The unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).
What is Risk Management Framework (RMF)?
100
Often prevents unauthorized access into private networks. Can be hardware, software or both.
What is a Firewall?
100
This company's user database was hacked with the intention of posting users' information to the internet possibly resulting in a couple divorces.
What is Ashley Madison
100
This documents and tracks vulnerabilities identified by the Security Control Assessor.
What is a POA&M?
100
The NIST Cybersecurity Framework is broken up into these five functions.
What are Identify, Protect, Detect, React and Recover?
200
Categorizing, selecting, implement, assessing, authorizing, and monitoring security controls are part of what.
What are the RMF six (6) step process?
200
Enables encrypting of email and facilitates the use of PKI.
What is Common Access Card (CAC)?
200
This company's data breech is one of the most high profiled attacks in recent years, resulting in data compromised from about 70 million users.
What is Target?
200
Risk Management Framework system of record for recording secuity controls.
What is Enterprise Mission Assurance Support Service (eMASS)?
200
The NIST Cybersecurity Framework implements these four "Tiers" to provide context on how an organization views cybersecurity risk and the processes in place to manage risk.
What are Tier 1 - Partial, Tier - 2 Risk Informed, Tier 3 Repeatble, and Tier 4 Adaptive?
300
A United States federal law enacted in 2002 that recognized the importance of information security to the economic and national security interests of the United States.
What is Federal Information Security Management Act (FISMA) of 2002?
300
Simply put, hiding information. Includes secret and public key technologies and hash functions.
What is Cryptography?
300
This entertainment company was hacked allegedly due to the release of a hit movie mocking the North Korean government.
What is Sony Online Entertainment?
300
This is where the Army Information Assurance regulatory guidance is found.
What is AR 25-2?
300
The term used to describe the alignment of Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization.
What is a Framework Profile?
400
A government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
What is The Federal Risk and Authorization Management Program (FedRAMP)?
400
Exhaustive examination of targeted areas of network infrastructure. Should be done regularly.
What is Vulnerability Testing?
400
In 2013 this country had its power grid hacked shutting down power to thousands of homes. This attack is regarded as the first example of hackers shutting down a critical energy system.
What is Ukraine?
400
This is a computer program that spreads or self-replicates and requires user interaction to activate.
What is a virus?
400
Asset Management, Business Environment, Governance, Risk Assessment and Risk Management Strategy are categories under this function.
What is Identify?
500
This publication provides a catalog of security and privacy controls for federal information systems and a process for selecting controls to protect organizational assets.
What is NIST Special Publication 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations)?
500
Reads incoming packets of information to find suspicious patterns. Prevention reacts in real-time to block traffic.
What is Network Intrusion Detection & Prevention?
500
This company's attack was intended to gain access to credit card and debit card numbers for resale on the internet.
What is Home Depot?
500
An approach to gain access to information through misrepresentation--the conscious manipulation of people to obtain information without having them realize that a security breach may be occurring--that may take the form of impersonation via telephone, in person, or email.
What is social engineering?
500
This is a measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.