Category: Security Roles & Responsibilities
$100 - This person is ultimately accountable for securing the organization's information assets.
A: Who is the CISO (Chief Information Security Officer)?
$100 - This document outlines an organization's high-level security goals and intentions
A: What is a Security Policy?
$100 - The process of identifying and evaluating threats to an organization
A: What is Risk Assessment
$100 - Regular inspections to ensure adherence to policies and standards.
A: What is a Security Audit?
$100 - This principle means users only get the access they need to do their job
A: What is the Principle of Least Privilege?
$200 - This role ensures IT security controls are implemented according to policy.
A: Who is the Security Administrator?
$200 - These documents provide specific rules or controls that must be followed
A: What are Standards
The act of deciding to accept the potential negative impact of a risk
A: What is Risk Acceptance
$200 - This type of compliance is required by external laws or regulations
A: What is Regulatory Compliance
$200 - This framework by NIST outlines 5 core cybersecurity functions: Identify, Protect, Detect, Respond, Recover
What is the NIST Cybersecurity Framework?
$300 - The person or entity responsible for classifying and protecting information assets.
A: Who is the Data Owner?
$300 - A document that describes the steps required to meet a specific policy
A: What is a Procedure?
$300 - Implementing controls to reduce the likelihood or impact of a risk
A: What is Risk Mitigation
$300 - This framework ensures financial reporting controls are in place and auditable
A: What is SOX (Sarbanes-Oxley Act)
$300 - This model divides security functions into preventive, detective, and corrective
A: What is the Security Control Model
$400 - This role is responsible for routine handling of sensitive data
A: Who is the Data Custodian?
$400 - This document allows deviation from policy under special conditions
A: What is an Exception?
$400 - Sharing a risk with another party, such as through insurance
A: What is Risk Transfer
$400 - A set of standards that applies to organizations handling credit card data
A: What is PCI DSS (Payment Card Industry Data Security Standard)?
$400 - The concept that security responsibilities are shared between the provider and the customer in cloud computing
A: What is the Shared Responsibility Model
$500 - This team provides strategic guidance, policy approval, and oversight for the security program
A: What is the Information Security Steering Committee?
$500 - A document used to evaluate and approve a proposed technology's alignment with policy
A: What is a Security Architecture Review?
$500 - The formula for calculating risk: Risk = Threat × Vulnerability × Impact
A: What is the Risk Formula?
$500 - The principle that only necessary individuals should have access to sensitive audit logs
A: What is Need to Know / Least Privilege?
$500 - This international standard provides best practices for information security management systems (ISMS)
A: What is ISO/IEC 27001