Foundations
This represents the three core principles of informations security
What is the CIA Triad
The only bad approach to risk management
What is ignoring the risk
This attack floods a system with traffic, rendering it unusable.
What is a Distributed Denial of Service (DDoS) attack?
Requiring two forms of identification, such as a password and a mobile code, is known as this.
What is two-factor authentication (2FA)?
This type of modeling is used to identify, prioritize, and address potential threats to a system.
What is threat modeling
When a company takes proactive steps to reduce the likelihood or impact of a risk, it is practicing this.
What is mitigating the risk
This attack intercepts communications between two parties.
What is a man-in-the-middle attack?
Regularly updating and patching systems helps to protect against this type of attack.
What is a zero-day exploit?
This term refers to a critical part of a system that, if it fails, will cause the entire system to stop functioning.
What is a single point of failure
These are tools or methods used to take advantage of vulnerabilities in systems or software.
What are exploits?
This type of attack exploits previously unknown vulnerabilities.
What is a zero-day exploit?
Limiting access rights to only what a user needs to do their job is called this.
What is the principle of least privilege?
This term refers to an unexpected event that impacts the availability of our information systems
What is a cyberincident
These outdated systems or software, still in use by organizations, often pose security risks due to a lack of updates or support.
What are legacy systems
Compromising a supplier or partner to attack a target is known as this type of attack.
What is a supply chain attack?
This practice involves testing a system or network for vulnerabilities by simulating an attack.
What is penetration testing?
The remaining level of risk after mitigation measures have been applied.
What is residual risk?
This term describes the act of leveraging weaknesses in systems to gain unauthorized access or cause harm.
What is vulnerability exploitation?
Using stolen or weak passwords to access many different accounts
What is credential stuffing?
Identifying and addressing weaknesses before they can be exploited is the focus of this proactive approach.
What is vulnerability management?