Risk and Risk Management
The possibility of something bad/damage happening to an information system.
What is a risk?
The state of keeping or being kept secret or private.
What is confidentiality?
This person performs malicious acts on computers and/or networks for their personal gain.
What is a hacker?
A wireless technology used to share data over a short distance. E.g., connecting earphones or a watch to a cellphone.
What is Bluetooth?
A type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker.
What is Phishing?
A flaw or weakness in a system’s design or operation that could be exploited to attack the system.
What is a vulnerability?
Double Jeopardy: "I'm a hip old granny who can hip-hop, bebop, dance til ya drop and yo-yo, make wicked cup of cocoa."
What is Mrs. Doubtfire (1993)?
It is a program used by hackers to crack passwords.
What is a password cracker?
A form of digital currency, which operates without the involvement of banks or clearinghouse.
What is bitcoin?
You need to have this to gain access to the GRC.
What is a badge?
An insurance company may offer this type of insurance to help protect companies from losses related to cyber incidents.
What is cyber insurance?
A document that contains a set of rules and standards that a company publishes to protect its assets.
What is a Policy?
A malicious actor seeks to steal this and sell it on the dark web.
What is personal data or Personally Identifiable Information (PII)?
A network security system that monitors, blocks and controls incoming and outgoing network traffic based on pre-determined security rules.
What is a firewall?
This process converts plaintext data into an alternative form known as ciphertext, making the message unreadable.
What is Encryption?
Reducing the likelihood of the risk.
What is risk mitigation/control?
Requires users to provide two authentication factors that includes a combination of something the user knows --like a password or PIN; something the user has -- like an ID card, security token or smartphone; or something the user is --biometrics.
What is two-factor authentication/multi-factor authentication?
Malware that holds a computer captive until the owner pays the demanded ransom.
What is ransomware?
Double Jeopardy: "Show me the money!”
What is Jerry Maguire (1996)?
Double Jeopardy: "I got thrown out of a window, man!"
What is Beverly Hills Cop (1984)?
An exercise performed to assess the risk and determine its impact to an organization.
What is a Risk Assessment?
You should report suspicious emails to this mailbox.
What is infosec@lcecorp.com?
Hacker group that pays employees for their credentials. This group also hacked Uber.
What is Lapsus$?
It is a secure connection for users to work remotely and access corporate systems. It is abbreviated as VPN.
What is Virtual Private Network?
It has "HTTPs”, and it has a lock showing on the URL.
What is secure website?