Risk and Risk Management
A process used by businesses to identify and evaluate the risks they face and the efectiveness of their controls to mitigate that risk.
What is RCSA?
What is data retention?
This person performs malicious acts on computers and/or networks for their personal gain.
What is a hacker?
A type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker.
What is Phishing?
A flaw or weakness in a system’s design or operation that could be exploited to attack the system.
What is a vulnerability?
The term describing a penetration test where the tester has no credentials or inside knowledge.
What is a black box pen test?
It is the general term for a program used by hackers to figure out account credentials.
What is a password cracker?
It was one of Obama's biggest contributions to cybersecurity during his presidency.
What is NIST CSF?
The type of risk posed before any treatment.
What is inherent risk?
A document that contains a set of rules and standards that a company publishes to protect its assets.
What is a Policy?
This is a simulated attack designed to challenge and test an organization's defenses, incident response capabilities, preparedness, and overall resilience. The organization is largely unwitting.
What is personal data or Personally Identifiable Information (PII)?
This process converts plaintext data into an alternative form known as ciphertext, making the message unreadable.
What is Encryption?
The type of risk after risk treatment.
What is residual risk?
Requires users to provide more than one piece of information that includes a combination of something the user knows --like a password or PIN; something the user has -- like an ID card, security token or smartphone; or something the user is --biometrics.
What is two-factor authentication/multi-factor authentication?
He was one of the world's most famous hackers, and he was KnowBe4's Chief Hacking Officer.
Who was Kevin Mitnick?
This is the company that annually provides the most comprehensive breach analysis report in the world, the DBIR.
What is Verizon?
This is a set of tools and services that provides a holistic view of an organization's information security.
What is Security Information and Event Management? (SIEM)
Confidentiality, Integrity, Availability
What is the CIA Triad?
An attack where a bad actor takes control of a company's network and doesn't relinquish control until money is paid to the bad actor.
What is ransomware?
It has "HTTPs”, and it has a lock showing on the URL.
What is a secure website?