Fundamentals
According to CISA, What is Cybersecurity?
What is "The art of protecting networks, devices, and data from unauthorized access or criminal use, ensuring confidentiality, integrity, and availability of information"?
What is a 'vulnerability' in Cybersecurity?
What is "A weakness in the system that can be exploited to cause loss or harm"?
How many Control Groups are the CIS Controls divided into?
What is 18?
What is a procedure or technique that eliminates or reduces the possibility for a vulnerability?
What is a control or countermeasure?
How does Cybersecurity protect data from criminal use?
What is "by protecting networks, devices, and data from unauthorized access"?
Considering the CIA Triad, what is one countermeasure an organization could use to ensure the confidentiality of its information?
What are:
Implementing encryption, secure authentication protocols (MFA)
What is the objective of Cybersecurity concerning the internet?
What is "To establish regulations and measures to protect against attacks over the internet"?
Provide 2 examples of cybersecurity threats related to malware.
What are:
Ransomware, Adware, Spyware, Trojan, Virus, Worms, etc.
What does NIST stand for?
What is the National Institute of Standards and Technology?
What are the set of best practices that you can use to strengthen your cybersecurity posture?
What are "Critical Security Controls"?
Name a federal agency associated with defining Cybersecurity practices.
What is the Cybersecurity and Infrastructure Security Agency (CISA)?
What does 'confidentiality' mean in the context of the CIA Triad?
What is "Ensuring that assets are viewable only by authorized parties"?
Name one common cybersecurity threat related to deception.
What are:
Social Engineering
Phishing/Smising/Vishing
Identify, Respond, and Protect are 3 of the 5 core NIST Functions. Name the other 2.
What are Detect and Recover?
Name an action that could reduce a vulnerability.
What are:
Implementing strong passwords
Using firewalls
Updating software regularly
Explain the difference between a 'threat' and a 'vulnerability'
What is "A vulnerability is a weakness that can be exploited; a threat is the potential exploitation of a vulnerability"?
What does 'integrity' ensure about assets within Cybersecurity?
What is "That assets are modifiable only by authorized parties"?
What is the difference between a threat and a risk?
A threat is a potential for a security breach, while risk is the potential for loss or damage when a threat exploits a vulnerability
What is the mission of the Center for Internet Security?
What is "To make the connected world a safer place by developing and promoting best practice solutions against cyber threats"?
What are safeguards within the CIS Controls?
What are "best practice recommendations within the CIS Controls"?
How can organizations better understand their cybersecurity risk according to the NIST Cybersecurity Framework?
What is "By utilizing the NIST Framework to identify current cybersecurity practices and areas needing improvement"?
How does 'availability' contribute to Cybersecurity in the CIA Triad?
What is " Ensuring that assets are usable by and accessible to all authorized parties"?
Define what a cybersecurity threat is
What are "A set of circumstances that exploits vulnerabilities to cause loss or harm"?
Describe the purpose of the CIS Controls
What is "a set of best practice recommendations designed to defend against common threats"?
What type of Cybersecurity practices do regulations and measures seek to establish?
What are "Practices that protect against cyber-attacks and unauthorized internet access"?
What is the role of 'timely best practice solutions' as mentioned in the mission of the Center for Internet Security
What is "To develop and promote best practice solutions that are up-to-date and effective against current cyber threats"?