Cybersecurity Functions Overview

Questions and Answers

What does the 'C' in the CIA Triad stand for?

Control

Capacity

Confidentiality (correct)

Compliance

Integrity ensures that data can be modified by anyone without permission.

False

What is the primary purpose of authentication in customer accounts?

To ensure customers have unique accounts and can manage their orders and billing information.

A gap analysis is performed to identify deviations in an organization's security systems from the required or recommended ______.

framework

Match the following elements with their descriptions:

Confidentiality = Prevent unauthorized access Integrity = Ensure data remains unaltered unless authorized Availability = Ensure information is accessible to authorized users Gap Analysis = Identify security control deficiencies

Which of the following is NOT a property of the CIA Triad?

Integration

Authorization is about verifying a user's identity.

False

What should a gap analysis report include?

An overall score, a detailed list of missing controls, and recommendations for remediation.

Which of the following is NOT one of the five functions in cybersecurity?

Investigate

The Recover phase involves implementing cybersecurity resilience to prevent attacks.

False

What is the purpose of the Authorization process?

To check a permission list for each action performed by the account.

The process of confirming a user's identity and creating an account is known as __________.

Identification

Match the following processes with their descriptions:

Identification = Confirm the user's identity and create an account Authentication = Compare entered credentials with stored hashed credentials Authorization = Check permissions for actions performed by the account Accounting = Track permission usage and ensure auditing

What is a crucial step in the Protect function of cybersecurity?

Install IT hardware and software with security

The Feedback Loop in cybersecurity refers to the process of improving protections based on past responses to threats.

True

What is the main goal of the Defense at the Identification Level against external threats?

To defend against attacks primarily by confirming user identities.

Study Notes

Functions Divided into Three Levels

• Identify: Establish security policies, evaluate risks, and recommend security measures to handle vulnerabilities.
• Protect: Ensure security is integrated at every stage of IT hardware and software lifecycle management.
• Detect: Conduct continuous monitoring to maintain and verify the effectiveness of security controls against evolving threats.
• Respond: Actively identify and analyze security threats, focusing on containment and eradication.
• Recover: Establish resilience strategies to restore systems and data after security failures or attacks.

Internal Line of Threats

• Detection to Protection: Start with identifying attacks and then focus on implementing protective measures.
• Respond and Recover to Protection: Enhance security measures based on lessons learned from responding to and recovering from incidents.
• Feedback Loop: Utilize detection and response insights to improve future threat identification.

External Line of Threats

• Defense at Identification Level: Protect against external threats primarily through effective identification methods.

Processes

• Identification: Verify user identity and create user accounts for representation.
• Authentication: Users enter credentials, which are matched against securely stored hashed credentials.
• Authorization: Confirm user permissions through an Access Control List (ACL) for each action performed.
• Accounting: Log user actions to ensure accountability and prevent denial of actions.

Examples for Setting Up an E-commerce Site

• Identification: Verify customer legitimacy using billing, delivery address checks, and fraud detection on payment methods.
• Authentication: Ensure each customer has a unique account for managing orders and billing securely.
• Authorization: Set payment method validation and enforce rules for loyalty schemes, allowing specific customers exclusive access to offers.
• Accounting: Maintain records of customer actions to prevent denial of orders placed.

Information Security (Infosec)

• Definition: Protects data from unauthorized access, attacks, theft, or damage.
• Vulnerabilities: Data can be at risk based on its storage, transfer, or processing methods.
• CIA Triad:
  • Confidentiality: Restricts data access to authorized individuals.
  • Integrity: Ensures data remains unaltered unless permitted through authorized processes.
  • Availability: Guarantees information remains accessible to those authorized.

Gap Analysis

• Purpose: Identify discrepancies between an organization’s existing security systems and those required by a framework.
• Implementation: Performed during initial framework adoption or compliance assessments, typically revisited every few years.
• Gap Analysis Report Components:
  • Overall performance score.
  • Detailed account of missing or improperly configured security controls.
  • Recommendations for remediation actions.

Description

This quiz covers the three levels of cybersecurity functions: Identify, Protect, Detect, Respond, and Recover. Participants will explore security policies, risk evaluation, and the implementation of protective measures. Enhance your understanding of how these functions work together to ensure comprehensive IT security.