Manage Security risks
What is a vulnerability?
A weakness that can be exploited by a threat both vulnerability & threat must be present for there to be a risk
What are the 4 steps in IAM?
Identity Authenticate Authorize Accountability
What are the NIST RMF (Risk Management Framework) steps?
Prepare - activities to do before breach occurs categorize - risk management processes & tasks select - choose, customize, and select documentation of controls for asset (playbook & processes) implement - implement security and privacy plans for org assess - assess if controls implemented correctly authorize - being accountable for the security and privacy risks that may occur at organization monitor
What are the 8 CISSP domains?
Security & Risk Management Asset Security Security Architecture & Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment & Testing Security Operations Software Development Security
What is ransomeware?
a threat actor encrpts a person's data and demands paymnet to get it back
What is Identity and Access Management (IAM)
access and authorization to keep data secure, ensuring users follow policies to control and manage assets
what is Security Operations
conducting investigations and implementing preventative measures
What is Security & Risk Management?
defining security goals, objectives, risk mitigation, compliance, BSDRP, and legal regulations
What is Security Assessment & Testing
doing security control testing, collecting and analyzing data and conducting security audits to monitor for risks, threats and vulnerabilities
What are the impacts of vulnerabilities?
financial, PII theft, and reputation
what is Software Development Security
focused on using secure coding practices
What is communication and network security?
managing and securing physical network and wireless communications
What is security architecture and engineering
optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization's assets and data
How to ensure secure code during the SDLC?
secure design review during the design phase secure code review during development & testing phase pentesting during deployment & implementation phase
What is Asset Security?
securing digital and physical assets. can relate to storage, maintenance, retention, and destruction of data
What are the 3 layers of the internet and what do they each do?
surface web - what most people use, can access with web browser deep web- requires authorization to access it ex. company intranet dark web - only accessible using special software
What is the difference between a threat and a risk?
threat- any circumstance or event that can negatively impact assets Risk - anything that can impact the CIA of an asset, or liklihood of threat occuring