ICT Security Threats Level 6: Risk Management

Questions and Answers

Risk management is a process that only involves identifying risks.

False

Firewalls are used for user accounts control.

False

Encryption is a type of intrusion detection system.

False

Patch management is a type of security policy.

False

Daily or weekly backups are a type of multi-factor authentication.

False

Study Notes

Security Risk Management

• Risk is the possibility of something adverse happening
• Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk
• Security risk management involves identifying, assessing, and mitigating risks to an organization's information assets and operations

Risk Management Process

• Involves a systematic approach to managing uncertainty related to potential security threats and vulnerabilities
• Ensures risks are kept within acceptable limits to protect the organization's critical assets
• Process involves: risk identification, risk assessment, risk mitigation, risk monitoring, and risk review

Types of Security Measures

Firewalls

• Blocks unauthorized access to or from a private network
• Sits between a trusted network and an untrusted network

User Accounts Control

• Ensures users have appropriate access and privileges
• Includes password policies, account expiration, and account monitoring

Security Policies

• Documents outlining rules and guidelines for information security
• Covers aspects such as access control, data backup, and incident response

Antivirus

• Software that detects, prevents, and removes malware
• Updates regularly to stay ahead of new threats

Encryption

• Process of converting plaintext data into unreadable ciphertext
• Ensures data confidentiality and integrity

Secure Socket Layer Protocol (SSL)

• Cryptographic protocol providing secure communication over a network
• Used for secure web browsing and online transactions

Multi-Factor Authentication

• Combines two or more authentication methods (e.g., password, biometric, smart card)
• Enhances security and reduces risk of unauthorized access

Malware Detection

• Software that detects and removes malware
• Includes features such as real-time scanning and automatic updates

Site Monitoring

• Ongoing surveillance of network and system activity
• Helps detect and respond to security incidents

Daily or Weekly Backups

• Regular backups of critical data
• Ensures business continuity in case of data loss or system failure

Security Audits and Monitoring

• Regular assessment of security controls and policies
• Identifies vulnerabilities and areas for improvement

User Education and Awareness

• Training programs to educate users on security best practices
• Raises awareness of security risks and promotes secure behavior

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

• Monitors network traffic for signs of unauthorized access or malicious activity
• Takes action to block or alert on potential security incidents

Secure Configuration Management

• Ensures systems and applications are configured securely
• Includes configuration monitoring and version control

Patch Management

• Process of acquiring, testing, and applying software updates
• Ensures systems and applications are up-to-date with security patches

Description

This quiz assesses knowledge on risk management and security measures in ICT. Learn about risk assessment, mitigation, and management to protect organizational information.