This is the process of verifying the identity of a user or device before granting access.
What is authentication?
In 2013, this major US retailer suffered a data breach that compromised over 40 million customer payment cards, the attackers used 'Rescator" malware and attacked this companies supply chain?
What is Target
This is the process of identifying, assessing, and controlling threats to an organization's data. systems, and reputation.
What is risk management?
This is the primary function of a Security Operations Center, involving the continuous monitoring and analysis of an organization's cybersecurity posture.
What is threat detection?
This is the first phase in the incident response lifecycle, involving preparation and planning for potential security incidents.
What is the Preparation phase?
This principle ensures that users are granted the minimum level of access—or permissions—necessary to perform their job functions.
What is the principle of least privilege?
In 2021, this pipeline company, which transports gasoline and jet fuel across the Southeastern US, was hit by a ransomware attack that led to widespread fuel shortages. Which company was it?
What is Colonial Pipeline
This International framework provides a comprehensive approach to managing information security risks and improve their organizations inform security program
What is ISO 27000 series / family of standards
This role within the SOC is responsible for investigating alerts and determining the severity of potential security incidents.
What is a Analyst ( Security Analyst)?
This step in the incident response process involves determining the scope, impact, and nature of a security incident.
What is Identification?
This type of authentication method requires users to provide two or more verification factors to gain access to a resource.
What is multi-factor authentication (MFA)?
This 2015 cyberattack on a US government agency exposed the personal information of over 21 million current and former federal employees. Which agency was targeted
What is Office of Personnel Management (OPM)
This type of risk assessment evaluates the probability and impact of a threat exploiting a vulnerability, without expressing the financial impacts in exact terms.
What is a quantitative risk assessment?
This type of exercise, often conducted by a SOC, involves simulating a cyberattack to evaluate the effectiveness of an organization's security defenses.
What is a penetration test or "pen test"?
This phase focuses on containing the incident to prevent further damage and includes actions like isolating affected systems.
What is Containment?
This type of attack involves intercepting communication between parties to steal or alter information without detection.
What is a man-in-the-middle attack?
In 2021, this executive office issued an order to improve the nation's cybersecurity following significant breaches, including the SolarWinds incident. Which office was it
Office of Management and Budget (OMB)
This principle involves regularly updating security measures and policies to adapt to new threats.
What is continuous monitoring?
This framework, often used by Government SOCs, provides guidelines for managing and responding to cybersecurity incidents.
What is the NIST Cybersecurity Framework?
After containing an incident, this phase involves identifying and eliminating the root cause and restoring affected systems to normal operation.
What is Eradication and Recovery?
This standard for authentication provides federated access and single sign-on (SSO) capabilities across different systems and organizations.
What is Security Assertion Markup Language (SAML)?
This 2024 cyberattack targeted UnitedHealth-owned Change Healthcare, leading to a $22 million ransom payment.
What was the UnitedHealth /Change Healthcare Ransomware Attack?
This process involves transferring the risk of a potential financial loss to a third party, such as through insurance.
What is risk transfer?
This term refers to a coordinated set of procedures, workflow, and technologies that automatically respond to security incidents and alerts.
What is Security Orchestration, Automation, and Response (SOAR)?
This final phase in the incident response process involves reviewing and documenting the incident and the response to improve future incident handling.
What is the Lessons Learned phase?