scheme Design

Questions and Answers

This activity designs business schemes needed to handle security incidents, including ______ Building.

Contract

Compliance Building regulates the usage of ______ assets.

ICT

Capability Building focuses on building the cybersecurity handling ______ inside an organization.

capability

This activity cultivates users and increases their awareness, knowledge, and ______.

skills

Cybersecurity Education is for educating users on using the system ______.

properly

Practice and Exercise helps users put the knowledge learned into ______ when needed.

practice

Boosting Awareness may involve publicizing via posters, flyers, and ______ to increase cybersecurity awareness.

brochures

An organization may create contracts for subcontractors defining monetary compensation for confidential information ______.

leakage

Team-building inside these organizations is also included in the ______ activity.

Capability Building

It may score the cybersecurity status considering the vulnerability level and information ______.

confidentiality

Study Notes

Cybersecurity Operation Stages

• Preventive Stage: Implements measures to mitigate potential cyber risks and incidents through the installation and configuration of ICT assets.
• Enforcement Stage: Enforces security policies and measures initially prepared, handling routine operations during stable periods.
• Detection Stage: Monitors and detects cybersecurity incidents, triggering the responsive stage upon identification of risks.
• Responsive Stage: Assesses and manages detected incidents while collaborating with external entities as necessary.

Activities in the Preventive Stage

• Secure Infrastructure Provisioning: Equips ICT infrastructure with necessary security provisions to ensure effective, efficient, and secure system operation. Includes the following sub-activities:

  • Software and Hardware Development: Involves the design, implementation, testing, and ongoing maintenance of software/hardware, including security patch creation.
  • System Integration: Ensures effective operation between new and existing system components, emphasizing meticulous design and configuration to mitigate integration vulnerabilities.
  • Network Integration: Focuses on building secure networks by integrating components like routers and firewalls, ensuring proper installation and configuration.
  • Service Subscription: Entails selecting appropriate external service providers (ISPs, CSPs) to ensure compliance with security levels.

• Security Policy Design: Identifies and implements security policies, including rules for traffic filtering through manual or automated methods, enhancing overall system security.

• Measurement Design: Establishes measurement strategies, including logging and monitoring of system activity to ensure compliance with security policies.

• Cybersecurity Diagnosis: Conducts assessments and tests to identify cybersecurity risks, encompassing:

  • Source Code Review: Analyzes software for known vulnerabilities, focusing on common coding threats.
  • Integrity Check: Verifies system modifications against predefined security policies, ensuring security compliance.
  • Penetration Test: Attempts to breach systems to identify security weaknesses using focused testing techniques.
  • Abuse and Stress Test: Evaluates system resilience to attacks like DDoS through imposed excessive loads.
  • Vulnerability Enumeration: Investigates systems for vulnerabilities, often utilizing external security services.

• Cybersecurity Assessment: Assesses the system's overall cybersecurity status based on diagnosis results and internal audits, scoring risks according to vulnerability levels and information confidentiality.

• Business Scheme Design: Develops strategies for handling security incidents, involving:

  • Contract Building: Establishes contracts for potential cybersecurity losses, serving as a deterrent against data breaches.
  • Compliance Building: Develops compliance regulations to govern ICT asset use.
  • Capability Building: Enhances organizational capability for cybersecurity incident management, including the formation of dedicated incident response teams.

User Cultivation Activities

• Cybersecurity Education: Provides training for users on proper ICT asset usage, expected functionalities, and troubleshooting methods.
• Practice and Exercise: Facilitates practical training sessions to reinforce learned concepts, preparing users for real-world scenarios.
• Boosting Awareness: Increases awareness about cybersecurity through materials like posters and brochures, emphasizing the significance of security measures and incident prevention.

Description

This quiz assesses your understanding of cybersecurity status, focusing on vulnerability levels and information confidentiality. It also explores the design of business schemes essential for managing security incidents, including the intricacies of contract building for compensating losses due to cybersecurity issues.