Ethics of Cybersecurity - Exam 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

How can a company ensure personnel security?

Be aware of information security threats and concerns. Be aware of the responsibilities and liabilities with regard to information security

What does the term BYOD stand for?

Bring your own device (BYOD)

an effective security governance program coveys a strong relationship between business goals and objectives and information security

Business and information security relationship

designed to facilitate and control the expenditure of the organization's funds.

Capital planning

Chapter 1

Chapter 1

Chapter 2

Chapter 2

provides a set of cybersecurity activities that are common across critical infrastructure sectors.

Core

What are the core functions in the NIST cybersecurity framework? and explain them.

- Core - Implementation tiers - Profiles

Explain three categories of metrics for evaluating an organization's security governance.

- Executive management support - Business and information security relationship - Information protection

What are the major activities of the Information Security Forum?

- Planning for cybersecurity - Managing the cybersecurity function - Security assessment

Please describe at least five potential privacy threats that may occur as information is being disseminated.

Aggregation Identification Insecurity Secondary use Exclusion

What are the four factors that determine risk?

Assets Threat Vulnerability Controls

A set of activities that explains and promotes security, establishes accountability, and informs the workforce of security news.

Awareness

What are the four phases of the cybersecurity learning continuum?

Awareness Cybersecurity essentials Role-based training Education/certification

ensure that personnel at all levels of the organization understand their information security responsibilities to properly use and protect the information resources entrusted to them.

Awareness and training

Chapter 3

Chapter 3

Chapter 4

Chapter 4

Chapter 5:

Chapter 5:

Chapter 6

Chapter 6

Chapter 7

Chapter 7

ensure adequate consideration of the potential security impacts due to specific changes to an information system or its surrounding environment.

Configuration management

This is a management function that involves setting the basic criteria necessary for information security risk management, defining the scope and boundaries, and establishing an appropriate organizational structure for information security risk management.

Context establishment

Explain the six stages of the information security risk management process.

Context establishment Risk assessment Risk treatment Risk acceptance Risk communication and consultation Risk monitoring and review

involves management policies and procedures designed to maintain or restore business operations.

Contingency planning

Ensure that as projects develops and investment expenditures continue, the project continues to meet mission needs at the expected levels of cost and risk.

Control

Intended to develop secure practices in the use of IT resources.

Cybersecurity essentials

Describe the "select-control-evaluate" framework

Describe the "select-control-evaluate" framework

Integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge.

Education/certification

Compare actual results and expected results after a project was fully implemented.

Evaluate

a critical component for cybersecurity program success

Executive management support

Explain key security program areas:

Explain key security program areas:

provide context on how an organization views cybersecurity risk.

Implementation tiers

occurs after the detection of a security event, seeks to minimize the damage of the event and facilitate rapid recovery.

Incident response

The process of establishing and maintaining a framework and supporting management structure and processes to provide assurance that the information security strategies are aligned with the support business objectives and are consistent with applicable laws and regulations.

Information Security Governance

The supervision and making of decisions necessary to achieve business objectives through the protection of the organization's information assets.

Information Security Management

These indicators of security governance effectiveness deal with the pervasiveness and strength of information security mechanisms.

Information protection

Ensures that good practice in information security is applied effectively and consistently throughout the organization.

Information security function

Lists recommended actions for ensuring that all information security projects apply common project management practices, meet security requirements, and are aligned with the organization's business objectives.

Information security projects

The pressuring of individuals to divulge information.

Interrogation

Describes a process that should be established to identify and interpret the information security implications of relevant laws and regulations.

Legal and regulatory compliance

List twenty common cybersecurity threat forms.

Malware Virus Worm Ransomware Spam Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Exploit Exploit kit Downloader Dropper Spammer Flooder Zombie Spyware Adware Denial-of-service (DoS) Distributed denial-of-service Hacker Social engineering Phishing Password attack

a key feedback mechanism for an effective information security program.

Performance measures

represents the outcome based on business needs that an organization has selected from the Framework Core categories and subcategories.

Profiles

What does the acronym RACI stand for?

Responsible Accountable Consulted Informed

Involves ensuring that residual risks are explicitly accepted by the managers of the organization.

Risk acceptance

Provides the basis for risk evaluation and decisions about risk treatment. Risk analysis includes risk estimation.

Risk analysis

Encompasses the continual and iterative processes that an organization conducts to provide, share, or obtain information and to engage in dialogue with stakeholders regarding the management of risk.

Risk communication and consultation

Assists in the decision about risk treatment by comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude are acceptable or tolerable.

Risk evaluation

Involves the identification of risk sources, events, their causes, and their potential consequences. It involves historical data, theoretical analysis, informed and expert opinions, and stakeholders' needs.

Risk identification

Regarding risk assessment, what are the different types of assets?

Risk identification Risk analysis Risk evaluation

Includes ongoing monitoring and review of all risk information obtained from the risk management activities.

Risk monitoring and review

Involves the following: Avoiding the risk by deciding not to start or continue with an activity that gives rise to the risk.

Risk treatment

Intended to provide knowledge and skills specific to an individual's roles and responsibilities relative to information systems.

Role-based training

the alignment of information security management and operation with enterprise and IT strategic planning.

Security planning

Management supervision of the acquisition of security-related products and services.

Security products acquisition

Identify and analyze each project's risks and returns before committing significant funds to any project.

Select

The watching, listening to, or recording of an individual's activities.

Surveillance

Please describe the two possible types of threats in information collection process in today's information scenario.

Surveillance Interrogation

This is the overall process of developing, implementing, and retiring information systems.

System development life cycle

What are the major key challenges in developing an effective cybersecurity system? and explain each one in details.

Technology, Policy, and Incentives. ---------------------------------------------------- Scale and complexity of cyber space Nature of the threat User needs versus security implementation Difficulty estimating costs and benefits

explain the need of an effective information security policy

ensures that all employees in an organization, especially those with responsibility of some sort for one or more assets, understand the security principles in use and their individual security-related responsibilities


Ensembles d'études connexes

Module 2: Basic Switch and End Device Configuration

View Set

Chapter 48 - Neurons, Synapses, and Signaling

View Set

Chapter 13 Lesson 3: Layers of Atmosphere

View Set

RD Exam Domain III Practice Questions

View Set

Converting Fractions to Decimals, Converting Decimals to Fractions

View Set