Manage Security risks

What is a vulnerability?

A weakness that can be exploited by a threat both vulnerability & threat must be present for there to be a risk

What are the 4 steps in IAM?

Identity Authenticate Authorize Accountability

What are the NIST RMF (Risk Management Framework) steps?

Prepare - activities to do before breach occurs categorize - risk management processes & tasks select - choose, customize, and select documentation of controls for asset (playbook & processes) implement - implement security and privacy plans for org assess - assess if controls implemented correctly authorize - being accountable for the security and privacy risks that may occur at organization monitor

What are the 8 CISSP domains?

Security & Risk Management Asset Security Security Architecture & Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment & Testing Security Operations Software Development Security

What is ransomeware?

a threat actor encrpts a person's data and demands paymnet to get it back

What is Identity and Access Management (IAM)

access and authorization to keep data secure, ensuring users follow policies to control and manage assets

what is Security Operations

conducting investigations and implementing preventative measures

What is Security & Risk Management?

defining security goals, objectives, risk mitigation, compliance, BSDRP, and legal regulations

What is Security Assessment & Testing

doing security control testing, collecting and analyzing data and conducting security audits to monitor for risks, threats and vulnerabilities

What are the impacts of vulnerabilities?

financial, PII theft, and reputation

what is Software Development Security

focused on using secure coding practices

What is communication and network security?

managing and securing physical network and wireless communications

What is security architecture and engineering

optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization's assets and data

How to ensure secure code during the SDLC?

secure design review during the design phase secure code review during development & testing phase pentesting during deployment & implementation phase

What is Asset Security?

securing digital and physical assets. can relate to storage, maintenance, retention, and destruction of data

What are the 3 layers of the internet and what do they each do?

surface web - what most people use, can access with web browser deep web- requires authorization to access it ex. company intranet dark web - only accessible using special software

What is the difference between a threat and a risk?

threat- any circumstance or event that can negatively impact assets Risk - anything that can impact the CIA of an asset, or liklihood of threat occuring