22 Questions
What is a significant concern for cloud services?
Misconfigured cloud services
Which of the following is a major risk to cybersecurity, according to a new report?
Misinformation and disinformation
What is a potential risk associated with IoT/OT technology?
If mishandled, edge AI making devices smarter and faster
What can evolve to meet the needs of IoT/OT?
5G and other WAN connectivity
What is a crucial aspect of cloud security?
IAM and SA
What is a recommended practice for cloud security?
Implementing MFA
What is the primary purpose of a Network Access Control?
To control and manage network access to prevent unauthorized access
What is the main goal of a Cyber Drill and Awareness program?
To simulate a cyber attack and raise awareness among employees
What is the primary purpose of a Two-Factor Authentication?
To add an additional layer of security to the authentication process
What is the main goal of a Data Loss Prevention (DLP) system?
To monitor and control data to prevent unauthorized access or loss
What is the primary purpose of an Incident Handling Framework?
To provide a structured approach to responding to cybersecurity incidents
What is the main goal of a Cybersecurity Framework?
To provide a structured approach to managing cybersecurity risks
What is the primary goal of the confidentiality principle in the CIA model?
To protect data from unauthorized access
What is the main purpose of the defense in depth framework?
To provide multiple layers of security controls to protect a system
Which of the following is an example of data in transit?
Data being transmitted between servers
What is the purpose of the least privilege principle in data classification?
To grant users access to data on a need-to-know basis
What is the main difference between a virus and malware?
A virus is a self-replicating malware that affects multiple devices
What is the primary goal of data encryption in data protection?
To make data unreadable to unauthorized users
What is the purpose of the separation of duties principle in data classification?
To divide data management responsibilities among multiple users
What is the primary goal of secure by design in software development?
To integrate security controls into the software development life cycle
What is the main purpose of data classification policies?
To categorize data based on its sensitivity and importance
What is the primary goal of availability in the CIA model?
To ensure data is accessible and usable when needed
Study Notes
Cybersecurity Management Framework
- NIST Cybersecurity Framework is a widely used framework for managing cybersecurity
- SANS Institute provides incident handling guidelines
Cybersecurity Best Practices
- Identify:
- Asset Management
- Network Assessment
- Software Assessment
- Risk Assessment
- CIS Security Baseline
- Penetration Testing
- Vulnerability Assessment
- Review Policy
- Firewall
- Protect
- Identify Management
- Privileged Access Management (PAM)
- Two-factor authentication
- Remote Access VPN
- Network Access Control
- Awareness Training
- Adversary Simulation and Assessment (Cyber Drill + Awareness)
- Detect:
- Anomalies And Events
- Response Planning
- Log Management
- Security Operation Center - Threat Detection - Enterprise Security Monitoring
- Respond:
- Monitoring
- Insider Threat
- Emergency Incident Response
- Security Continuous Monitoring
- Security Monitoring Detection Process
- Security Operation Center
- SIEM
- Managed Service Protection
- Recover:
- Recovery Planning
- Backup Solution
Information Security Principles
- Confidentiality: protect sensitive information from unauthorized access
- Access Control
- Encryption
- Lock Screen
- Integrity: ensure data accuracy and completeness
- Digital Signature
- Cryptographic Function
- Message Authentication Code
- Check sums (Hash)
- Availability: ensure system availability and redundancy
- HA Design
- DDOS Protection
- Backup-Restore
- Maintain Procedure Operation
Data Protection
- 3 States of Digital Data:
- Data at Rest: stored data
- Data in Transit: data being transmitted
- Data in Use: data being processed
- 3 States of Digital Data Protection:
- Data at Rest: encrypt data
- Data in Transit: encrypt data end-to-end
- Data in Use: control access and usage
Defense in Depth Framework
- A layered approach to security, using multiple security controls to protect data
- From traditional security methods to modern defense in depth framework
Data Classification
- Classification of data based on sensitivity and importance
- Data classification policies:
- Least Privilege: limit access to sensitive data
- Need to Know: limit access to data based on job requirements
- Separation of Duties: divide responsibilities to prevent single-point failures
Secure by Design
- A security-focused approach to software development
- 6-step software development life cycle:
- Requirement
- Design
- Deployment
- Testing
- Development
- Production/Maintenance
Information Security Threats
- Malware vs Virus
- 3 Most Common Viruses
- Top Global Risks:
- Cloud security threats
- Misinformation and Disinformation
- IoT/OT technology risks
- Artificial Intelligence (AI) risks
Test your knowledge of cybersecurity management frameworks, including NIST and SANS, and their components such as asset management, risk assessment, and penetration testing. This quiz covers the best practices and tools used in cybersecurity frameworks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
