Cybersecurity Pillars and Fundamentals

Questions and Answers

What are the three pillars of cybersecurity?

• Compliance, Governance, Technology
• Risk, Response, Recovery
• People, Technology, Strategy
• People, Process, Technology (correct)

Why is cybersecurity important for organizations?

• To comply with legal requirements and protect customer information (correct)
• To enhance employee productivity
• To prevent financial losses only
• To develop new software

How does cybersecurity relate to an organization's strategy?

• It primarily addresses employee training needs
• It aligns with the business strategy to achieve goals (correct)
• It solely focuses on technological advancements
• It operates independently of the business strategy

What role do people play in cybersecurity?

They direct the governance and strategy of security programs (D)

What is a key component organizations must consider when implementing cybersecurity?

Governance and proper processes (D)

Which statement best describes the relationship between cybersecurity and compliance?

Organizations must comply with laws to maintain security (D)

How does cybersecurity help organizations achieve their objectives?

By incorporating a structured approach with people and processes (C)

What can hinder organizations from achieving their goals in relation to cybersecurity?

Cyber threats and vulnerabilities (C)

What are the three core fundamentals of cyber security?

Confidentiality, integrity, availability (C)

Which of the following best defines confidentiality in the context of cyber security?

The protection of information from unauthorized access (D)

What does the concept of integrity primarily focus on?

Ensuring data is accurate and unaltered (B)

Which statement about availability in cyber security is true?

It guarantees that systems are operational and information is accessible when required. (A)

How is privacy related to cyber security fundamentals?

It is a compliance requirement under confidentiality. (A)

What acronym is commonly used to refer to the three core fundamentals of cyber security?

CIA (C)

Which of the following is NOT a goal when performing security assessments?

Maximizing compliance with privacy laws (A)

Why might students struggle to explain the CIA triad in interviews?

They might lack practical experience in security assessments. (C)

What is the primary purpose of confidentiality in an organization?

To keep secret information secure from unauthorized disclosure (D)

Which of the following is NOT considered a type of sensitive information?

Company public relations materials (B)

What is encryption used for in the context of confidentiality?

To convert readable information into an unreadable format using a key (C)

Which statement best describes the concept of information assets?

Information assets include data, systems, infrastructure, and people (D)

Which action is most crucial for safeguarding against unauthorized access to sensitive information?

Implementing strict security controls like encryption (A)

In the context of cybersecurity, which of the following is considered a significant challenge?

Managing the potential risks posed by human resources (A)

What does a security control aim to achieve regarding confidentiality?

To protect sensitive information from unauthorized access and disclosure (D)

What is a common misconception about encryption?

It guarantees that data cannot be accessed again once encrypted (B)

What is the primary purpose of encryption as mentioned in the content?

To keep data private (A)

Which statement accurately describes data encryption in transit?

Data is encrypted while moving from point A to point B. (A)

What can unauthorized access to sensitive information potentially lead to?

Unauthorized disclosure and fraud (C)

What is meant by end-to-end encryption as discussed?

Data remains encrypted as it moves from sender to receiver. (B)

Which of the following is NOT a stated benefit of encryption?

Facilitating faster communication (D)

Why is authentication important when protecting sensitive information?

It helps verify the identity of users accessing information. (A)

Which scenario exemplifies the need for encryption?

Making an online purchase with credit card details. (D)

How does encryption contribute to data reliability?

By ensuring data is received without breaches. (D)

What does the principle of least privilege entail?

Providing users with the minimum access required to perform their job. (B)

Why might someone not be able to access another person's salary information?

They do not have the need to know based on their role. (B)

What aspect of security does non-repudiation refer to?

Tracking and confirming user actions prevents denial of those actions. (B)

What allows a user to log into their bank account securely?

A username and password combined with multi-factor authentication. (D)

If a user has no access to transfer money to another account, what principle is being followed?

Least privilege. (D)

How is access granted to view one's own account balance?

Due to the user's need to know their financial status. (C)

What does the inability to deny having transferred money illustrate in terms of security?

The principle of non-repudiation. (B)

Why could a user see their own salary but not that of their colleagues?

Employees have different access roles within the organization. (A)

Study Notes

Cybersecurity Pillars

• Cybersecurity has three main pillars: people, process, and technology.
• These pillars are essential for any organization to achieve their business goals and protect against cyber threats.

Importance of Cybersecurity

• Cybersecurity is critical for protecting organizations and their customers’ sensitive information.
• Compliance with legal regulations, such as privacy laws, drives the need for strong security measures.
• Organizations need a strategic approach to cybersecurity to achieve their desired level of security.

Understanding Security Fundamentals

• The three core fundamentals of cybersecurity are: confidentiality, integrity, and availability (CIA triad).
• These fundamentals form the basis for all security assessment and protection efforts.

Confidentiality

• Keeping information secret and preventing unauthorized access or disclosure.
• Key controls for confidentiality include:
  • Encryption: Converting data into an unreadable format using a key, ensuring only authorized individuals can access it.
  • Authentication: Verifying the identity of users before granting access to sensitive information, using methods like usernames and passwords, multi-factor authentication (MFA), or biometrics.

Integrity

• Ensuring that data is complete and accurate, and that it has not been tampered with.
• This includes verifying data source, validation, and protecting against unauthorized modifications.

Availability

• Ensuring that systems and data are accessible when needed.
• Includes measures for preventing denial-of-service (DoS) attacks, ensuring system uptime, backup and recovery procedures, and resource management.

Non-Repudiation

• This principle ensures that actions taken cannot be denied or challenged, meaning a user cannot deny that they performed specific actions.
• This is typically achieved through logging, auditing, and other forms of accountability.

Description

This quiz covers the essential pillars of cybersecurity: people, process, and technology. It also delves into the importance of cybersecurity for organizations, focusing on the CIA triad which includes confidentiality, integrity, and availability. Test your understanding of these critical concepts.