Cybersecurity Management Frameworks Quiz

Questions and Answers

What is a significant concern for cloud services?

Misconfigured cloud services (correct)

Encryption

APT attacks

Data breaches

Which of the following is a major risk to cybersecurity, according to a new report?

Legacy security firmware

Edge AI

Cloud data breaches

Misinformation and disinformation (correct)

What is a potential risk associated with IoT/OT technology?

Data breaches

APT attacks

Legacy security limitations

If mishandled, edge AI making devices smarter and faster (correct)

What can evolve to meet the needs of IoT/OT?

5G and other WAN connectivity

What is a crucial aspect of cloud security?

IAM and SA

What is a recommended practice for cloud security?

Implementing MFA

What is the primary purpose of a Network Access Control?

To control and manage network access to prevent unauthorized access

What is the main goal of a Cyber Drill and Awareness program?

To simulate a cyber attack and raise awareness among employees

What is the primary purpose of a Two-Factor Authentication?

To add an additional layer of security to the authentication process

What is the main goal of a Data Loss Prevention (DLP) system?

To monitor and control data to prevent unauthorized access or loss

What is the primary purpose of an Incident Handling Framework?

To provide a structured approach to responding to cybersecurity incidents

What is the main goal of a Cybersecurity Framework?

To provide a structured approach to managing cybersecurity risks

What is the primary goal of the confidentiality principle in the CIA model?

To protect data from unauthorized access

What is the main purpose of the defense in depth framework?

To provide multiple layers of security controls to protect a system

Which of the following is an example of data in transit?

Data being transmitted between servers

What is the purpose of the least privilege principle in data classification?

To grant users access to data on a need-to-know basis

What is the main difference between a virus and malware?

A virus is a self-replicating malware that affects multiple devices

What is the primary goal of data encryption in data protection?

To make data unreadable to unauthorized users

What is the purpose of the separation of duties principle in data classification?

To divide data management responsibilities among multiple users

What is the primary goal of secure by design in software development?

To integrate security controls into the software development life cycle

What is the main purpose of data classification policies?

To categorize data based on its sensitivity and importance

What is the primary goal of availability in the CIA model?

To ensure data is accessible and usable when needed

Study Notes

Cybersecurity Management Framework

• NIST Cybersecurity Framework is a widely used framework for managing cybersecurity
• SANS Institute provides incident handling guidelines

Cybersecurity Best Practices

• Identify:
  • Asset Management
  • Network Assessment
  • Software Assessment
  • Risk Assessment
  • CIS Security Baseline
  • Penetration Testing
  • Vulnerability Assessment
  • Review Policy
  • Firewall
  • Protect
  • Identify Management
  • Privileged Access Management (PAM)
  • Two-factor authentication
  • Remote Access VPN
  • Network Access Control
  • Awareness Training
  • Adversary Simulation and Assessment (Cyber Drill + Awareness)
• Detect:
  • Anomalies And Events
  • Response Planning
  • Log Management
  • Security Operation Center - Threat Detection - Enterprise Security Monitoring
• Respond:
  • Monitoring
  • Insider Threat
  • Emergency Incident Response
  • Security Continuous Monitoring
  • Security Monitoring Detection Process
  • Security Operation Center
  • SIEM
  • Managed Service Protection
• Recover:
  • Recovery Planning
  • Backup Solution

Information Security Principles

• Confidentiality: protect sensitive information from unauthorized access
  • Access Control
  • Encryption
  • Lock Screen
• Integrity: ensure data accuracy and completeness
  • Digital Signature
  • Cryptographic Function
  • Message Authentication Code
  • Check sums (Hash)
• Availability: ensure system availability and redundancy
  • HA Design
  • DDOS Protection
  • Backup-Restore
  • Maintain Procedure Operation

Data Protection

• 3 States of Digital Data:
  • Data at Rest: stored data
  • Data in Transit: data being transmitted
  • Data in Use: data being processed
• 3 States of Digital Data Protection:
  • Data at Rest: encrypt data
  • Data in Transit: encrypt data end-to-end
  • Data in Use: control access and usage

Defense in Depth Framework

• A layered approach to security, using multiple security controls to protect data
• From traditional security methods to modern defense in depth framework

Data Classification

• Classification of data based on sensitivity and importance
• Data classification policies:
  • Least Privilege: limit access to sensitive data
  • Need to Know: limit access to data based on job requirements
  • Separation of Duties: divide responsibilities to prevent single-point failures

Secure by Design

• A security-focused approach to software development
• 6-step software development life cycle:
  1. Requirement
  2. Design
  3. Deployment
  4. Testing
  5. Development
  6. Production/Maintenance

Information Security Threats

• Malware vs Virus
• 3 Most Common Viruses
• Top Global Risks:
  • Cloud security threats
  • Misinformation and Disinformation
  • IoT/OT technology risks
  • Artificial Intelligence (AI) risks

Description

Test your knowledge of cybersecurity management frameworks, including NIST and SANS, and their components such as asset management, risk assessment, and penetration testing. This quiz covers the best practices and tools used in cybersecurity frameworks.