GRC
What is the name of our internal controls framework?
ICS - In Control Statements
What SCA stands for ?
Software Composition Analysis
'RISDET' Which threat modelling term was scrambled
STRIDE
What's the expected timeline to apply high risk patches?
30 days
What is a false positive in secmon?
An alert that incorrectly flags a suspicious activity, malware or policy violation.
Which PCI program/certification provides assurance for end to end encryption for in-store payments?
P2PE - Point to Point Encryption
According to the "container image security" guideline we recently adopted, what are the facts we check before approving them ?
1. Security & license evaluation:
- No critical or high vulnerabilities for production/external images
- No critical vulnerabilities for other images
2. Maintainability evaluation
Which company played a major role in popularising the term 'threat modelling' and the general approach we also apply?
Microsoft
How often do we scan our systems for internal vulnerabilities and which solution is used?
Monthly - Nessus
What is the industry standard for classifying and describing cyberattacks and intrusions?
Mitre Attack Framework
According to which european rule or guidelines are we mandated to stablish our Risk Management processes.
EBA Guidelines.
Name the new SCA scanner we are going to adopt ?
XRAY by JFrog
Threat modelling isn't applied across different critical infrastructure sectors. Which sectors jumps out in a positive sense?
Financial services
In penetration testing teams colour scheme, what is the color for teams that gather improvements, learnings and recommendations from testing?
Purple Team
What alert did we see the most in secmon in 2023?
Firewall drops